Connect with us


Lawyers Comment on Africa’s Urgent Need for Data Privacy and Security Law

Lawyers in Ghana, Kenya, Madagascar, Morocco, Rwanda, South Africa, Togo, Uganda and Zimbabwe recently commented on this issue in Baker McKenzie’s new Africa Data Security and Privacy Guide.



Data Privacy

The pandemic has driven home the high value of personal data to the global economy, while also highlighting its vulnerability to abuse and attack.

In response, governments around the world, including those in Africa, have been reviewing their data privacy and protection laws and regulations to ensure they are adequately protected.

Lawyers in Ghana, Kenya, Madagascar, Morocco, Rwanda, South Africa, Togo, Uganda and Zimbabwe recently commented on this issue in Baker McKenzie’s new Africa Data Security and Privacy Guide.

According to Enid Baaba Dadzie, Senior Associate at Kimathi & Partners in Ghana, the African Union has adopted the African Union Convention on Cybersecurity and Personal Data Protection (also known as the Malabo Convention).

This Convention encourages AU member states to recognise the need to protect critical cyber/ICT infrastructure, personal data and the free flow of information, with the aim of developing a credible digital space in Africa. However, it has not taken effect as only a few countries in Africa have ratified it.

Some African countries have implemented domestic laws and regulations to protect personal data, while others offer little to no protection.

“In light of the current technological trends and innovations, and digital trade, it is imperative for African countries to implement data privacy and protection policies. African countries must have laws that take care of the local nuances and fit the local context, without simply replicating the provisions of the General Data Protection Regulations (GDPR) and other frameworks,” she said.

Data Privacy in Africa

Data Privacy in Africa

Sonal Sejpal, Partner at ALN Kenya | Anjarwalla & Khanna agreed, noting that Africa was more connected now than ever to the rest of the world in terms of trade, and the increasing number of foreign entities doing business in Africa.

“The natural consequence of this is that personal data will continue to move across borders. Therefore, it is imperative that data privacy and data protection laws are implemented across the continent,” she explained.

ALSO READ  How to address data privacy concerns in the workplace and maximize employee trust

The benefits of such laws are numerous. Sonal noted, “With implementation of data protection laws, the resultant effect is that there will be more protections to data subject rights. Additionally, Africa will have more control over those who process the personal data of data subjects present in Africa, limiting what they can do with personal data once collected, and throughout the life cycle of processing personal data. Furthermore, African countries will be able to exert more influence over the transfer of personal data from African countries, both intra-Africa and inter-Africa. This will ensure that measures are in place to secure personal data during personal data transfers,” she said.

Raphael Jakoba, Managing Partner at MCI Law Firm in Madagascar, concurred that it was essential for African countries, such as Madagascar, to adapt to the evolution of technologies and the new realities of digital development.


“These new issues raise new risks and problems that African countries must imperatively address, and to which they must respond through the adoption of modern and updated regulations,” he said.

Pierre Deprez, an Associate at Nasrollah & Associés Baker McKenzie in Morocco, said, “Baker McKenzie in Morocco, noted, “Having strong regulations on data protection is nowadays crucial in Africa in general, and especially in Morocco, regarding the exponential rise of data processing due to the use of smartphones and e-commerce this past decade. On the one hand, it ensures the protection of citizens and their fundamental rights. On the other, a solid data protection law helps to reassure the foreign investor/interlocutor who wishes to exchange personal data for business purposes.”

Saad Khaldi, an Associate at Nasrollah & Associés Baker McKenzie in Morocco, agreed, “Strong data privacy regulation should be seen by African countries and businesses as a competitive advantage in a globalized word, where local and international data processing is key to gaining profitability.”

Ijeoma Uju, Partner at Templars Law Firm in Nigeria, noted that it was imperative that African countries develop a strong and more coherent framework for data protection by enacting comprehensive laws and regulations for the protection of personal data and privacy of its citizens.

ALSO READ  Online payment fraud increases by 208% amid the Black Friday season - report

Ijeoma said that the growth of e-commerce and business in general in African countries makes the need for data protection more pressing. Multinational organizations looking for investment opportunities in these countries may limit their business explorative activities in Africa due to the absence of, or lack of clarity around, data protection law. This is particularly because multinational companies collect and process a large amount of personal data in the ordinary course of their business. Thus, in order to conduct business effectively and safely in Africa, organizations need to understand the scope of data protection laws in such countries.

Emmanuel Muragijimana, Principal Associate at K-Solutions & Partners in Rwanda, commented that data was increasingly becoming an important asset, and collecting and sharing data could serve as big business in the present day’s digital economy. In addition, citizens are also increasingly becoming aware of the importance of protecting one’s personal data.

“African countries, therefore, cannot afford to be left behind. They have to ensure that they put in place legislation to secure the protection of data and privacy in order to prevent issues stemming from unprotected data, such as unauthorized use of one’s personal data without their knowledge, as well as the negative impact on a company or organization’s reputation should it face sanctions, among other factors,” he explained.

Data privacy breach report by Paradigm Initiative

Janet MacKenzie, Partner and Head of the IPTech Practice at Baker McKenzie in South Africa, said that rapid digitization, boosted by the pandemic, meant that it is now critical to implement policy, legislative and regulatory frameworks that are intended to guide and enforce the protection and security of personal data, not just in Africa but around the world.

ALSO READ  Businesses Must Protect Assets in Physical World Before Jumping into Metaverse

“Failure to do so will lead to business failure, massive financial loss, loss of investment and a devastating rise in criminality,” she noted.

Kafui Achille Amekoudi, Avocat at AMKA Law Firm in Togo (Cabinet Me AMEKOUDI), explained that the penetration rate of the internet in Africa was constantly increasing, because Africa has realized the importance of the internet as a vector of development.


“With a population of more than a billion inhabitants, Africa is potentially a huge mine of personal data, which explains the proliferation of GAFAM projects to better connect the continent. It is therefore important, already at the primary stage, to regulate data privacy and protection,” he said.

Arnold Lule Sekiwano, Partner at Engoru, Mutebi Advocates in Uganda, explained that recently, there has been an upsurge in the data processing industry in respect of the data mining and data analytics areas.

NITDA prepares for National Data Privacy Week 2022

Kashifu Inuwa, the director general of NITDA, joined by Dr Vincent Olatunji, director eGovernment Development and Regulations, unveiled #DataPrivacyWeek2022 gears and other materials that were later used in creating awareness among Nigerians about data privacy.

“The COVID-19 pandemic has also led to an increase in remote access to information and data globally. It is therefore imperative that African countries raise awareness, invest in training and set up relevant infrastructure to enable the implementation of data privacy and protection.

“There is a vast need for autonomous data protection and data privacy regulatory bodies which can independently impose and collect fines so that funds are not lost in corruption and embezzlement, and so that personal data is lawfully collected and processed, and breaches are managed throughout the continent, to promote economic and social development,” he said.

Amalia Manuel, Partner at Atherstone & Cook in Zimbabwe agreed, stating that it was “crucial for African countries to put in place laws regulating the protection of data in light of global technological advancements.

Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.