By Unwanted Witness Team

Modern technologies have made it more possible for more personal information to cross national borders than ever before. But despite the current rapid transnational data transfers amidst the need to safeguard people’s lives, African states either have fragmented data protection and privacy policies or none. While national initiatives are commendable, a harmonized legal framework is still required to ensure the rapid development of a digital economy and the protection of personal data across Africa.

In March 2018, the African Continental Free Trade Area (AfCFTA) agreement was established, as a revolutionary treaty of the African Union, creating an African single market to guarantee the free movement of persons, goods and services. The single market relies heavily on the processing of the personal data of persons resident within and outside the African Union, thereby necessitating an effective data protection regime.

The lack of a harmonized data protection continental framework threatens to clog the wheels of the African Continental Free Trade Area as well as the dignity of the African people. These concerns were at the centre of the conversation with data protection regulators across the continent at the 4^th Privacy Symposium Africa 2022, co-organized by Unwanted Witness and the Centre for Intellectual Property and Information Technology Law (CIPIT).  

While applauding policy harmonization efforts of the African Union, all data protection regulators at the symposium affirmed the need to fast-track the harmonization of the laws on the continent, focusing on its numerical strength. “While each country has its own uniqueness, harmonization of data protection laws should consider commonalities that will guide the establishment of a common framework; we cannot evade seamless flow of data across the region,” Immaculate Kassait, Data Commissioner, Kenya submitted.

Key to this though is the political will and the capacity of technocrats from different member states to adopt and enforce unified legislation. According to Stella Alibateese, Director of the National Personal Data Protection Office, Uganda, awareness should be enhanced among politicians and technocrats for the harmonization of legislation in Africa.

“We need to make use of the existing platforms, like Network for African Data Protection Authorities to encourage countries to join this group & advocate for the adoption of a unified policy framework.” Stella Alibateese Director of National Personal Data Protection Office.

“We need to make use of the existing platforms, like Network for African Data Protection Authorities to encourage countries to join this group & advocate for the adoption of a unified policy framework.” Stella Alibateese Director of National Personal Data Protection Office.

In her view, the Zimbabwe regulators attribute the delayed ratification of the Malabo Convention to the lack of political will by AU member states.

“The low pace for the adoption of the Malabo convention indicates that sustained commitment is missing since only 14 states have ratified the convention out of 15 required to make it enforceable, ” asserts Tsitsi Mariwo, head of legal services, Postal and Telecommunications Regulatory Authority of  Zimbabwe

The other common challenge shared by data regulators across the African continent is the lack of independence of policing bodies; regulators and commissioners. These institutions expected to push for law and order have been put under the Ministries of Information Communication and Technology (ICT) which are directly governed by governments.

View the full video here.