The Privacy Scorecard report is a tool used to assess and evaluate the privacy practices of organizations and companies.
It provides a comprehensive overview of how organizations handle personal data and how they protect the privacy of individuals. The purpose of the Privacy Scorecard report is to give consumers and stakeholder’s information to make informed decisions about the privacy and security of their personal information.
The scope of the report typically covers an organization’s privacy policies, data collection and use practices, and security measures. The privacy scorecard utilizes objective, quantifiable parameters for analyzing the policies and practices of the selected data collectors.
Entering its 5th year, the Unwanted Witness Privacy Scorecard Report marks another milestone in tracking how organisations across public and private sectors safeguard personal data and adhere to data protection obligations. Drawing on local data protection frameworks and global privacy standards, this report examines compliance, highlights progress and uncovers persistent gaps that continue to shape the privacy landscape.
The 2025 assessment expanded its scope to include Nigeria, Ghana, and Botswana, alongside Rwanda, Tanzania, Mauritius, Zimbabwe, Kenya, and Uganda. In total, 286 companies were assessed, reflecting a 33.56% growth from the 190 recorded in 2024. Participation has risen steadily from 32 companies in one country (2021) to 12 across two countries (2022), 48 across four countries (2023), and 190 across six countries (2024). This growth reflects broader regional coverage and deeper engagement across sectors.
The overarching objective has remained steadfast: to galvanize data collectors and processors towards the adoption of best practices in data protection while concurrently empowering citizens across all six nations to assertively demand transparency regarding the collection, utilization, and dissemination of their personal data.
2025
PRIVACY SCORECARD REPORT
The 2025 assessment expanded its scope to include Nigeria, Ghana, and Botswana, alongside Rwanda, Tanzania, Mauritius, Zimbabwe, Kenya, and Uganda. In total, 286 companies were assessed, reflecting a 33.56% growth from the 190 recorded in 2024. Participation has risen steadily from 32 companies in one country (2021) to 12 across two countries (2022), 48 across four countries (2023), and 190 across six countries (2024). This growth reflects broader regional coverage and deeper engagement across sectors.
The 2025 report builds on previous assessments of data protection and privacy compliance, highlighting the region’s evolving digital landscape and growing focus on personal data security, regulatory enforcement, and digital trust. This assessment adopts a detailed and methodologically sound approach to evaluate data collectors’ performance across eight (8) key sectors: telecommunications, e-commerce, online betting, banking and finance, insurance, government agencies/bodies, health, and digital loans. The report examines the extent of compliance with data protection laws, drawing attention to emerging performance trends, sectoral challenges, and best practices.
Compared to last year’s overall index score of 40%, the 2025 assessment recorded a slightly high score of 46%. Kenya maintained its position as the top-performing country, followed by Nigeria, Uganda, and Mauritius. Ghana and Botswana shared the same score, as did Rwanda and Tanzania, while Zimbabwe ranked lowest overall.
2024
PRIVACY SCORECARD REPORT
This marked the 4th edition of the Unwanted Witness Privacy Scorecard Report, a monitoring tool rooted in local data protection laws and internationally acceptable principles aims to take stock of compliance and privacy practices of both private and public sectors and the impact on user privacy rights.
This assessment that is conducted annually, expanded its scope beyond previous evaluations to include Rwanda and Tanzania, alongside Kenya, Uganda, Mauritius, and Zimbabwe. The 2024 report built on prior evaluations of data protection and privacy compliance, reflecting the evolving digital landscape and the increasing regulatory attention on safeguarding personal data across the region. As digital economies continue to grow, so do concerns around personal data security, unauthorized surveillance, and data protection enforcement.
This edition introduced a more detailed and robust methodology, evaluating the performance of data collectors across eight sectors: telecommunications, e- commerce, online betting, banks and finance, insurance, government agencies / bodies, health and digital loans.
This report assessed the implementation of data protection laws, highlight performance trends over the years and challenges, best practices, using seven key indicators – Registration with the National Regulator, Accessible Privacy Policy, Pre-collection Data Transparency (Data Subject Rights), Third-Party Data Transfer, Practice Robust Data Security, Availability of Transparency Report and Internal Data Breach Resolution.
2023
PRIVACY SCORECARD REPORT
Over the last decade, trends at the global scene indicate growing interest and commitment to enactment/adoption and strengthening of data protection laws. This has largely been motivated by wide spread social media complaints and scrutiny of violations, abuses and breaches and the general interest for countries to comply with internationally recognised laws and standards. By 2020, it was projected that about 137 new countries globally would enact data protection laws in addition to the 50 countries that strengthened their laws in this area in the last decade alone.
This great ray of hope transcends to the African continent. By February 2023, 36 out of 54 African countries are for example said to have adopted data protection and privacy laws with 16 signing onto ‘the African Union Convention on Cyber Security and Personal Data Protection adopted on 27 June 2014 (“Malabo Convention”) and thirteen countries have ratified it. As a result, 2022 was projected to be a year of more robust enforcement of this newly adopted framework. The 2023 Privacy Scorecard Report to a large extent aimed at establishing how this prediction played out in selected countries of Zimbabwe, Uganda, Kenya and Mauritius.
2022
PRIVACY SCORECARD REPORT
The 2022 Privacy Scorecard report developed onto the 2021 edition and expanded the scope to include Kenya. The methodology adopted in the 2022 report is deeper with focus on only three sectors of telecommunication, financial services and the e-commerce sectors. The 2022 report was made possible by a collaboration between Unwanted Witness and the Centre for Intellectual Property and Information Technology Law (CIPIT).
The main objective of the 2022 report was to generate research that could be used to empower data collectors/processors to adopt data protection best practices; and citizens to demand for accountability in the area of personal data protection. The report also informed legal and policy reform for the between management of personal data of data subjects by especially non-state actors.
2021
PRIVACY SCORECARD REPORT
The 2021 Scorecard report focused on the law, corporate policies and practices. It turned a spotlight on how the policies of private and public sectors either advance or hinder the privacy rights of users and it recognised those companies or government agencies that buttress and ensure data protection and privacy best practices. The idea is to protect data privacy rights of individuals by ensuring that data collector/processors bring more to the table.
Data collectors/processors are required to be transparent about access to and use of personal data, and to respect our right to privacy and dignity at all times as stipulated in the data protection law. And some companies are increasingly meeting those expectations, but there are still many companies that lag behind, fail to enact best practices around transparency, or don’t prioritize user privacy and dignity.