WhatsApp Image 2025-12-10 at 13.18.41

Supporting Safer Digital Participation at DataFest Africa 2025: Our Clinic and Masterclass in Action

by AdvocacyAdvocacyDigital SecurityDigital SecurityProjects/Our Work Section

In October 2025, our team had the honor of participating in DataFest Africa 2025, organised by Pollicy, one of the continent’s leading convenings on data, technology, and innovation. As part of this vibrant gathering of technologists, researchers, civil society actors, policymakers, and creatives, we hosted a Digital Security Clinic, offering on-site support, guidance, and practical tools to participants navigating today’s fast-evolving digital landscape.

Why the Clinic Mattered

As digital spaces continue to expand across Africa, so do the risks that come with them including data misuse, online harassment, cyberstalking, image-based abuse, misinformation, account takeovers, and digital surveillance. For many activists, journalists, developers, and young innovators attending DataFest, these threats are not abstract; they are lived realities that affect their work, mental well-being, and personal safety.

Our clinic was designed as a safe, confidential, and responsive support space where participants could:

  • Seek one-on-one guidance on digital security and privacy
  • Report or discuss technology-facilitated gender-based violence
  • Get support on securing devices, accounts, and data
  • Receive mental health referrals and psychosocial first support after online abuse
  • Learn practical safety strategies for their work and activism

What We Offered on the Ground

Throughout the festival, our team provided:

  • Personalized digital risk assessments
  • Guidance on strong passwords, two-factor authentication, and safe browsing
  • Support on responding to online harassment, doxxing, and impersonation
  • Advice on safe content creation and data protection
  • Offered updated and genuine software like antivirus, MS Office, MS Word
  • Referral to trusted psychosocial and legal response partners where needed

Participants included women in tech, youth innovators, journalists, human rights defenders, researchers, and community organizers, many of whom were encountering structured digital safety support for the first time.

Key Reflections from the Clinic

Several key themes emerged from our engagement:

  • Online harm is deeply connected to offline safety, livelihoods, and mental health.
  • Many participants had experienced harassment, impersonation, or extortion but had never received professional support.
  • There is a strong demand for localized, continuous digital safety clinics, not just one-off trainings.
  • Women and young people remain disproportionately impacted by online violence and data misuse.

Building Resilient Digital Communities

Our presence at DataFest Africa 2025 reaffirmed the urgent need to move beyond awareness-raising alone. Safety must be practical, accessible, survivor-centered, and embedded into innovation spaces. Digital rights, data protection, and online wellbeing are not optional add-ons; they are essential foundations for meaningful participation in the digital economy.

By hosting this clinic, we demonstrated that large tech and data convenings can and should integrate real-time protection and support mechanisms alongside conversations on innovation, AI, governance, and development.

Masterclass: Shaping Youth Futures Through Digital Ownership

In addition to the digital safety clinic, we hosted a featured masterclass titled “Shaping Youth Futures Through Digital Ownership” at the National ICT Innovation Hub, Nakawa. The session brought together young people, innovators, and ecosystem actors to explore how digital ownership can unlock opportunity, protection, and economic independence for African youth. Participants engaged deeply with what digital ownership truly means in today’s platform-dominated economy, emphasizing the importance of owning data, digital skills, content, and platforms as a foundation for sustainable digital participation.

The masterclass examined how young people can transition from being passive digital consumers to empowered digital creators and owners, while critically reflecting on the risks of digital exploitation, platform dependence, and unsafe monetization. It further highlighted the role of policy, infrastructure, and community networks in protecting young digital entrepreneurs. The session was co-led by Noelyn Nassuuna, Raymond Amumpaire, and Owilla Abiro Mercy, who collectively challenged participants to think beyond access toward control, agency, safety, and sustainability in the digital economy.

Looking Ahead

Following DataFest Africa 2025, we are strengthening our:

  • Mobile digital safety clinics
  • Survivor-centered referral pathways
  • Youth and women-focused digital resilience programming
  • Partnerships with tech platforms, mental health professionals, and legal responders

We remain committed to ensuring that no one has to choose between visibility and safety, innovation and wellbeing, or participation and protection in digital spaces.

