Sometime in July this year, Guru8 published a story where an NGO the Unwanted Witness accused rider hailing app, Safe Boda of personal data breaches under the Ugandan data protection laws, especially the recently passed Data Protection and Privacy Act, 2019 (DPPA). The allegations included that the company was and is sharing user data with third parties in violation of the above laws.
Guru8 has this week received a letter dated 24th August 2020 revealing that the government has been petitioned about the allegations.
In the letter titled “Petition Against Guiness Transporters Limited Trading as Safe Boda Sharing Uganda’s Personal Data With Big American Tech Companies”, the speaker of parliament of Uganda Rebecca Kadaga, is forwarding a complaint that was raised by Obedgui Sammy about the violations to the National Information Technology Authority (NITA – U), that she says is the relevant Authority to handle the complaint.
“I received a complaint… alleges that Guiness Transporters Limited Trading as Safe Boda was implicated for sharing its application users’ personal data with third parties without the knowledge or consent of those users” reads the letter in part.
She adds that she believes that the complaint “falls under the purview of (NITA – U)” as it is the organ that is empowered to enforce adherence to the DPPA and has been asked to take action regarding the allegations and report to parliament within 3 weeks after receipt.
We are yet to see how the government responds to the accusations, however, under the Act, the Authority is required to conduct its own investigations and in its own discretion may direct the alleged violator to remedy any of its breaches or take any action as the Authority may determine.