W7y8w3

foreign institutions; and they will be monitored notas Congolese civil society necessarily, but as Yahooor Google users,” said Davy Silou, a computerengineer and independent consultant. He also mentionedthat some computers used by civil societyare often not secure, and do not use the originallicences.In addition, training in ICTs must remain a priorityfor the Ministry of Posts and Telecommunications,responsible for new technologies, and the Ministryof Higher Education, as a national data protectionprogramme will require a high level of skills. Thereis still no computer course in the one and onlypublic institution for higher education, the MarienNgouabi University of Brazzaville. Investment in researchand development are insufficient to be ableto develop skilled human resources in the ICT sectorin Congo. Cisco courses are offered at an approximatecost of 40,000 FCFA (USD 80) per module.ICT incubator projects are insufficient. The companyVMK created the Bantu Hub, a technology hublocated in Brazzaville, which serves as a sharedworking space and an incubator for business startups.Bantu Hub hosts various activities that help toshare knowledge and learning about ICTs.Lack of an independent body ensuringdata protection and civil libertiesThe Republic of Congo also lacks an independentbody for the protection of personal data and individualfreedoms on the internet in Congo.Article 130 of Law No. 9-2009 of 25 November2009 regulating the electronic communicationssector, appears to offer an opportunity for abuse.According to a provision, “for the purposes of defenceand security, the fight against paedophilia andterrorism, network operators open to the public orelectronic communications operators are required…to store the data for electronic communications. Individuallydesignated and authorised governmentalagents who have a special responsibility for thistask may require operators and persons to sharethe data that has been stored and processed.” 3The difference is that in other countries, citizenidentification files are protected by independentbodies such as the National Commission for Computingand Civil Liberties (CNIL) in France, to ensurethat electronic communications and data are at the3 Law No. 9-2009 of 25 November 2009 regulating the electroniccommunications sector.service of the citizen, and that his or her privacyand personal freedoms are not violated. This is notyet the case for the Republic of Congo. Under theseconditions, one may wonder if Congolese citizensand civil society in particular are actually safe fromintrusion or control on the part of public and privateauthorities.ConclusionIn light of the previous analysis, while the legalframework does not encourage the practice ofdata protection, it is clear that it is also difficult toidentify or document if cyber surveillance is takingplace. The skills at the disposal of civil society arevery limited to do this. It is therefore important toequip Congolese civil society organisations withknowledge of security tools to prevent intrusioninto or control of their communications. Beyondcivil society, the government should invest enoughin training, research and development in order todevelop capacity in the field of ICTs, including ensuringdata protection.Action stepsIn order to do the above, the implementation of thefollowing recommendations may be necessary.The government should:• Adopt laws on the protection of personal data.• Establish an independent body for overseeingthe management of personal data.• Create a computer training and internet coursein higher education.• Invest in ICT research and development.Civil society should:• Create awareness and train civil society on cybersurveillance.• Build the capacity of civil society organisationsso they can secure their personal data.• Advocate for the adoption of a more protectivelegal framework for civil liberties on theinternet.International partners and organisations should:• Provide financial and technical resources to civilsociety for awareness-raising programmes andtraining on internet safety.Costa RicaUniversal health data in Costa Rica: The potential for surveillancefrom a human rights perspectiveCooperativa Sulá BatsúKemly Camacho and Adriana Sánchezsulabatsu.comIntroductionIn May and June 2014, the guild for primary andsecondary teachers in Costa Rica embarked on alengthy strike over errors in the payment of theirwages – the result of problems in the managementof their personal data. The strike led to a lot of restlessnessover the management of public computersystems in general, and showed the social, economicand political consequences of technologicalapplications. National interest in the administrationof personal data in public information systems suchas health records grew.Since the mid-20th century, Costa Rica has hada universal health care system based on a citizenpartnership (or solidarity) model. In terms of data,every citizen of the country has a record containingtheir personal and health information. To date,most of these files are still paper-based, so thatevery time a patient is seen in consultation by theCosta Rican Social Security System (CCSS), the doctorshould have a physical folder that includes all ofthe patient’s medical history.It is easy to imagine the consequences that themanual handling of this information can generatein terms of errors, delays, loss of data and incompletetest results. Because of this, there has beenan increase in legal actions brought before the ConstitutionalCourt by Costa Ricans claiming that theirright to health has been compromised. Addressingthis issue is particularly important in a national contextwhere there is strong pressure for privatisation.Looking for a comprehensive and long-termsolution, the Constitutional Court issued a ruling directingthe CCSS to solve this problem by issuing asingle electronic health record (EDUS) in 2012. Thisdecision is supported by a bill passed by the LegislativeAssembly in 2013, where the project has beendeclared a national project, and a period of fiveyears given for its development. EDUS is describedin the bill as follows:The Single Electronic Health Record is the repositoryof patient data in digital form, storedand exchanged securely, and that can be accessedby multiple authorised users. It containsretrospective, current and prospective informationand its main purpose is to support theefficiency, quality and integrity of health care. 1Due to the universal nature of the Costa Rican healthcare system, we can say that when EDUS is implementedit will be a national treasure of informationand useful data for decision making in public health.It will help to improve the efficiency of the service,and support transparency, accountability and citizenoversight. However, EDUS may also be of highvalue to multiple interests outside the public healthcare system, such as private medical enterprises,insurers, employers, pension operators, banks,security agencies, advertising companies, the policeand the judiciary, among others. Therefore, theimplementation of EDUS by the CCSS is undoubtedlyan important step towards strengthening theright to health among the Costa Rican population,but also represents a major national challenge interms of the potential of this information for citizensurveillance, where the security and privacy of personaldata are compromised.Although pilots of some parts of the project 2have started already, EDUS is still in the design anddevelopment phase. This is the right time to generatea national discussion – which has not happened– about what the electronic records may representwhen it comes to public surveillance. With thispurpose in mind, discussions have been held withnational stakeholders: civil society, academia, lawyers,doctors, system designers and the CCSS. Theyhave different perspectives on the issue, which arereflected in this report.A human rights approachThis report focuses on citizen surveillance from ahuman rights perspective. It is considered a citizen’sright to know how our data is managed, whatinformation is generated from it, and for whom.Given this approach, it is crucial that Costa Ricansparticipate in defining how the health record is1 Opinion prepared by the Commission on Science, Technology andEducation of the Legislative Assembly (2010-2014), July 2011.2 Mainly at the primary care level (according to the proposed plan).See: portal.ccss.sa.cr/EDUS_WEB/edus/EDUS.html116 / Global Information Society Watchcosta rica / 117