Trends Analysis (2021-2025)
e-Commerce
We dive into the five-year performance trajectories (2021–2025) of the evaluated companies and entities in the e-Commerce sector. By analysing historical trends and core metrics, this section reveals key patterns, competitive advantages, and priority improvement areas providing actionable insights into compliance drivers and hurdles to empower better decision-making and forward-thinking planning.
Trends in performance of assessed companies over time in the e-Commerce Sector
Performance Trends for Assessed e-Commerce Entities over the Years (2024-2025) in Rwanda
The 2024–2025 data for Rwandan e-commerce and telecom operators highlights mixed trends in privacy and data protection maturity. While some companies maintain stable performance, others show declines or moderate improvement, reflecting varying levels of governance, technical safeguards, and regulatory alignment.
Murukali shows a slight decline from 35% in 2024 to 34% in 2025. This minor drop indicates challenges in maintaining or consistently applying privacy and data protection measures. While some baseline controls are likely in place, governance and operational integration of privacy principles may be limited. Murukali should prioritise strengthening accountability, embedding privacy by design into operational processes, and reinforcing technical safeguards to prevent further decline and reduce regulatory and operational risk.
Vuba Vuba experienced a notable decrease from 28% in 2024 to 22% in 2025. This downward trend suggests emerging gaps in privacy governance, technical controls, and compliance practices. The performance indicates limited maturity and potential vulnerability to data breaches or regulatory scrutiny. Immediate attention is required to implement robust privacy policies, improve data security measures, and establish stronger governance structures to enhance institutional privacy maturity.
Kikuu Rwanda shows moderate improvement, increasing from 27% in 2024 to 32% in 2025. This upward trend suggests that targeted interventions or corrective actions were undertaken to strengthen privacy governance and technical safeguards. However, the overall performance remains at a moderate level, indicating that further institutionalisation of privacy practices is needed. Kikuu Rwanda should continue to embed privacy by design, formalise governance structures, and systematically monitor compliance to sustain and build upon gains.
Ubuy Rwanda maintains a relatively stable performance, increasing slightly from 37% in 2024 to 38% in 2025. The stability indicates ongoing, albeit limited, attention to privacy and data protection practices. While the company shows moderate maturity, incremental improvements suggest a need for more structured governance and consistent application of privacy principles across operations. Ubuy Rwanda should focus on strengthening technical safeguards, enhancing transparency with customers, and embedding privacy into all operational processes to improve long-term compliance and reduce risk exposure.
Among these companies, Ubuy shows the highest and most stable privacy maturity, followed by Kikuu with moderate improvement. Murukali's performance is slightly declining, and Vuba Vuba demonstrates the largest deterioration. Overall, these trends highlight a need for greater governance, accountability, and embedding of privacy by design across the sector to ensure compliance, protect customer data, and mitigate operational and reputational risks.
Performance Trends for Assessed e-Commerce Entities over the Years (2024-2025) in Tanzania
The data from 2024 to 2025 for Tanzanian e-commerce platforms shows varying degrees of progress in privacy and data protection maturity. The trends indicate differences in governance, technical safeguards, and compliance implementation across companies.
Kikuu Tanzania demonstrates slight improvement from 36% in 2024 to 37% in 2025. The incremental gain suggests modest efforts to strengthen privacy governance and operational safeguards. However, the overall performance remains at a moderate level, indicating that privacy principles may not yet be fully embedded into business processes. Kikuu Tanzania should focus on reinforcing accountability mechanisms, integrating privacy by design into operations, and continuously monitoring compliance to sustain and enhance privacy maturity.
Jiji Tanzania shows a more pronounced improvement from 42% in 2024 to 50% in 2025. This upward trend suggests deliberate interventions to enhance privacy policies, technical safeguards, and regulatory compliance. The improvement reflects growing maturity in managing personal data and aligning with privacy principles. Jiji Tanzania is moving toward stronger privacy maturity. Continued focus on governance, data security, and embedding privacy in system design will be critical to maintain this trajectory and mitigate future risks.