16 days of activism 2026_DPI

Standing Up to Online Gender-Based Violence: Building Safer Digital Spaces for Women and Girls

by AdvocacyDigital SecurityWeb Applicationswomen@web

During the 16 Days of Activism, we are starkly reminded that violence against women does not begin or end offline. It follows them into their phones, their social media accounts, and every digital space where they speak, work, lead, or express themselves. In Uganda, women journalists, politicians, activists, and even students are facing a rising wave of online attacks that are not simply rude comments but deliberate efforts to silence, intimidate, and erase them from public life.

These attacks take an emotional, psychological, and professional toll. They push many into self-censorship, and some into withdrawal entirely, a process that weakens civic participation and harms democracy for everyone.

The New Digital Battlefield: Understanding Online GBV

Today, online gender-based violence (OGBV) has taken new forms that are faster, more invasive, and often anonymous. The attacks are rarely random; they are tools used to control women’s participation in leadership, public discourse, and community organizing. When a woman is silenced online, her influence in other spaces also shrinks, which affects the entire civic space.

Types of Attacks Women Commonly Face:

  • Harassment, insults, threats, and humiliating messages.
  • Doxxing, where private information is leaked to intimidate.
  • Non-consensual intimate imagery and sexualized abuse.
  • Impersonation on social media to spread misinformation or damage reputations.
  • AI-generated deepfakes targeting women in politics or media.
  • Manipulated photos and voice notes meant to scandalize or shame.
  • Targeted phishing attacks disguised as personal or work-related messages.
  • Cyberstalking and obsessive monitoring of online activity.
  • Lastly, Trolling and Coordinated Swarming: Where large groups are mobilized to overwhelm a woman’s account with abusive content, making platforms unusable.

Empowerment in Action: DPI’s Practical Safety Toolkit

Defenders Protection Initiative continues to meet women who feel overwhelmed by online harassment but are unsure where to begin or how to protect themselves. Strengthening digital safety is not just a technical process; it is an act of empowerment and resilience-building. Practical tools and safer habits can drastically reduce exposure to attacks and increase women’s confidence as they navigate digital spaces.

Useful Tools and Practices Women Can Adopt:

CategoryTool/PracticeBenefit
Secure CommunicationSignal, Proton MailSafer, encrypted communication and private email.
Password & AccessBitwarden, Two-factor authentication (Aegis, Authy, Google Authenticator)Managing strong, unique passwords and preventing unauthorized account access.
Privacy & AnonymityBrave Browser, Tor BrowserImproved anti-tracking protection and anonymity for high-risk users.
Verification & ReportingInVID, Deepstar and Reality DefenderTools for verifying deepfakes or manipulated images before spreading them.
Platform SettingsRegularly updating social media privacy settings, restricting who can tag or message you, and turning off real-time location sharing on all platforms.Taking ownership of your digital boundaries.
DocumentationTime-Stamped Evidence: Document harmful posts using screenshots and URLs, ensuring dates and times are clearly captured for legal reporting.Crucial for Legal Action: Provides the verifiable, immutable evidence needed for platform reporting, legal proceedings, and engaging with law enforcement or human rights bodies.

Responding to online abuse requires preparation and community. Beyond the tools, women should be empowered to report using platform tools, block accounts that escalate harassment, and seek support from trusted networks or institutions.

A Shared Responsibility for a Safer Digital World

Online violence thrives in silence, which is why the 16 Days of Activism is a powerful reminder that protecting women’s voices is a shared responsibility.

At DPI, we continue to provide digital security training, digital forensics, account-recovery assistance, and psychosocial referrals so that no woman has to face OGBV alone.

But the fight is bigger than us:

  • Organizations must invest in digital safety policies and provide robust HR support for targeted staff.
  • Men must actively challenge harmful online behavior and report abuse when they see it.
  • Platforms must strengthen their moderation systems and hold abusers accountable.
  • And as a community, we must make the internet a place where women feel safe enough to lead, express themselves, and participate fully.

A safer digital world is possible, but only if we work together to create it.

We urge you to share this post and commit today to challenging digital violence.
#EndDigitalGBV #16DaysOfActivism

U.S. Ruling on NSO Sends Warning as Pegasus Targets Ugandan Journalists

by AdvocacyDigital SecurityDigital SecurityResearch

By Noelyn Nassuuna | 8 May 2025

In a historic decision on May 6, 2025, a U.S. jury in California ordered NSO Group to pay $168 million in damages for deploying its Pegasus spyware to hack WhatsApp’s infrastructure. This unprecedented verdict—$447,719 in compensatory damages and over $167 million in punitive damages—marks the first time the notorious Israeli spyware company is held financially accountable in court for its hacking operations.

