Uganda

Summary

Uganda presents moderate crawling risk. The Computer Misuse Act No. 2 of 2011 (as amended by the Computer Misuse (Amendment) Act 2022) s.12 prohibits intentional access to computer programs or data without authority; public pages carry implicit authorisation, so the offence is unlikely to be triggered by crawling openly accessible content, but a ToS prohibition or robots.txt disallow can help establish lack of authority. The 2022 Amendment substantially raised unauthorised-access penalties to UGX 15 million (~USD 4,000) or 10 years imprisonment. The Data Protection and Privacy Act 2019 (DPPA, regulations in force March 2021, administered by the Personal Data Protection Office — PDPO) is actively enforced: the PDPO recorded Uganda's first ever criminal conviction under the DPPA in July 2025 (Nano Loans Microfinance director, criminal charges for unlawful data processing), and found Google LLC in breach for failing to register and for inadequate cross-border transfer safeguards. Public availability does not exempt processing. The Copyright and Neighbouring Rights Act No. 19 of 2006 protects original compilations on an originality basis; fair dealing is narrow. No sui generis database right; no TDM exception. No scraping-specific case law exists. Uganda has NOT ratified the AU Malabo Convention.