Why Data Privacy Must Become a Reality in Somalia?
Every interaction we have with the digital world creates data.
From mobile phones and mobile money services to hospitals, universities, and government offices, Somalis are increasingly sharing personal information every day. Names, phone numbers, locations, medical records, and identity details are being collected at an unprecedented scale.
The challenge is no longer whether data is being collected — it is how that data is used, shared, and protected.

When Data Privacy Becomes Personal
Consider this real situation that many Somalis can relate to.
A family welcomed a newborn baby at a well-known hospital in Mogadishu. The parents provided personal details to the hospital for to obtain a birth certificate. Two days after discharge, the mother received a phone call from someone she had never met. The caller knew the names of both the mother and baby and confirmed that she was the mother, offering “free” baby products, the company offering the product is a well known company in Somalia.
When asked how they obtained this information, the response was simple: the hospital shared it.
This was not a cyberattack. It was not hacking.
It was unauthorized sharing of sensitive personal data, including medical and family information, something that should never happen.
In many countries, such an action would trigger investigations, penalties, and serious consequences. In Somalia, it often passes without question, not because it is legal, but because awareness, enforcement, and accountability are still weak.
Data Protection Laws Exist – But Practice Lags Behind
Somalia has taken an important step by enacting a Data Protection Law and establishing a Data Protection Authority. The law passed through the required legislative processes and was signed into effect. This is a major milestone.
However, having a law is not the same as implementing it.
Implementation requires:
- Awareness among institutions
- Training for staff
- Clear enforcement mechanisms
- Accountability when violations occur
Without these, the law remains largely theoretical.
The Reality of Everyday Data Misuse
Another common experience for many Somalis is receiving unsolicited SMS messages or calls from:
- Hospitals
- Supermarkets
- Pharmacies
- Unknown service providers
Many people receive these messages despite never interacting with these organizations.
The uncomfortable truth is that customer data is being shared or sold, often through intermediaries, without consent or legal justification. Telecom networks, marketing firms, or informal data brokers become part of a chain that no one takes responsibility for.
This directly violates the basic principle of data protection:
personal data must not be shared without a clear, lawful purpose and consent.
What Data Protection Is Supposed to Look Like
Globally, data protection laws are built on simple ideas:
- Collect only the data you need
- Use it only for the stated purpose
- Protect it from misuse
- Do not share it without permission
- Delete it when it is no longer needed
In Somalia, these principles are especially important because trust in institutions is fragile. When personal data is misused, trust erodes even further.
What Organizations and Institutions Must Do Now
For data protection to become real in Somalia, organizations, public and private, must take responsibility.
This means:
- Training staff on data privacy basics
- Limiting access to personal data internally
- Stopping informal data sharing practices
- Appointing focal persons responsible for data protection
- Cooperating with the Data Protection Authority
Hospitals must treat patient data as confidential.
Telecoms must safeguard customer information.
Government institutions must lead by example.
The Role of the Government and the Data Protection Authority
In a fragile country like Somalia, implementation must be phased, practical, and realistic, but it cannot be optional.
Key priorities should include:
- Public awareness campaigns on data rights
- Clear reporting mechanisms for complaints
- Gradual enforcement, starting with major data holders
- Transparency about violations and corrective actions
Accountability builds trust, and trust enables digital growth.
What Citizens Can Do Today
While institutions must act, individuals are not powerless.
Somalis can:
- Ask why their data is being collected
- Refuse unnecessary permissions
- Question unsolicited calls and messages
- Report suspected misuse
- Delete unused apps and accounts
Taking control of your data starts with awareness.
Data Privacy Is Not a Luxury – It Is a Right
In Somalia’s digital transformation journey, data privacy is not a foreign concept or a luxury reserved for developed countries. It is a fundamental right, essential for trust, safety, and dignity.
Data Privacy Week reminds us that protecting personal data is a shared responsibility — between individuals, organizations, and the state.
Taking control of our data is not just about technology.
It is about respect, accountability, and the kind of digital future we want to build together.
What ISOC Somalia Chapter Is Doing to Strengthen Data Privacy
As Somalia’s digital ecosystem continues to grow, the Internet Society Somalia Chapter recognizes that protecting personal data and strengthening data privacy must be an ongoing, community-driven effort.
Our role is not enforcement, but capacity building, awareness, and advocacy, ensuring that individuals, institutions, and policymakers understand both the risks and responsibilities associated with data in the digital age.
Building Capacity Through Training and Awareness
One of our key priorities is training as many people as possible on Data Privacy, Online Safety and Trust. This includes:
- Raising awareness among Internet users about their data rights
- Supporting professionals, students, and institutions to understand responsible data handling
- Integrating data privacy topics into technical and digital skills trainings
An informed community is the first line of defense against data misuse.
Advocating for the Application of Data Protection Laws
Somalia now has a Data Protection Law and a Data Protection Authority. However, laws only protect people when they are applied in practice.
ISOC Somalia Chapter advocates for:
- Practical implementation of data protection laws
- Institutional accountability in handling personal data
- Collaboration between government, private sector, and civil society to make compliance a reality
Our focus is constructive engagement, helping institutions understand their responsibilities rather than only reacting after violations occur.
Raising Awareness on Data Sovereignty
A growing concern in Somalia is where data is stored and processed.
Many companies, organizations, and government institutions rely heavily on cloud services hosted outside the country. While cloud services offer efficiency, they also raise important questions about:
- Data ownership
- Jurisdiction
- Access by foreign entities
- National control over sensitive information
ISOC Somalia Chapter advocates for informed discussions around data sovereignty, encouraging decision-makers to:
- Understand the implications of off-shore data storage
- Assess risks associated with sensitive national and personal data
- Explore balanced approaches that combine resilience, security, and sovereignty
Keeping Local Internet Traffic Local
Another often overlooked issue affecting data privacy is Internet traffic routing.
When two Somali citizens communicate online, even when they are in the same room and using two local Internet Service Providers, their data may travel through other countries or even other continents before reaching its destination. This increases:
- Exposure to interception
- Dependency on external networks
- Latency and security risks
ISOC Somalia Chapter supports efforts to:
- Promote the use of Internet Exchange Points (IXPs)
- Encourage local interconnection between ISPs
- Reduce unnecessary international routing of domestic traffic
Keeping local traffic local improves not only performance, but also privacy, resilience, and trust.
A Long-Term Commitment
Protecting data privacy in Somalia is not a one-time activity. It requires:
- Continuous learning
- Strong collaboration
- Responsible policy choices
- Community engagement
ISOC Somalia Chapter remains committed to playing its part, through training, advocacy, and technical dialogue, to help build a safer, affordable, and more trusted Internet for all Somalis.
This article is inspired by the global Data Privacy Week theme “Take Control of Your Data,” promoted by the National Cybersecurity Alliance (NCA), and adapted to reflect the realities and experiences of Internet users in Somalia.