High Court reinforces data protection and privacy in Uganda – Case Review

Send Us Your Article For Publishing. Click Here 

Share With Your Friends

Last updated on January 4th, 2023 at 08:10 am

Save Article to Read Later

No account yet? Register

The High Court of Uganda has in the case of Yunus Lubega Butananziba versus MTN (U) Limited awarded the plaintiff damages of 10,000,000 Uganda Shillings  for breach of his right to privacy and resultant embarrassment and inconvenience.

Court further held that there is a fiduciary relationship between MTN Uganda and its customers’ data which may be highly personal, confidential and private is kept by the company in trust and confidence.


Join the Exclusive LegalReports Whatsapp Channel. Click Here


MTN Uganda had acted on a fake court order to release the plaintiff’s personal information. Court held MTN needed to have due diligence checks to verify the authenticity of the order.

Relevancy of the case to Telecommunication Companies


1. Telecommunication companies hold customers’ personal data in trust and confidence. This means that such information should never be released unless there is a lawful court order, whose correctness must be verified through conducting proper due diligence. 


Image Rights in Uganda

2. Telecommunication companies should put in place enough fire walls in order to avoid hacking and obtaining customer’s personal data. Companies act as data controllers and they have a higher degree of care.

Section 20(2) of the Data protection and privacy Act, 2019 provides guidelines for securing data such as: identifying reasonably foreseeable internal and external risks to personal data, establishing and maintaining appropriate safeguards against identifiable risks and to regularly verify that the safeguards are effectively implemented.

Furthermore, Section 22(3) of the Data protection and privacy Act provides that a data controller shall observe generally accepted information security practices and procedures in maintenance of data.

Application of the Data Protection and Privacy Act, 2019 

Court in this particular case did not apply the Act because it had not been in force at the time of filing the suit, but under the Act, such cases are determined by a court of competent jurisdiction ( this is determined by the reliefs sought since a court of competent jurisdiction is not defined under the Act) for compensation from the data collector, processor or controller.

The Act further makes it criminal to obtain or disclose personal data under Section 35(2) of the Act attracting a fine of 4,800,000 million shillings or imprisonment of ten years or both.
The case reinforces data protection and privacy regime in Uganda

Share With Your Friends

One thought on “High Court reinforces data protection and privacy in Uganda – Case Review

Comments are closed.

error: Content is protected !!