Series wrap: Assessing socio-digital identity ecosystems in Africa
This post marks the end of the 'Digital ID Dispatches in Africa' series, produced by Research ICT Africa and the Centre for Internet and Society, and co-published by the Africa Portal. It investigated, mapped, and reported on the state of digital identity ecosystems in 10 African countries.
n advert I recently saw for a running and fitness app used the slogan “risk is the dancing partner of reward”. While it did not inspire me to go running, it did make me think of the risks involved in using apps and other technologies. And that got my mind (if not the rest of me) running to digital identity ecosystems: A world where reward and risk are all too closely intertwined, and dancing partners are plentiful.
Research ICT Africa and the Centre for Internet and Society (Delhi, India) partnered in 2021 to examine the design, development, governance, and implementation of evolving socio-digital identity ecosystems in ten African countries. (We explained the background to and reasons for this work in a previous blog.) With support from the Omidyar Network, the team worked with local researchers in Ghana, Kenya, Lesotho, Mozambique, Nigeria, Rwanda, South Africa, Tanzania, Uganda, and Zimbabwe to obtain a snapshot of the state of digital identity, using an evaluation framework specifically designed by CIS for assessing related ecosystems. The 10 case studies arising from this project were published individually over the past week, followed by a comparative report in which cross-country similarities, differences, policy windows and concerns are examined.
- Download the report here.
As we mentioned in earlier blogs, we undertook this project because digital forms of (legal) identification are becoming increasingly popular and prevalent on the continent. The COVID-19 pandemic has, similarly to other forms of digitisation, increased both the appetite for and potential utility of socio-digital identities (e.g., for vaccine certifications). The African Union Commission, for instance, is working on a policy framework dedicated to the theme.
Digital identities are not only shaped by the complex realities (and even more complicated histories) in which they are deployed in Africa, but they shape the everyday realities of most of us who live on the continent. Some are optimistic about these impacts (or rewards), others less so. Some of these concerns (or risks) are grounded in reality, others rarely so. Despite these frequent tensions and contradictions, some forms of digitising identity management ecosystems seem to be inevitable on the continent – whether we like it or not. These factors underline the need for critically assessing the design, development, implementation, financing or funding, and governance of digital identities.
The risk-reward dance is therefore an important one to master. And doing so – i.e., the practice of mitigating risk while maximising positive outcomes – should also be within reach. Active decisions and choices are made in the design of digital identities infrastructures, meaning that they are neither inevitably nor necessarily detrimental from a developmental, human rights, and/or inclusion perspective. RIA and CIS therefore started this project with the perhaps naïve assumption that if digital identities can be conceived and designed with concepts like human rights, developmental goals, sustainability, and safety at the forefront, they might yet hold a beneficial impact (or rewards) for the continent.
Plenty of opportunities exist for designing approaches that deliver rewards and mitigate risks. Many of the countries examined are currently in the process of reforming or creating policy instruments of direct or indirect relevance to digital identity ecosystems and shaping risky opportunities. In Lesotho, for example, a draft Computer Crime and Cybercrime Bill awaits promulgation and a data protection regulator needs to be established in line with the country’s existing data protection regulation. In Mozambique, both a data protection law and a national cybersecurity policy are currently being drafted and/or prepared; while in South Africa, a Draft Official Identity Management Policy was published in late 2020. (While the deadline for public comments has passed, the process is worth following for subsequent opportunities for input.)
These and other potential policy windows relevant to digital identity ecosystems and highlighted in the comparative report present a critical juncture which civil society and other interested stakeholders might use to help shape a landscape in which digital identity can be more rewarding from a developmental, human rights and/or exclusion perspective.
But besides these (and other opportunities) for mitigating risk, the 10 country studies indicate that the hope of reward is sometimes marred by fraught colonial histories that often lead to crowded and disorganised digital ecosystems, opaque and at times highly controversial public-private interplays, a frequent lack of institutional capacity (or will), difficult interactions with some aid/developments actors’ agendas, and a seemingly unquenchable thirst for digital Kool-aid in the absence of much strategic vision, political will, and/or institutional capacity.
In the comparative report, we note that there might be a sad irony here in that colonially-rooted digital identity ecosystems on the continent – even when they hold the promise of reward by purporting to improve most aspects of life on the continent – might be introducing the risk of new and different forms of what some call data colonialism, defined by their increasingly invasive systems for making all aspects and layers of human experience the target of profitable extraction. (This extraction is to the primary benefit of private sector ‘masters’ in countries outside of the continent thanks to some of the public-private partnerships so popular on the continent.)
At the same time, and as RIA’s other ongoing work on the data governance policy framework for the African Union Commission has shown, African policymakers are increasingly interested in ways to promote better, more inclusive and transformative data governance practices on the continent. While this sometimes translates to calls for data localisation that tend to be based upon somewhat flawed perceptions of the nature and characteristics of data (e.g., South Africa’s Proposed National and Cloud Policy), it need not be.
Promoting better digital identity ecosystems, coupled with more equitable data governance practices, requires an African agenda for digital identity, defined by Africans. With sufficient stakeholder engagement, the AUC’s digital identity policy framework could potentially be a step in this direction.
While different contextual realities in each of the 10 countries examined as a part of this project mean diverse priorities and recommendations, we argue that the similarities across the countries we looked at also means that we could start to define this agenda by learning from the experiences of other African countries (rather than the much touted Estonian or Indian examples, for instance), as well as costly lessons from the ICT for development space (which RIA has long worked in). One such lesson is the need to understand contextual realities and actual need by moving beyond the unhelpfully polarising arguments of risk-reward.
In the comparative report, we recommend the use of more collaborative and multistakeholder approaches for the design, financing or funding, implementing and governance of digital identity ecosystems. While such collaborative approaches are common in fields like Internet governance that deal with complex cross-border challenges, they are less so in the digital identity ecosystem. But if digital identities on the continent are partly needed to support the development of the African Continental Free Trade Area (AfCFTA), cross-border exchanges become important, and multistakeholder responses even more so.
Besides identifying specific actions for diverse stakeholders (ranging from public to private sector actors to civil society, technical community actors, and academia) in the comparative report, we emphasize the importance of involving the so-called beneficiaries of these systems from initial conceptualisation phases (and not as an afterthought).
Despite what that running app advert says, the users or beneficiaries of digital identity ecosystems should be the true partners of risk and of reward.
The opinions expressed in this article are those of the author(s) and do not necessarily reflect the views of SAIIA.
(Main image: Getty Images)