jasdooit

A recent governmental program that mandates Ugandan coffee growers to provide their personal information prior to shipping coffee to Europe has raised increasing worries about data protection and adherence to local regulations.

The initiative, managed by Pula Advisors Uganda Ltd, has faced backlash following reports that the company informed farmers their coffee would not be purchased unless they signed up. Opponents argue that this demand breaches Uganda’s data protection regulations and could lead to farmers’ personal details being exploited.

The Personal Data Protection Office (PDPO) has stepped in, sending a letter to the Ministry of Agriculture, Animal Industry and Fisheries (MAAIF) demanding adherence to the Data Protection and Privacy Act, 2019, by officially registering with the PDPO as a data controller.

“We would like to bring your focus to Section 29 (2) of the Data Protection and Privacy Act, Cap 97, which requires every individual, organization, or governmental entity that gathers or handles personal information to register with the PDPO,” stated Mr. Baker Birikujja, the National Personal Data Protection Director, in a letter dated October 27, 2025, addressed to the ministry.

“While Pula Advisors Uganda Ltd is registered as a data processor, the ministry must register with the PDPO as a data controller, because it decides the purposes and methods of processing the collected data,” he added.

The PDPO also warned the ministry regarding the transfer of data belonging to Ugandan citizens to overseas countries without adequate protections.

“Section 19 of the Act states that any data controller or processor located in Uganda who transfers or keeps personal data outside the country must ensure that the receiving country offers data protection measures that are as strong as those outlined in Ugandan legislation,” Mr. Birikujja mentioned.

Prior to transferring or sharing personal data with organizations within the European Union, the ministry is required to perform an adequacy evaluation to ensure the receiving nation provides sufficient safeguards.

The grievance that led to the PDPO’s involvement was submitted by Attorney Peter Magelah, who contended that the ministry needed to adhere to Uganda’s data protection and privacy regulations before transmitting citizens’ personal information to the European Union (EU).

We are not opposed to digital registration,” Mr. Magelah stated, “but the procedure should comply with the law. You cannot compel farmers to provide their personal details to a private company without proper data protection measures in place.

As per official statistics, 2.8 million coffee growers have already been enrolled, which is twice the original estimate, as part of Uganda’s initiatives to meet the requirements of the EU Deforestation-Free Products Regulation (EUDR), set to come into force on January 1, 2026.

Digital registration is a mandatory process according to the new regulation, aimed not at taxation but to guarantee that every coffee exported to the EU can be tracked back to its origin and confirmed as eco-friendly.

Europe continues to be one of Uganda’s primary coffee markets, representing the bulk of the nation’s yearly coffee exports. Nevertheless, experts caution that if Uganda does not maintain legal and ethical standards in its data gathering procedures, the project might have adverse effects, infringing on individuals’ rights and eroding public confidence.

Keep yourself informed by following ourWhatsApp and Telegram channels;