Is Africa ready to protect citizens’ personal data?
Wednesday, July 18, 2018
Jean Franu00e7ois Le Bihan (left), public policy director Sub-Saharan Africa at GSMA, speaks during a news conference as Boris Wojtan, senior director of privacy at GSMA, looks on, in Kigali yesterday. Telecoms plan to invest some $8 billion in data protection projects annually. Nadege Imbabazi.

Many private and public organisations such as telecommunication companies, banks, airlines and other businesses always collect, use and keep people’s personal information.

However, in Africa where there is a large and fast growing population of mobile technologies and internet users, there are limited or no specific laws and regulations to protect the privacy of these individuals.

Recent cases of British analytics firm, Cambridge Analytica, which inappropriately accessed personal data of about 50 million users of Facebook during the 2016 US presidential election, tells a story of how Africa is susceptible  to such malpractices.

Cambridge Analytica’s parent company, SCL Group, has been accused of harvesting millions of Facebook profiles and working to fix elections in Kenya and Nigeria both in 2013 and 2017 as well as 2015 respectively.

Unlike in Europe where discussions about data privacy have resulted into establishment of actionable regulatory frameworks like the recent General Data Protection Regulation (GDPR), in Africa, such conversations are still happening in meetings and conferences.

Various statistics show that more than half of Africa’s 54 countries have no data protection or privacy laws. Even those that have legislations in place, there are no regulators to enforce them.

For instance, in Nigeria, the African country with the most internet users, a data-protection bill that was introduced in 2010 is still making its way through parliament.

In Kenya, a country of 44 million people with some 8.5 million Facebook users on a monthly basis, there are no specific data-protection laws that exist.

Back here in Rwanda, there is an ICT law that provides that, "every subscriber or user’s voice or data communications carried by means of an electronic communications network or services, must remain confidential to the subscriber and or user for whom the voice or data is intended”.

Moreover, tech experts believe there are no comprehensive data protection and privacy law.

Fraser Graham, the senior director for policy engagement at GSMA, reckons that devising more specific legislation that protects people’s data and privacy is very important, especially with the change of the digital landscape.

"What we are thinking is that the introduction of enabling policies is important for the continent. We are, in fact, calling for fundamental review of policy and regulatory frameworks to make them fit for the digital ecosystem,” he said in Kigali at the ongoing M360 Africa Series.

This digital ecosystem represented 7.9 per cent of the GDP in Sub-Saharan Africa region last year, according to GSMA’s latest Mobile Economy Report, which was released on Tuesday this week.

According to Graham, GSMA, the global association of telecom operators held a conversation this week, part of which focused on addressing data protection and privacy issues in Africa.

"One of the priorities that came out is about bringing attention of Africans to data protection; basically, ensuring stability, safety and confidentiality of online data,” he said.

GSMA’s Boris Wojtan also argued that one of the key enablers for Africa to tap the digital opportunity is having a smart data privacy framework that enables trust and innovation.

"We have seen the development of data privacy laws in some parts of Africa. But the question is, how can we push for the right results and make sure that data protection laws are adopted across the region?” Wojtan noted.

The expert, however, wondered whether Africa will ever have data protection authorities that are well funded to do the job of implementing and enforcing the laws that are being established.

The African Union (AU) adopted a convention on cybersecurity and personal data in 2014, but this has not taken off. There are only 10 countries that have signed the convention.

Infrastructure is key

Africa has the lowest internet penetration rates globally, but improved digital infrastructure, increased smartphone uptake, and the proliferation of innovation spaces have made the internet a rapidly transformative tool.

Jean-Francois Le Bihan, another expert, said that  for the continent to actually get economic value out of this remarkable digital shit, more investments should also be made in digital infrastructure.

This, he added, can go a long way in ensuring that citizens’ personal data is not breached.

In some countries, organisations host their consumers’ data outside their countries, something some experts attribute to lack of adequate infrastructure to handle that data.

But Bihan said that there was a growing number of digital infrastructure like data centres in Africa, highlighting that cross-border data flows could not actually be a problem if good governance is in place.

Last year alone, telecom firms in Sub-Saharan Africa invested a combined US$8 billion in networks rollout. According to experts, this is expected to be an annual trend for the next three years.

editorial@newtimes.co.rw