Data protection is about safeguarding our fundamental right to privacy by regulating the processing of personal data: providing the individual with rights over their data and setting up systems of accountability and clear obligations for those who control or undertake the processing of the data. Digital rights are basic human rights in the internet era – linked to freedom of expression and privacy, those that allow people to access, use, create and publish digital media, as well as access and use computers, other electronic devices, and communications networks. As a user of digital technology, you also have the right to privacy and the freedom of personal expression.

2020 brought several major developments in the world of data protection legislation. Also, the rise of so many digitally-enabled markets in Africa means that more consumers are being asked to give access to their personal data, including financial, demographic, and geolocation data. As the 55 African countries of the African Union (AU) move towards greater integration of trade policies through the African Continental Free Trade Agreement (AfCFTA), one area of noted trade policy divergence is the governance of digital trade. African nations have varied rules governing the protection of personal data, with some countries offering little to no protection policy while others have extensive digital governance frameworks. As internet connectivity, broadband access, and digital trade have converged with wider economic development, the extent to which African nations form policies governing the digital landscape can also shape development across the whole continent.

The Internet has introduced new spaces. The online environment has gone mainstream, and there is more democratic participation. As we increasingly conduct our lives online—shopping, socializing, and sharing information—our digital rights, particularly the rights to privacy and freedom of expression, are becoming more important. We need to understand how our data is being used by companies, governments, and internet giants such as Facebook and Google. Is it being handled fairly and carefully, sold or shared without our consent?

As governments and companies collect our personal data, cybercriminals are also easily collecting our personal data and tracking our movements and activities. It is important to know who has access to the data trail or footprints we create online. Brands want to look at the content that we create and share, such as our social media profiles and location data from mobile phones, because it helps them build a picture of how we spend our time and money. Also, employee records, customer details, transactions, and data collection through surveys need to be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams and identity theft. Thus, the regulations governing the protection of personal data are becoming increasingly important.

Data privacy is a fundamental right that is yet to be completely established across many countries in Africa. Only 32 countries in Africa have data privacy laws. The African Union convention on cybersecurity and personal data protection (Malabo Convention) 2014, sets a strong intention of protecting personal data and ensuring cybersecurity in Africa. The Convention seeks to establish a credible framework for cybersecurity in Africa through the organization of electronic transactions, protection of personal data, and promotion of cybersecurity, e-governance, and combating cybercrime. It also provides a personal data protection framework that African countries might switch into their national legislation for it to have the full force of the law and encourages African countries to recognize the need for protecting personal data. By this, emphasizing the responsibility of African states to respect, protect and fulfill human rights online for all people.

The continent is divided along the line of countries with a framework, an insufficient framework, and no framework. Many countries are also yet to adopt any major data protection regulations. The divergent framework creates a fractured terrain for data protection and enforcement of the law across the continent, and for establishing a common market for regional trade in digital goods and services.

Despite the gaps, Ghana has spent considerable efforts to update and amend laws and regulations to encourage the establishment of a larger digital trade economy. This includes laws that govern the protection and privacy of personal data. Ghana’s Data Protection Act came into force in 2012 to protect the privacy of individual and personal data by regulating the processing of personal information. In 2019 Kenya, Nigeria, Togo, and Uganda enacted data protection policies, followed by Egypt, to create a data protection framework with its Personal Data Protection Law. Next came South Africa, whose Protection of Personal Information Act came into force in 2020. Other countries are revising existing data protection policies or working to establish structures to enforce existing laws and regulations.

Although the gaps and wide flexibility of privacy and data protection laws from country to country, the economic and trade impact on technology firms seems to be minor, as the size of the African digital market is still growing. In the wake of emerging technologies, several new data security laws around the world will be enforced, introducing among others, mandatory data breach notifications, and increased penalties for non-compliance. 2021 will see these changes applied and for Ghana and other African digital economies to grow, we must push for enforcement and compliance, and fall in line with the international standard set by the General Data Protection Regulation (GDPR). Cross-border transfers are likely to be one of the big compliance issues being tackled by legislative bodies and data protection authorities must ensure a regularization and normalization of data transfers between countries.

Author: Richard Kafui Amanfu – (Director of Operations, Institute of ICT Professionals, Ghana)

For comments, contact richard.amanfu@iipgh.org or Mobile: +233244357006