What African states must do to protect and secure citizens’ data
Thursday July 29 2021
With the growth of technology, data has become one of the most valuable assets in the world. The analysis of data by governments, corporates, and other institutions continues to increase in the pursuit of efficiency in the delivery and allocation of services. However, there is concern over data privacy and security, including whether the data is being sold or used for anything other than the intended purposes.
In line with best practices, the data must undergo an anonymisation process. This entails removing any private or confidential information from all the aggregated data. This results in anonymous data that can’t be associated with any individual or company and can’t be used to target them or shared with other parties, especially when they have not consented to it.
There are two aspects that must also be considered when seeking to protect the privacy of data. First, data collected in larger clusters makes the data less identifiable once anonymised. Secondly, working with secure people and data makes the data anonymisation process more comprehensive.
African countries have for some time lagged behind their global counterparts in enacting data privacy and protection regulations. This began to change in the past decade with roughly half — about 24 — African states having enacted some form of data protection regulation. The data privacy conversation is made more relevant in Africa when you consider the instances of digital manipulations witnessed in the past 10 years. The most notable being the Cambridge Analytica scandals in Nigeria and Kenya, where the data firm was used to influence elections.
The continental scale of the problem has seen the conversation around data protection regulations move towards the potential co-ordination of data protection legislation among African countries, rather than relying on the individual states crafting and implementing their own separate laws.
One possible framework for such legislation is the African Union's Convention on Cyber Security and Personal Data Protection, which would obligate AU nations to enact policy and regulatory measures for cybersecurity. However, despite the adoption of the document by the AU in 2014, implementation has been slow. A major stumbling block to its implementation has been the indifference of local populations to the issue.
A second initiative that is currently working to promote data protection and data privacy in Africa was started by the Smart Africa Alliance, that brought together states, the private sector players, international organisations as well as academia to work on a harmonised framework on data privacy and protection in Africa. This has been done in collaboration with the AU.
Ultimately, governments are responsible for ensuring the privacy of their citizen’s data. Data privacy frameworks are here to stay and are essential. They must enforce citizens’ rights and protect them from the unauthorised use of personal data. All stakeholders can support innovative measures to create a trustable and truly inclusive digital society and developing data privacy regulation is a necessary step to achieve this.
Laurent Sarr is a technical director at the Global Voice Group