Inalipa experiences a significant increase from 25% in 2024 to 32% in 2025. This improvement indicates that corrective actions were likely implemented to address identified privacy gaps. Despite the progress, the score remains relatively low, suggesting that privacy practices are still at an early stage of maturity. Inalipa must prioritise embedding privacy by design, strengthening technical safeguards, and formalising governance structures to ensure sustainable compliance and reduce operational risk.
Kupatana shows a slight decline from 39% in 2024 to 36% in 2025. The decrease suggests challenges in maintaining previous privacy controls or in adapting them to changing operational and regulatory demands. While some governance and technical measures may be in place, their effectiveness appears inconsistent. Kupatana needs to stabilise privacy governance, reinforce accountability, and enhance security and compliance processes to prevent further decline and strengthen customer trust.
Among Tanzanian e-commerce platforms, Jiji Tanzania demonstrates the strongest improvement and emerging privacy maturity. Kikuu Tanzania shows modest gains, while Inalipa is making progress from a low base. Kupatana exhibits a slight decline, indicating potential gaps in governance and operationalisation of privacy principles. These platforms should prioritise embedding privacy by design, strengthening technical and organisational safeguards, and implementing robust monitoring and governance mechanisms to ensure sustainable data protection practices and compliance with regulatory standards in 2026.
Performance Trends for Assessed e-Commerce Entities over the Years (2024-2025) in Zimbabwe
The performance data for Ubuy Zimbabwe, Shumba Africa, Raines Africa, and Tengai Online indicates varying levels of maturity and momentum in complying with data protection laws and embedding effective privacy practices. Overall, the assessment reflects a mix of stabilisation, improvement, and persistent low maturity, underscoring uneven adoption of compliance frameworks and operational safeguards.
Ubuy Zimbabwe maintains a stable performance at 41% in both 2024 and 2025. Last year's analysis highlighted a slight decline from 46.4% in 2023 to 41% in 2024, raising concerns about the company's ability to sustain earlier gains. The unchanged score in 2025 suggests that while further deterioration has been avoided, progress has largely plateaued. This stability indicates that Ubuy Zimbabwe has established foundational compliance measures, such as basic privacy policies, data handling procedures, and security controls. However, the absence of improvement suggests limited advancement in strengthening accountability, enhancing transparency, or adapting practices to evolving regulatory expectations. Ubuy Zimbabwe remains relatively better positioned than many peers but risks falling behind if it does not move beyond baseline compliance. To strengthen alignment with data protection laws, the company should prioritise continuous improvement, stronger governance oversight, and deeper integration of privacy by design into its platform and operations.
Shumba Africa shows a strong upward trajectory, improving from 36% in 2024 to 50% in 2025. Last year's analysis correctly identified the 2023–2024 improvement as evidence of focused efforts to address privacy and compliance gaps. The continued growth in 2025 confirms that these efforts have not only been sustained but expanded. The improvement suggests enhanced attention to lawful processing, clearer privacy notices, better data security measures, and more structured compliance processes. While Shumba Africa previously lagged behind Ubuy Zimbabwe, it has now overtaken it, indicating meaningful progress in privacy maturity. Shumba Africa is transitioning from basic compliance toward a more structured privacy framework. To maintain momentum, the company should institutionalise governance mechanisms, formalise accountability, and ensure consistent application of controls as its platform scales.
Raines Africa improves from 23% in 2024 to 30% in 2025. Although the increase is notable, performance remains low in absolute terms. This pattern suggests early-stage remediation efforts, possibly including the introduction of privacy policies or initial security controls, but limited operational maturity. The low score indicates ongoing weaknesses in compliance with data protection laws, particularly in areas such as transparency, data subject rights management, and technical safeguards. Raines Africa faces elevated compliance and operational risk. Without accelerated investment in governance structures, staff awareness, and security controls, the company is likely to struggle to meet regulatory expectations and protect customer data effectively.
Tengai Online demonstrates moderate improvement, increasing from 35% in 2024 to 39% in 2025. This upward trend indicates incremental enhancement of privacy and data protection practices. However, progress remains cautious, suggesting that improvements may be tactical rather than driven by a comprehensive compliance strategy. While some controls and policies may be in place, the overall performance suggests that privacy practices are not yet fully embedded into business processes or platform design. Tengai Online is moving in the right direction but remains vulnerable to compliance gaps. Continued focus on strengthening governance, embedding privacy by design, and improving security controls will be essential to achieving sustainable compliance.
