In addition, a year ago, Rwanda became the fifth African nation to sign the African Union convention on cybersecurity and personal data protection. The Convention requires signatories to establish a data protection law and authority.
Names, address, telephone and ID numbers and email accounts are common information you must give out before you enter most of the public buildings in Rwanda.
Much of similar data is held by every restaurant you go to, by every seller you pay with mobile money, and possibly by every website you sign up to.
All of this information makes up a bunch of personal data that can be used to identify the data subject directly.
Data is an asset. Today, experts agree that more amount of personal data is being collected, stored and shared.
Fred Nkusi, a law expert says that protection of personal data is "very much needed”, especially in a digital era.
"Today, there is a lot of sharing and transferring of data. Absence of protection of personal data is a risk,” Nkusi notes.
Without the legislation, someone can use "your data against you or inappropriately”.
However, Nkusi maintains that there have been developments relative to data protection for the last five years.
For instance, article 124 of the ICT law passed in 2016 regulates the electronic sharing and storing of information among telecoms, postal agencies and broadcasters.
The cybersecurity law adopted in 2018 criminalizes the abuse of information technology, such as breach of confidentiality, identity theft and cyberstalking.
In addition, a year ago, Rwanda became the fifth African nation to sign the African Union convention on cybersecurity and personal data protection. The Convention requires signatories to establish a data protection law and authority.
By signing the treaty, Rwanda ensured foreign and local investments do not abuse citizen’s personal data.
In March, a draft law on data privacy and protection was submitted to the parliament.
The bill is expected to set guidelines on how government and private entities collect and handle one’s personal data.
Kenya is the only country in the East African region with a data protection law. It was passed in November 2019.
Beyond a fundamental right to privacy, the rapid growth of mobile technology and applications in Africa oblige an urgent need for data protection.
The legislation also would shed light on the unknown kind and amount of data technology giants such as Facebook and Google harvest from African countries.
"Data protection is a demanding task, but it can be applied to external players by setting limits for them,” says Jean Bosco Ahorukomeye, a technology expert.
The Malta-based technologist, however, observes that an aggressive regulation would cause a burden to businesses and the government. He added that data available in smaller economies does not expose the nations to notorious data miners.
The General Data Protection Regulation (GDPR) of the European Union, one of the strictest bills, for instance, imposes a penalty of up to 4 percent of the violating company’s global annual revenue in case of non-compliance.
For corporations, the draft law proposes a fine of 5 percent of their annual turnover and a fine not less than Rwf5 million and not exceeding Rwf10 million, or imprisonment, for persons.