Gaslighting on Data Protection in the age of mass surveillance
Since 2013, efforts to enact data protection legislation in Namibia have persistently faltered. Frederico Links, chairperson of Action Namibia, asserts that the current draft, now presented to the public, is flawed, with the spectre of pervasive state surveillance looming large.
“TODAY AIMS AT setting the regulatory framework on how personal data should be collected, stored and processed,” Linda Aipinge, the director of information and communication technology development at the Ministry of Information and Communication Technology told a conference hall full of mostly government stakeholders on Tuesday.
“[The bill] aims to protect individuals’ fundamental rights, freedoms, as well as privacy,” she said while opening a two-day workshop on the country’s latest version of a data protection bill.
The order in which Aipinge made these statements, albeit probably inadvertently, was telling.
It has become clear that in the Namibian government’s eyes, protecting individuals’ fundamental rights, freedoms and privacy are very much secondary considerations to the collection, storing and processing of those individuals’ communications data under the heavy cloak of ‘national security’ secrecy.
This is because Namibia is four months away from the effective implementation of a pervasive mass state surveillance dispensation.
On 1 January 2024, mandatory SIM card registration and data retention regulations under part 6 of chapter 5 of the Communications Act of 2009 will come into full effect.
Namibia has been attempting to legislate data protection since 2013, but these efforts have repeatedly stalled over the last decade, without it being clear why.
In the meantime, more and more government, commercial and communication services and systems have either digitised or migrated online, with increasing amounts of personal data being collected and processed for all kinds of purposes.
The Namibian government is arguably the largest collector and processor of personal data in the country, while private sector actors, such as banks and telecommunications companies, have also been growing their personal data collection capacities and practices for commercial purposes.
All this mass data collection, storing and processing has been largely unregulated.
“The right to privacy is inextricably linked to a range of other fundamental rights, including the rights to freedom of expression, human dignity, and freedom from discrimination,” said South Africa-based ALT Advisory in an October 2022 assessment of the Namibian digital rights landscape for the Institute for Public Policy Research (IPPR) and the Action Coalition.
“The United Nations Human Rights Committee has found this right includes the right to bodily privacy, territorial privacy, privacy about the nature of one’s personal relationship (inclusive of sexual orientation), reputational interests and the privacy of one’s communications and data.”
The “privacy of one’s communications and data” is now also set to completely fall with the advent of mandatory SIM card registration and data retention obligations placed on telecommunications and internet service providers, which would enable the tracking, intercepting and identifying of all telecommunications messages and packets streaming in Namibia’s cyberspace, and the storing of such metadata for five years, which really means forever.
Namibia’s framework for communications surveillance consists of the Communications Act of 2009 and the Namibia Central Intelligence Service Act of 1997.
In assessing the gaps and challenges of this communications surveillance framework, ALT Advisory found in 2022 that: “Measured against international and regional best practice, Namibia’s laws fall short on a range of fronts.”
Notably, the assessment established that: “Best practice dictates that the privacy violations inherent in communication surveillance demand that these powers be exercised only when necessary to respond to the most severe crimes and threats to safety and security, only where less intrusive measures have failed.
“These elements are lacking or are at best inconsistently applied in the Namibian framework.”
On the lack of protections for communications metadata, the assessment stated: “The Namibian framework mistakenly assumes that communications data is less sensitive than the content of communications, and accordingly provides fewer protections and safeguards for its access. This is out of keeping with international best practice, which calls for all forms of communication data to be subject to the same rigorous protections and safeguards against access.”
It is further noted that: “The harm is magnified by the extraordinary length for which communications data must be stored in terms of the Namibian framework.”
Yet government officials and consultants have repeatedly claimed that the proposed law meets regional and international standards.
However, ALT Advisory’s independent assessment of the draft data protection bill last year found that it “falls short of international and regional standards”.
Namibian authorities are advised that: “Considering the significant gaps and challenges in Namibia’s framework for communications surveillance, a full reform process is recommended to provide better protections and safeguards for communications and communication data, drawing on developing standards and best practice internationally and in the region.”
*Frederico Links is a Namibian journalist, researcher and presently serves as the chairperson of the ACTION Namibia Coalition. The NMT serves as coordinating secretariat of the ACTION Namibia Coalition which is synonymous with the national campaign for a legal framework that supports the right to access to information (ATI) in Namibia. This article was commissioned by the Media Policy and Democracy Project (MPDP), an initiative of the University of Johannesburg’s department of journalism, film and TV, and Unisa’s department of communication science.