Last year's analysis identified Ubuy Zimbabwe as relatively strong but declining and Shumba Africa as an improving organisation. The 2025 data refines this picture: Ubuy Zimbabwe has stabilised but not advanced, while Shumba Africa has continued to improve and now demonstrates stronger relative maturity. Raines Africa and Tengai Online add further context, highlighting that much of the sector still operates at a low to moderate level of compliance. The Zimbabwe e-commerce sector shows uneven progress in compliance with data protection laws and privacy practices. Shumba Africa emerges as the strongest improver, Ubuy Zimbabwe remains stable but risks stagnation, Tengai Online shows gradual progress, and Raines Africa remains at an early stage of maturity. Across the sector, sustained compliance will depend on moving beyond baseline controls toward embedded governance, stronger accountability, and privacy by design to ensure long-term regulatory alignment and customer trust.
Performance Trends for Assessed e-Commerce Entities over the Years (2022-2025) in Kenya
The performance trends across Jumia Kenya, Jiji Kenya, Glovo Kenya, and Kilimall illustrate differing levels of maturity and consistency in complying with data protection laws and embedding privacy practices within e-commerce operations. The results point to a sector characterised by both regression from previously high standards and notable improvement driven by targeted remediation efforts.
Jumia Kenya continues to experience a downward trajectory in performance. After a strong score of 70.0% in 2022, performance declined to 53.2% in 2023, 47% in 2024, and further to 44% in 2025. Last year's analysis identified the decline from 2022 to 2024 as a signal that Jumia was struggling to maintain its earlier high standards of privacy and data protection. The continued decline in 2025 confirms that these challenges persist. While Jumia Kenya still operates at a moderate level of compliance, the trend suggests growing difficulty in sustaining effective governance, consistently applying security controls, or adapting privacy practices to evolving regulatory and operational demands. Jumia Kenya faces an increasing risk of privacy debt, where legacy controls are no longer sufficient. To strengthen compliance, the company must reassess its privacy governance, reinforce accountability, and ensure that privacy by design is consistently applied across its platform and third-party integrations.
Jiji Kenya demonstrates a strong and sustained improvement. Following a low base of 32.4% in 2023, performance increased to 50% in 2024 and further to 55% in 2025. Last year's analysis correctly characterised the 2024 increase as a significant step forward, and the 2025 results confirm that this improvement has been sustained rather than reversed. This upward trend suggests meaningful progress in aligning with data protection requirements, including clearer privacy notices, better handling of personal data, and strengthened security and compliance processes. Jiji Kenya is transitioning toward a more mature compliance posture. Continued investment in governance structures, monitoring, and embedding privacy by design will be critical to consolidating gains and reducing long-term regulatory and operational risk.
Glovo Kenya shows consistent improvement, increasing from 56% in 2024 to 60% in 2025. Although earlier data is not available, the upward trend indicates strengthening compliance practices and increasing maturity in privacy governance. The relatively high score suggests stronger alignment with data protection laws, particularly in operational controls, transparency, and security measures, which is especially important given the platform's reliance on real-time location and transactional data. Glovo Kenya is comparatively well positioned within the sector. To sustain this position, it should continue proactive compliance monitoring and ensure that privacy considerations remain embedded in product development and partnerships.
Kilimall records a slight decline from 44% in 2024 to 41% in 2025. This downward movement, while modest, suggests challenges in maintaining existing privacy and compliance controls. The performance indicates moderate maturity but limited progress toward stronger or more comprehensive privacy practices. Kilimall may face growing compliance risk if current controls are not strengthened. Targeted improvements in governance, data security, and accountability will be necessary to stabilise performance and enhance compliance with data protection laws.