This ruling is a major victory for global digital rights defenders and a critical warning to companies enabling unlawful surveillance. For years, NSO Group’s Pegasus spyware has been linked to grave human rights violations, including the targeting of journalists, activists, and dissidents worldwide. Meta, the parent company of WhatsApp, pursued a six-year legal battle to expose these abuses and protect its users. The judgment follows a landmark January 2025 summary ruling that found NSO guilty of violating U.S. and California hacking laws and breaching WhatsApp’s Terms of Service.

“This verdict sends a clear message to spyware companies that targeting people through U.S.-based platforms will come with a high price,” said Michael De Dora, U.S. Policy and Advocacy Manager at Access Now.

But while the courtroom victory occurred in the United States, its impact reverberates far beyond. Just days before the judgment, Ugandan investigative journalist Canary Mugume took to X (formerly Twitter) to reveal that Pegasus spyware had attempted to infiltrate his device. His post sent shockwaves through Uganda’s media and civil society sectors, especially as the nation edges closer to its 2026 general elections.

This is not the first time Pegasus has been used to target journalists globally. In Uganda, such incidents signal a chilling escalation in the digital threats facing the press. The implications are grave: surveillance software like Pegasus doesn’t just spy on individuals—it compromises entire newsrooms, sources, and the right to information.

“Apple sent this notification to me indicating that I am being targeted by a mercenary spyware. Most of these are used by Governments to hack into phones of journalists, high-profile figures and activists. They last sent this in 2021, there’s a pattern – electoral season.”

In past years, several journalists and human rights defenders in Uganda have reported suspicious digital intrusions, but rarely with hard evidence pointing to a tool as sophisticated and invasive as Pegasus. The spyware is known for its ability to silently infiltrate phones, access messages, camera, microphone, and more—all without the user’s knowledge.

At Defenders Protection Initiative (DPI), we continue to raise alarm and awareness over the growing use of surveillance technologies to intimidate, silence, or endanger the work of journalists, activists, and civil society organizations. The risks are particularly heightened during politically sensitive periods such as elections, where access to reliable information and protection of press freedom are critical for democratic integrity.

The recent U.S. court ruling is a reminder: accountability is possible. It is also a call to action for governments, tech companies, and civil society in Uganda and across Africa to:

  • Strengthen digital security protocols for journalists and human rights defenders
  • Demand transparency and oversight over surveillance technologies
  • Challenge spyware vendors through legal, policy, and public channels

We stand in solidarity with journalists like Canary Mugume and urge all media professionals to report digital threats and seek expert support. DPI remains committed to supporting journalists and human rights defenders through digital security trainings, emergency response, and legal support.

As elections approach, the protection of digital rights is not just a tech issue—it is a human rights imperative.

The Guardians of Peace: The Crucial Role of Human Rights Defenders in Building a Peaceful World

by AdvocacyCivic SpaceProjects/Our Work SectionResearchSecurity

By Noelyn Tracy Nassuuna

International Peace Day has come and gone, but the mission of building and sustaining peace continues every single day, especially for human rights defenders (HRDs) around the world. These courageous individuals are often on the front lines, advocating for justice, equality, and human dignity in the face of adversity. Their work is crucial in addressing the root causes of conflict and promoting long-lasting peace.

Download Article

Holding Regulators Accountable for Data Privacy and Protection in Uganda’s NGO Sector -DPI

by AdvocacyAdvocacyCivic SpaceProjects/Our Work SectionResearchRisk AssessmentSecurity

By Helen Namyalo Kimbugwe and Noelyn Tracy Nassuuna

As Uganda heads toward a pivotal election season, the release of sensitive financial statements for Non-Governmental Organizations (NGOs) like Chapter Four Uganda has sparked intense debate. These disclosures carry significant implications for donors, NGOs, and the public, shaping trust, transparency, and operational stability.

What does this mean for NGOs operating in Uganda, their donors, and the communities they serve? How can transparency be balanced with protection in such politically charged times?

