Cross-border regulation of personal data is challenging

Excitement surrounding the digitalisation in Africa is not unfounded, but many questions remain about how data is accessed, controlled, distributed, used or produced as part of a digital transformation. Regulatory frameworks have had little time to catch up with the fast-paced nature of technological development in recent years, particularly surrounding personal data.

Africa is fragmented, with hundreds of languages and wildly different economies and operations within its borders. This means that cross-border integration of regulation is hard and is often done along regional lines. While some countries have unilaterally adopted their own data privacy regulation, the African Union introduced the Convention on Cybersecurity and Data Protection – otherwise known as the Malabo convention – in June 2014. The convention has failed, however, to meet the required amount of ratifications to be considered law. The Malabo convention is also lacking in terms of accountability and does not legislate for cross border data flows, leaving much for national governments to change at their discretion⁴⁴. Others, like the Digital Transformation Strategy for Africa (2020-2030) provide a more comprehensive approach. Alongside this, it is important that privacy laws build on existing national laws and do not sit outside of existing legal frameworks. They must apply horizontally across technologies and sectors, and remain specific and anticipatory in nature, enough to address issues that have been surfaced in one particular context.⁴⁵

“Municipalities and local governments on the continent will need to consider privacy of digital solutions by design (with regulation catching up) rather than reactively after
the fact. This means putting data protection into processes without having the legal imperative to do so.”

Alongside the call for data protection there is great potential for digital data to encourage growth. E-commerce, for example, which includes mobile money, will play a massive role in African economies. The mobile market is expected to contribute $185 billion contribution to African GDP in 202346. There are major considerations regarding the data used by private entities and the role of regulation, in terms of the permissions needed to access data, to enable or disincentivise companies from operating within African markets. The balance between encouraging innovation, protecting privacy, and maintaining trust in the use of personal data will be a crucial factor in the development of digital products within the continent. The challenge is for local authorities to create data governance with their stakeholders to find the right balance that suits all local actors to benefit the territory.