Lawpoint Uganda

In his article, “Limitations of Uganda’s Data Protection and Privacy Act (Cap 97): Narrow Scope of Sensitive Data and Lack of Explicit Protections for Biometrics, Genetics, and Location Data,” Ssali explores how these gaps expose individuals to growing privacy risks in an era increasingly shaped by facial recognition technology, DNA profiling, and continuous geolocation tracking.

Contracts must go beyond standard clauses to specifically address AI training, clearly define whether an AI provider acts as a processor or controller, and allocate liability for automated decision-making outcomes.

This MoU could transform Uganda's health landscape, but only if balanced with robust protections. Aid should empower, not erode sovereignty. With Kenya's High Court drawing a line on data sharing, Uganda has a timely blueprint: prioritize privacy now, or face the courts later. Let's ensure Ugandans aren't left holding the short end of the stick.

The court upheld the respondent’s decision, finding that the claimant had indeed infringed upon the privacy rights of other employees. His conduct constituted a valid reason for dismissal. Furthermore, the court held that the claimant failed to demonstrate that the information he shared with his supervisor was privileged or protected from disclosure by the employer. As such, the court declined to declare that the claimant’s right to privacy had been violated.

Entities, whether domiciled in Uganda or not, that process personal data of Ugandans are bound by Uganda’s Data Protection and Privacy Act, Cap. 97. Registration with the PDPO, designation of a Data Protection Officer (DPO), and compliance with cross-border data transfer requirements are mandatory statutory obligations. The absence of a gazetted exemption or internal compliance framework does not excuse non-compliance.