To delve deeper into these issues, download the full article now and stay informed about the future of civil society in Uganda.

Holding Regulators Accountable for Data Privacy and Protection in Uganda’s NGO Sector -by DPIDownload
WhatsApp Image 2024-06-24 at 12.51.09

Protection of Environmental Defenders: Safeguarding Fundamental Rights and Environmental Sustainability 

by AdvocacyLEDs ProtectionProjects/Our Work Section

Land and environmental defenders are some of the most passionate and committed people who unfortunately experience significant reprisals, as reported through our Seek Support portal. Instances of arbitrary arrests, harassment, physical attacks, and threats have hampered their work and forced many to withdraw from advocacy.

The survival of our environment and the defence of fundamental rights are interlinked with the protection of environmental advocate. Prioritising these crucial areas of protection is necessary to achieve these interconnected goals:

  1. Legal Protection: Instituting robust legal frameworks that explicitly safeguard the rights of LED proponents against discrimination, harassment, and violence. 
  2. Access to Justice: Guaranteeing access to justice for LEDs. This involves providing adequate legal resources and support to ensure that perpetrators are brought to justice.
  3. Context-Specific Responses: Recognizing the dynamic challenges faced by environmental defenders, it is crucial to tailor responses to their specific contexts and provide specialised training, resources, and protection mechanisms to address evolving threats.
  4. Inclusion in Climate Policy Formulation: Incorporating environmental protectors into the formulation of climate policies ensures that their voices are heard and their expertise is utilised. This inclusion not only strengthens policy effectiveness but also enhances the legitimacy of environmental governance.
  5. Recognition of Cultural Leaders and Custodians: Acknowledging the rights of cultural leaders and customary landowners as custodians of the land is essential. Their traditional knowledge and stewardship play a vital role in sustainable land management and conservation efforts.

Explore the diverse channels and tools of protection available to LEDs from DPI:

  • Land and Environmental Task Force (LEDTAF): A coalition of diverse organisations providing collective leverage for coordinated response mechanisms for LEDs. Services include legal aid, relocation and rapid response among others.
  • Kyotos (Fireside Chats): Community fireside chats provide a relaxed setting for dialogue, bringing together communities and relevant stakeholders to share information, mediate issues, and address grievances.
  • Digital Security and Security Management Training: To individuals and organisations to enhance operational effectiveness and ensure safety during advocacy efforts.
  • Talk to Your Regulator: Closing the awareness gap on NGO legal frameworks to improve operational efficiency and regulatory compliance for defenders and organisations in the environmental rights landscape.
1697312026600

Investing in Women’s Safety and Security

by AdvocacyDigital SecurityDigital SecuritySecurity

We hope you were celebrated or honored by the women in your life, and we encourage you to continue this appreciation beyond Women’s Day.

Speaking of Women’s Day, this year’s theme, “Invest in Women: Accelerate Progress,” underscores the critical need for increased financing in gender equality efforts, including funding gender-responsive, green energy initiatives, and support for female and feminist changemakers.

These challenges notwithstanding, as experts in the fields of security, safety, and human rights, we have witnessed firsthand how the unique security risks and threats faced by women impede progress not only toward achieving equity but also in improving their overall quality of life.

Here are four impactful ways in which we can invest in women to accelerate progress through enhanced security and safety measures.

Enhancing  Responsiveness of Security and Justice Institutions 

According to a 2020 Violence Against Women and Girls Survey (VAWG) conducted by UBOS, a staggering 95% of women surveyed reported experiencing physical and sexual violence. Shockingly, only 45% of those who had experienced intimate partner physical and sexual violence chose to report it, primarily due to a deep-seated mistrust in the judicial system.

Despite efforts such as the establishment of Gender-Based Violence help desks by Uganda Police, significant gaps remain in addressing these issues effectively. There is an urgent need to bolster the responsiveness of law enforcement and judicial institutions in apprehending and prosecuting perpetrators. Strengthening these mechanisms is crucial in not only delivering justice to survivors but also contributing significantly to deterring future occurrences.

GBV Toll Free Helpline 0800199195

Support, NOT Survivor Blaming

The UBOS survey also revealed that the other reasons why women opted not to report physical/sexual abuse were fear of being blamed for the incidents and the threat of continued abuse or worse consequences by their abusers if they spoke up.

