Makerere University, Kampala – September 18, 2025

The School of Computing and Informatics Technology (SCIT) at Makerere University on Thursday hosted officials from the Personal Data Protection Office (PDPO) for a joint session aimed at strengthening awareness of data protection laws among ICT students and researchers. The event, which was conducted both physically and virtually, attracted a large audience, with over 100 participants joining online and many more attending in person.

Leading the PDPO delegation was Baker Birikujja, the Acting National Personal Data Protection Director, who delivered the keynote presentation. His address focused on the practical application of Uganda’s Data Protection and Privacy Act (2018) to the fields of artificial intelligence, research, and innovation. Mr. Birikujja emphasized the need for responsible data handling practices and outlined the legal and ethical implications of using personal data in the digital age.

The session began with an introduction to the mandate and role of the PDPO, followed by a comprehensive explanation of key concepts within the data protection framework. These included definitions of personal data, the roles of data controllers and processors, and the lifecycle of data management. A significant portion of the lecture was devoted to understanding the six core principles of data protection—accountability, lawfulness, minimality, retention, quality, and transparency—anchored in the fundamental information security triad of confidentiality, integrity, and availability (CIA).

Mr. Birikujja addressed the importance of ethical data practices, especially in sectors such as health, education, and agriculture where data sensitivity is high. He stressed the necessity of using representative and anonymized datasets to ensure fairness in AI systems. The Director also tackled the complex issue of consent management under the law, describing it as a cornerstone of lawful data processing. He cited international legal precedents, including the Cambridge Analytica scandal and the WorldCoin biometric data controversy, to illustrate the potential consequences of mishandling personal data.

In explaining Uganda’s compliance framework, the Director highlighted the PDPO’s registration and audit processes for institutions and individuals working with personal data. He clarified that while the law requires all data handlers to register, exemptions are assessed on a case-by-case basis. Mr. Birikujja noted that the office is working to streamline regulatory requirements and lower financial barriers for academic researchers and innovators.

The session also delved into the use of data in artificial intelligence and research. The Director explained that while open datasets and AI-generated data may be used under certain conditions, personal data must always be handled with care and proper consent. He further clarified that synthetic or fake AI data that does not identify real individuals does not fall within the scope of the Act, though caution is still advised.

Participants engaged actively throughout the session, asking questions about intellectual property rights, data modification, and the legal risks of reusing datasets. The Director encouraged continued dialogue and invited attendees to submit additional queries to the PDPO via email. He also announced forthcoming training opportunities aimed at enhancing compliance and data protection literacy among stakeholders.

The event underscored the critical intersection between ICT education and data privacy, equipping students and professionals with the knowledge needed to navigate legal obligations in a data-driven world. A recording of the session is available for viewing via Zoom.

https://zoom.us/rec/share/z3C5HTK5RDGP8_xn0aqxcbFyG7dxZ6pDmN04Zv6nJD0fA06wE1uoFXiBY-aQWFfr.w6xBohQvX8Y7bwRZ

Passcode: D.2K$ZVK