Privacy Scorecard Report

The Privacy Scorecard stands as a flagship initiative of Unwanted Witness, embodying the organization’s steadfast commitment to advocating for the fundamental right to privacy. It serves as a meticulous monitoring tool crafted to provide Data Subjects with invaluable insights into the compliance of various data collectors/processors with prevailing Data Protection and privacy laws, principles, and standards.

Embedded within its core ethos is the mantra “If you must collect it, you must protect it,” epitomizing the unwavering dedication to safeguarding individuals’ privacy rights. At its essence, the Privacy Scorecard endeavors to empower data subjects, granting them agency over their personal data and enabling them to make informed choices.

By meticulously scrutinizing both legal frameworks and corporate practices, the Privacy Scorecard casts a discerning spotlight on the policies of both private enterprises and public agencies, evaluating how they either advance or impede the privacy rights of users. Moreover, it endeavors to commend and highlight those entities that exemplify best practices in data protection and privacy, fostering an environment of transparency and accountability.

Central to its mission is the preservation of data privacy rights, achieved through fostering transparency and accountability among data collectors/processors in their utilization and disclosure of individuals’ data. The Privacy Scorecard serves as an impartial arbiter, providing objective measurements to analyze the policies and practices of major data collectors. It meticulously focuses on specific, measurable criteria, serving as a crucial bulwark against the unchecked exploitation of user data.

Ultimately, the overarching goal of the Privacy Scorecard is to catalyze widespread transformations in the policies of private and public data collectors, ensuring that citizens’ digital lives are shielded from manipulation and their human rights and dignity are safeguarded. Through its tireless advocacy and scrutiny, the Privacy Scorecard strives to engender a landscape where data protection is not merely a legal obligation but an ethical imperative.

This year’s Privacy Scorecard Report will feature assessments from 6 countries; Uganda, Mauritius, Zimbabwe, Rwanda, Kenya and Tanzania.



Over the last decade, trends at the global scene indicate growing interest and commitment to enactment/adoption and strengthening of data protection laws. This has largely been motivated by wide spread social media complaints and scrutiny of violations, abuses and breaches and the general interest for countries to comply with internationally recognised laws and standards. By 2020, it was projected that about 137 new countries globally would enact data protection laws in addition to the 50 countries that strengthened their laws in this area in the last decade alone.

This great ray of hope transcends to the African continent. By February 2023, 36 out of 54 African countries are for example said to have adopted data protection and privacy laws with 16 signing onto ‘the African Union Convention on Cyber Security and Personal Data Protection adopted on 27 June 2014 (“Malabo Convention”) and thirteen countries have ratified it. As a result, 2022 was projected to be a year of more robust enforcement of this newly adopted framework. The 2023 privacy score card to a large extent aims at establishing how this prediction played out in selected countries of Zimbabwe, Uganda, Kenya and Mauritius.



The 2022 Privacy Scorecard report develops onto the 2021 one and expands the scope to include Kenya. The methodology adopted in the 2022 report is deeper with focus on only three sectors of telecommunication, financial services and the e-commerce sectors. The 2022 report is made possible by a collaboration between Unwanted Witness and the Centre for Intellectual Property and Information Technology Law (CIPIT).

The main objective of the 2022 report is to generate research that could be used to empower data collectors/processors to adopt data protection best practices; and citizens to demand for accountability in the area of personal data protection. The report could also inform legal and policy reform for the between management of personal data of data subjects by especially non state actors.



The 2021 Scorecard report focuses on the law, corporate policies and practices. It will turn a spotlight on how the policies of private and public sectors either advance or hinder the privacy rights of users and it will recognize those companies or government agencies that buttress and ensure data protection and privacy best practices. The idea is to protect data privacy rights of individuals by ensuring that data collector/processors bring more.

Data collectors/processors are required to be transparent about access to and use of personal data, and to respect our right to privacy and dignity at all times as stipulated in the data protection law. And some companies are increasingly meeting those expectations, but there are still many companies that lag behind, fail to enact best practices around transparency, or don’t prioritize user privacy and dignity.