By Franco Wandabwa.
Yesterday, I attended the closing ceremony of the East Africa Data Governance Conference in Nairobi, where the room was filled with important discussions on interoperability frameworks, cross-border data flows, digital identity systems, national data protection laws, and more.
But one conversation kept pulling me back: whose data, and whose interests does it ultimately serve?
The timing couldn’t be more urgent. As the U.S. Department of State restructures its health financing commitments across East Africa, renegotiating and, in some cases, ending longstanding health program contracts, a difficult question is emerging. What will happen to the patient data, health records, and population surveillance systems that were established, funded, and often hosted under those agreements?
Millions of women‘s reproductive health records, child immunisation registries, HIV treatment databases, and data collected from the most vulnerable communities represent a remarkable legacy built over decades of PEPFAR, USAID, and Centers for Disease Control and Prevention investment that transformed health outcomes across the region. As this partnership enters a new chapter, the responsibility now shifts to East African Governments to safeguard and own what was built together.
Governments across East Africa must rise to this moment, proactively enforcing national data sovereignty laws, establishing mandatory data repatriation protocols for externally funded health systems, adopting gender-disaggregated data protection standards, and creating independent oversight bodies with real authority.
The 2nd East Africa Data Governance Conference 2026, held in Nairobi in March 2026, focuses on balancing digital innovation with accountability, data sovereignty, and rights.
East Africa must take ownership of its data before someone else determines its future.
Author is the Resident Country Director, Ethiopia, International Republican Institute.