Globally, countries saw World Data Privacy Day as an opportunity to standardise their data privacy laws, and legal experts agree it’s paramount that African nations also bring their data privacy laws into alignment with global standards. According to a December 2022 Proxyrack report, South Africa came in ninth in countries across the world ranked by how much money they’ve lost to data breaches.
Looking at the current lack of data privacy regulations in Africa and how this could be overcome, Maushami Chetty, a South African data privacy expert, commented that “Africa has shown the greatest growth in internet usage in the last decade. Personal data may, accordingly, be the next frontier of unfettered exploitation of African resources as less than half of Africa’s 54 states have data privacy laws. Of those that do, many have no regulator to manage enforcement and compliance. We have seen instances of data being used for political and election interference, so the lack of privacy laws may be intentional. This gap could be closed by greater privacy advocacy and reliance on AU level policies and charters as a first measure.”
Lebogang George, a data privacy and corporate commercial attorney based in Botswana believes that we need to think globally and act locally. “We think globally in that we must have adequate data protection laws that will allow us to do business outside the continent and our laws must ensure that they speak to our context and how we also do business in Africa,” she said.
“Having a standard data privacy and protection law is a solution that seems plausible looking at how the EU’s GDPR covers EU countries,” George added. “Such laws must not hinder or stifle business growth and innovation but must ensure fairness and accountability, protect our general safety and warrant that our rights as citizens are upheld and protected from abuse by other people, organisations, and by the government itself.”
“Despite the fact that African countries continue to develop privacy and data protection laws based on global best practices, various gaps continue to exist, including the lack of proper enforcement mechanisms for privacy and data protection,” commented Mumbua S. Nzuki, a Kenyan commercial lawyer. “There is the need for Africa as a whole to develop an appreciation for the promotion of the right to privacy based on unique privacy concerns in the continent.
“If the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention), now with 15 member-states, is adopted by all African nations, it will serve as a starting point for the continent towards achieving a standard regulatory framework on data privacy and protection for Africa,” Nzuki added. “The continent must no longer play catch-up in tackling privacy issues. Africa has to be disruptive and shift the linear lenses of how it views privacy and data protection through improved efforts towards international cooperation among African countries.”
To join Africa Legal's mailing list please click here