A report published by the National Information Technology Authority–Uganda (NITA-U) on data protection has shown that SafeBoda did not sell any customer data. The ride-hailing firm has thanked NITA-U and Unwanted Witness for the recommendations to improve privacy policies to protect Users’ rights.
The Ugandan start-up has since improved the wording of their policies and are proud to be a role model in the ecosystem, and paving the way for other startups. SafeBoda says the new act Data Protection and Privacy and its regulations have not yet been issued, but the report was an opportunity to build best practices for Ugandan companies.
“We are excited to be part of this process. SafeBoda, as a tech start-up, founded in Kyebando, Kampala, would like to thank NITA-U for the support to ensure compliance with the Data Protection and Privacy Act 2019,” Ricky Rapa Thompson, SafeBoda Co-founder said.
NITA-U confirms that SafeBoda did not sell any of its users' data as cited in the report.
“There was no evidence found to support allegations that SafeBoda sells its users’ personal data. The report provided a number of recommendations for SafeBoda that we are now working to comply with. With the internet and the ever-changing rules on internet data privacy across the world, start-ups need to be aware of compliance with a myriad of local and international rules on data protection and privacy,” reads the report.
“SafeBoda is no different from any start-up or company and needs to keep working to ensure it can comply with rules and regulations.” In the report, NITA-U commended SafeBoda, saying that “SafeBoda was cooperative during the investigation and has also made efforts towards compliance including improving its data protection policies to comply with provisions of the Act”.
In relation to the recommendations in the report, NITA-U focused on some of the data-processors that SafeBoda uses to improve the app performance. The report was primarily concerned about CleverTap, a world-renowned data processor and analytical software.
Specifically, “NITA-U’s finding is that SafeBoda’s disclosure of its users’ personal data to CleverTap contravened the Data Protection and Privacy Act since the “consents'' relied upon for the disclosure were not specific neither were they informed, given that the users were not informed of a) the extent of the personal data collected and b) the potential disclosure of their personal data with CleverTap.”
The interpretation is largely around the concept of consent which is still debated in data protection best practices such as GDPR - regardless, SafeBoda has since then updated its policies to make it more explicit and detailed to their customers to build strong standards and best practices in the ecosystem.
NITA-U in the report highlighted that staff policy should also be updated to reflect Data Privacy requirements. “Following this, we have already updated our Employee Handbook and will be ensuring that staff complete regular mandatory training to ensure that they remain up-to-date with any changes to data privacy and protection laws and that they are reminded of their key responsibilities. This is a new area for many start-ups and it is our job to ensure we continue updating our training materials to continually educate our team on this,” said officials.
SafeBoda would like to thank NITA-U for the support to ensure compliance with the new Data Protection and Privacy Act 2019. Data protection, GDPR compliance, and ensuring data is secure for customers is a challenging area for all companies across the globe from companies such as Uber or Facebook to SafeBoda, a growing small tech start-up in East and West Africa.
“Together with the young growing ecosystem in Uganda, SafeBoda wants to ensure that Uganda can be a leading light on data protection in Africa and beyond,” said Ricky Rapa Thompson, SafeBoda co-founder.