Google agrees to comply with Uganda’s data privacy law

Google has withdrawn its appeal in a high-profile data protection case in Uganda and has agreed to comply with the country’s Data Protection and Privacy Act. The move follows last year’s decision by the Personal Data Protection Office (PDPO), which found the company in breach of the law for operating in Uganda without registration as a data controller and for transferring personal data abroad without meeting local safeguards.

The appeal was Google’s response to the July 2025 ruling that ordered the company to register with the PDPO, appoint a Data Protection Officer for Uganda, and submit a framework for cross border data transfers. The withdrawal signals that Google now accepts the regulator’s authority and the requirements set out in the decision.

Ssekamwa Frank, who led the litigation team, confirmed the development in a LinkedIn post and said the case strengthens digital rights enforcement in the country.

“This case sends a clear message. Uganda’s data protection laws apply to all and the digital rights of Ugandans must be respected and enforced,” he wrote. 

He added that the work continues as the country builds stronger digital governance structures.

“We continue the work of building a digital ecosystem where innovation,privacy and  users’ rights remain at the centre of digital transformation.”

Google’s decision comes at a time when African regulators are tightening their enforcement of data protection laws. In Nigeria, Meta reached an out-of-court agreement with the government to settle a $32.8 million fine issued by the Nigeria Data Protection Commission (NDPC).

The NDPC imposed the fine in February 2025 after alleging that Meta had violated Nigeria’s Data Protection Act through behavioural advertising on Facebook and Instagram. Uganda also secured its first criminal conviction under its data protection law earlier in 2025 when a digital lending company director was found guilty of unlawfully publishing a borrower’s personal information online.

Related Article: Meta fined $220 million by Nigerian government over abusive and invasive data practices 

These cases reflect a broader shift across the continent as governments and regulators increasingly enforce privacy laws and push global platforms to comply with local rules.