Artificial Integrity: Data Privacy and Corporate Responsibility in East Africa

Abstract: While digital connectivity in East Africa is quickly increasing, the region is underregulated regarding data protection regulations. Moreover, many existing laws are more state-interest-focused than human rights-based. When comprehensive regulations are not in place, more significant regulatory pressure is put on the actors operating in the tech market. Theoretically and conceptually, this accountability can be described through conceptual models such as Corporate Social Responsibility (CSR) and Corporate Digital Responsibility (CDR).  Organisations use the two frameworks to map and manage their impact on society from an economic, environmental, and societal perspective. While CSR deals with their effects from a more general point of view, CDR has recently emerged in the business ethics discourse to discuss the ethical considerations evolving from the exponential growth of digital technologies and data.     Through a multiple case study design, the main objective of this study was to provide practical insight into how actors manage data privacy-related issues in East Africa. Furthermore, the aim was also to evaluate the existing barriers that prevent the actors from fully implementing higher data responsibility ambitions.   The results reveal that the observed actors are aware of the existing risks and mature enough to develop a comprehensive data responsibility agenda. However, there seems to be a gap between developing the policies and implementing them in practice. The lack of context-adjusted approaches to the CSR/CDR-related guidelines and actions can explain the gap.