Why Data Privacy Must Become a Reality in Somalia?

Every interaction we have with the digital world creates data.

From mobile phones and mobile money services to hospitals, universities, and government offices, Somalis are increasingly sharing personal information every day. Names, phone numbers, locations, medical records, and identity details are being collected at an unprecedented scale.

The challenge is no longer whether data is being collected — it is how that data is used, shared, and protected.

When Data Privacy Becomes Personal

Consider this real situation that many Somalis can relate to.

A family welcomed a newborn baby at a well-known hospital in Mogadishu. The parents provided personal details to the hospital for to obtain a birth certificate. Two days after discharge, the mother received a phone call from someone she had never met. The caller knew the names of both the mother and baby and confirmed that she was the mother, offering “free” baby products, the company offering the product is a well known company in Somalia.

When asked how they obtained this information, the response was simple: the hospital shared it.

This was not a cyberattack. It was not hacking.
It was unauthorized sharing of sensitive personal data, including medical and family information, something that should never happen.

In many countries, such an action would trigger investigations, penalties, and serious consequences. In Somalia, it often passes without question, not because it is legal, but because awareness, enforcement, and accountability are still weak.

Data Protection Laws Exist – But Practice Lags Behind

Somalia has taken an important step by enacting a Data Protection Law and establishing a Data Protection Authority. The law passed through the required legislative processes and was signed into effect. This is a major milestone.

However, having a law is not the same as implementing it.

Implementation requires:

Without these, the law remains largely theoretical.

The Reality of Everyday Data Misuse
Another common experience for many Somalis is receiving unsolicited SMS messages or calls from:

Many people receive these messages despite never interacting with these organizations.

The uncomfortable truth is that customer data is being shared or sold, often through intermediaries, without consent or legal justification. Telecom networks, marketing firms, or informal data brokers become part of a chain that no one takes responsibility for.

This directly violates the basic principle of data protection:
personal data must not be shared without a clear, lawful purpose and consent.

What Data Protection Is Supposed to Look Like

Globally, data protection laws are built on simple ideas:

In Somalia, these principles are especially important because trust in institutions is fragile. When personal data is misused, trust erodes even further.

What Organizations and Institutions Must Do Now

For data protection to become real in Somalia, organizations, public and private, must take responsibility.

This means:

Hospitals must treat patient data as confidential.
Telecoms must safeguard customer information.
Government institutions must lead by example.

The Role of the Government and the Data Protection Authority

In a fragile country like Somalia, implementation must be phased, practical, and realistic, but it cannot be optional.

Key priorities should include:

Accountability builds trust, and trust enables digital growth.

What Citizens Can Do Today

While institutions must act, individuals are not powerless.

Somalis can:

Taking control of your data starts with awareness.

Data Privacy Is Not a Luxury – It Is a Right

In Somalia’s digital transformation journey, data privacy is not a foreign concept or a luxury reserved for developed countries. It is a fundamental right, essential for trust, safety, and dignity.

Data Privacy Week reminds us that protecting personal data is a shared responsibility — between individuals, organizations, and the state.

Taking control of our data is not just about technology.
It is about respect, accountability, and the kind of digital future we want to build together.

What ISOC Somalia Chapter Is Doing to Strengthen Data Privacy
As Somalia’s digital ecosystem continues to grow, the Internet Society Somalia Chapter recognizes that protecting personal data and strengthening data privacy must be an ongoing, community-driven effort.

Our role is not enforcement, but capacity building, awareness, and advocacy, ensuring that individuals, institutions, and policymakers understand both the risks and responsibilities associated with data in the digital age.

Building Capacity Through Training and Awareness

One of our key priorities is training as many people as possible on Data Privacy, Online Safety and Trust. This includes:

An informed community is the first line of defense against data misuse.

Advocating for the Application of Data Protection Laws

Somalia now has a Data Protection Law and a Data Protection Authority. However, laws only protect people when they are applied in practice.

ISOC Somalia Chapter advocates for:

Our focus is constructive engagement, helping institutions understand their responsibilities rather than only reacting after violations occur.

Raising Awareness on Data Sovereignty

A growing concern in Somalia is where data is stored and processed.

Many companies, organizations, and government institutions rely heavily on cloud services hosted outside the country. While cloud services offer efficiency, they also raise important questions about:

ISOC Somalia Chapter advocates for informed discussions around data sovereignty, encouraging decision-makers to:

Keeping Local Internet Traffic Local

Another often overlooked issue affecting data privacy is Internet traffic routing.

When two Somali citizens communicate online, even when they are in the same room and using two local Internet Service Providers, their data may travel through other countries or even other continents before reaching its destination. This increases:

ISOC Somalia Chapter supports efforts to:

Keeping local traffic local improves not only performance, but also privacy, resilience, and trust.

A Long-Term Commitment

Protecting data privacy in Somalia is not a one-time activity. It requires:

ISOC Somalia Chapter remains committed to playing its part, through training, advocacy, and technical dialogue, to help build a safer, affordable, and more trusted Internet for all Somalis.


This article is inspired by the global Data Privacy Week theme “Take Control of Your Data,” promoted by the National Cybersecurity Alliance (NCA), and adapted to reflect the realities and experiences of Internet users in Somalia.