NITA-U Dismisses Allegations of SafeBoda Sharing User Data

A passenger pictured happy on a Safeboda. FILE PHOTO A passenger pictured happy on a Safeboda. FILE PHOTO
<center>A passenger pictured happy on a Safeboda. FILE PHOTO</center>

The National Information Technology Authority Uganda (NITA-U) has released an investigation report on allegations that SafeBoda unlawfully shares its user personal data without their consent. The allegations begun last year when Unwanted Witness Uganda reported that the moto-taxi hailing company was sharing its user’s personal data personal data with third parties without their consent as required by Section 7 of the Data Protection and Privacy Act of Uganda.

This raised legal issues as well as questions of trust.

Unwanted Witness Uganda in its report —disclosed that SafeBoda shared access to users’ data with tech firms like Facebook and CleverTap. They explain that in carrying out research, they reviewed the startup’s privacy policy and compared it to how the app actually operates, thus a number of discrepancies were identified.

As the regulator for data protection, NITA-U carried out an investigation on the claims and in their recently released report confirm that SafeBoda did not sell any of its user data. “There was no evidence found to support allegations that SafeBoda sells its user personal data,” the report read.

NITA-U focused on some of the data-processors that SafeBoda uses to improve the app performance. The report was primarily concerned about CleverTap, a world-renowned data processor and analytical software. NITA-U’s finding was that SafeBoda’s disclosure of its users’ personal data to CleverTap contravened the Data Protection and Privacy Act since the ‘consents’ relied upon for the disclosure were not specific neither were they informed, given that the users were not informed of; the extent of the personal data collected and the potential disclosure of their personal data with CleverTap.

The interpretation is largely around the concept of consent which is still debated in data protection best practices.

The conclusions of the report are provided in the form of recommendations. Given that the Act is still new and it’s the regulations have not yet been issued, the report was an opportunity to build best practices for Ugandan companies.

NITA-U recommended that SafeBoda Data Privacy Policy be made more readily available to customers. We are working on this to make sure that the customers can find our policies more easily on both the website and our app,” says SafeBoda. They have since then updated their privacy policies to make it more explicit and detailed to their customers to build strong standards and best practices in the ecosystem.

“This is something we strive to do to improve in service to customers. Ensuring our staff and the wider team understands the importance of data protection is also paramount,” says SafeBoda.

SafeBoda hails NITA-U and Unwanted Witness for the recommendations to improve its privacy policies to protect users’ rights, as well as thanked NITA-U for the support to ensure compliance with the Data Protection and Privacy Act 2019.

“SafeBoda would like to thank NITA-U for the support to ensure compliance with the new Data Protection and Privacy Act 2019. Data protection, GDPR compliance, and ensuring data is secure for customers is a challenging area for all companies across the globe, from companies such as Uber or Facebook to SafeBoda, a growing small tech startup in East and West Africa. Together with the young growing ecosystem in Uganda, SafeBoda wants to ensure that Uganda can be a leading light on data protection in Africa and beyond,” Ricky Rapa Thompson, SafeBoda Co-founder said in a press statement.