Last year's analysis highlighted Jumia Kenya's declining performance and Jiji Kenya's significant improvement. The 2025 data reinforces these conclusions: Jumia's decline has continued, while Jiji has built on its gains. The inclusion of Glovo Kenya and Kilimall provides additional context, showing that while some platforms are progressing toward stronger compliance, others are struggling to maintain or improve their privacy posture. The Kenya e-commerce sector exhibits divergent levels of compliance and privacy maturity. Jiji Kenya and Glovo Kenya show positive and sustained progress, while Jumia Kenya and Kilimall face challenges in maintaining or strengthening their privacy practices. Overall, the data underscores the importance of continuous governance, accountability, and privacy by design to ensure sustained compliance with data protection laws and to maintain consumer trust in an increasingly data-driven market.
Performance Trends for Assessed e-Commerce Entities over the Years (2021-2025) in Uganda
The performance of Jumia Uganda, Glovo Uganda, Jiji Uganda, and Kikuu Uganda over the assessment period reflects divergent trajectories in privacy maturity and compliance with data protection laws. The data highlights patterns of recovery, volatility, sustained improvement, and persistent decline across the sector.
Jumia Uganda demonstrates a marked recovery in 2025, improving significantly from 40% in 2024 to 63% in 2025. Last year's analysis identified a concerning decline from 51.48% in 2023 to 40% in 2024, suggesting challenges in maintaining effective privacy and data protection controls. The 2025 rebound indicates that corrective actions were likely implemented to address previously identified gaps. While the improvement is substantial, the historical volatility from 60% in 2021, down to 42.5% in 2022, followed by fluctuations through 2024 suggests that privacy practices have not been consistently embedded. Jumia Uganda has demonstrated the capacity to strengthen compliance when prioritised, but sustaining this improvement will require institutionalising governance mechanisms, ensuring continuous monitoring, and embedding privacy by design across platform operations and partnerships.
Glovo Uganda's performance shows variability. After improving from 56.66% in 2022 to 58% in 2024, the score declined to 45% in 2025. Last year's analysis correctly identified Glovo Uganda as showing positive momentum in strengthening privacy practices. The 2025 decline, however, indicates challenges in sustaining these gains. Given Glovo's reliance on location, transactional, and behavioural data, even modest declines in performance can have significant compliance implications. Glovo Uganda faces emerging privacy risk if improvements are not stabilised. The company should reinforce accountability, regularly review security controls, and ensure privacy considerations remain central to operational and technological changes.
Jiji Uganda continues to demonstrate consistent improvement, increasing from 32.43% in 2023 to 47% in 2024 and further to 58% in 2025. Last year's analysis characterised Jiji Uganda as an improving organisation, and the 2025 results confirm that this progress has been sustained. The upward trend indicates strengthening compliance with data protection laws, likely through clearer transparency mechanisms, improved handling of personal data, and enhanced security practices. Jiji Uganda is transitioning toward a more mature privacy posture. Continued focus on embedding privacy by design, strengthening governance, and maintaining compliance oversight will be critical to consolidating gains and mitigating future regulatory risk.
Kikuu Uganda remains the weakest performer in the group, declining further from 29% in 2024 to 26% in 2025. Last year's analysis raised serious concerns following the sharp drop from 60% in 2021 to 29% in 2024. The continued decline in 2025 confirms persistent challenges in maintaining basic privacy and data protection controls. This pattern suggests limited governance, weak technical safeguards, and insufficient alignment with evolving data protection requirements. Kikuu Uganda faces significant compliance, operational, and reputational risk. Urgent intervention is required, including the establishment of basic governance structures, implementation of minimum security safeguards, and alignment with statutory data protection obligations.
Last year's analysis highlighted Glovo Uganda's improvement, Jiji Uganda's positive trajectory, and declines at Jumia Uganda and Kikuu Uganda. The 2025 data refines this picture: Jumia Uganda has staged a strong recovery, Jiji Uganda has continued its upward trend, Glovo Uganda has experienced a setback, and Kikuu Uganda's position has further deteriorated. The Uganda e-commerce sector exhibits high variability in privacy maturity and compliance. Jiji Uganda and Jumia Uganda demonstrate strong recent performance, though with differing levels of historical stability. Glovo Uganda shows moderate maturity but faces sustainability challenges, while Kikuu Uganda remains at high risk due to persistently low performance. Across the sector, sustained compliance with data protection laws will depend on embedding governance, accountability, and privacy by design into core business operations rather than relying on reactive remediation.