In light of these distressing findings, it is clear that women who have endured abuse and violations, need tools and assistance to cope, recover, and pursue justice, to help them navigate these harrowing experiences and gradually rebuild a sense of safety and stability in their lives. This can be informed by psychosocial support or training in basic self-defense skills among others.

Equipping Women with Knowledge and Skills to Navigate the Evolving Digital Landscape

In today’s rapidly evolving digital world, it’s crucial to empower women with the necessary knowledge and skills to navigate cyberspaces safely. This includes providing them with the tools to prevent, recognize, and respond to cyber-attacks effectively. Explore our website for digital security support options/offerings.

As more aspects of our lives move online, women are increasingly vulnerable to various forms of digital abuse, including hacking, cyberbullying, harassment, and online stalking. By skilling women in cybersecurity and digital safety, we can empower women to protect themselves against such threats and confidently engage in online activities.

Investing in Gender-Inclusive Tech for Safety and Security 

By allocating resources toward the creation and refinement of tech tools tailored to women’s needs, we can address existing safety concerns and foster a more inclusive digital environment. 

Here are a few we like; digitalsafetea.com safebangle.org bitdefender.com 

For blog article

Data Privacy and Protection: Essential Insights for NPOs.

by AdvocacyBusinessDigital SecurityDigital Security

Like other organisations/companies, Non-Profit Organisations (NPOs) collect and utilise data from their program participants, partners or donors. It is therefore imperative that they prioritize data privacy and protection.

Data privacy and protection essentially entail safeguarding sensitive personally identifiable information, covering data collection, storage, and organizational use. Data collected by NPOs may include details such as names, addresses, emails, and financial information. 

Here are key insights for NPOs as they navigate the landscape of data privacy and protection.

Why Data Privacy and Protection?

Data protection and privacy aren’t just checkboxes for NPOs; failure to safeguard sensitive information can lead to severe consequences, posing significant risks to organisations.

Loss of Data

Losing valuable data can be detrimental to an NPO’s operations. Whether it’s program participant information, donor records, or financial data, the loss of such information can disrupt essential activities and hinder effective decision-making. Additionally, recovering lost data can be a time-consuming and costly process. 

Financial Loss

Data breaches can lead to financial losses. NPOs may face financial liabilities associated with rectifying the situation. This could include expenses related to legal actions, regulatory fines, or compensating affected individuals. By implementing robust data protection measures, the risk of financial loss can be minimised and resources can be allocated to their core mission.

Damage to Reputation

NPOs and civil society organizations in general rely heavily on the trust and support of their stakeholders, including donors, partners, and the civil society at large. A data breach or mishandling of sensitive information can severely damage their reputation. Negative publicity, loss of trust, and public scrutiny can have long-term consequences. 

What to Do: Take Action

Digital Security

One of the primary steps in ensuring data protection is to prioritize digital security—measures to secure all data collected, processed, or stored electronically. This includes implementing robust firewalls, encryption techniques, and access controls to prevent unauthorized access or damage to sensitive information. Regularly updating security software and conducting vulnerability assessments can help identify and address any potential vulnerabilities in the organization’s systems. Additionally, establishing strong internal policies and educating staff about cybersecurity best practices can significantly enhance data protection.

Transparency

It is crucial to provide data subjects with enough information to make informed decisions about the data collected from them to obtain informed consent. This includes being transparent about the purpose of data collection, how it will be used, and whether it will be shared with any third parties. This can be achieved through clear and concise privacy policies, consent forms, and opt-in mechanisms. 

Compliance

Compliance with relevant data privacy and protection laws can minimise the risk of legal consequences and demonstrate their commitment to protecting individuals’ privacy.

The Personal Data Protection and Privacy Act 2019, spells out specific regulations on data handling. It may also be helpful for NPOs to familiarise themselves with international laws, such as the General Data Protection Regulation (GDPR), to stay informed about how data may be used by third parties operating under EU jurisdiction. This also ensures that they (NPOs) handle data from the same jurisdiction in a way that aligns with the required standards.

Where To Start: Available Resources 

  • At DPI, we provide training and capacity building in data privacy and protection specifically tailored for NGOs. Feel free to reach out to us here for assistance.