Less than half of businesses in the Middle East and North Africa recognize the value of data security and customer privacy, The FinTech Times reports, citing a joint survey conducted by the Harvard Business Review Analytic Services and Mastercard. With approximately half the populations in both regions under the age of 24, UNICEF estimates consumer trust will rely heavily on companies' ability to implement data security principals catering to younger customers. According to the report, 80% of co... Read More

Nigeria released its draft Data Protection Bill, 2022 outlining a legal framework for personal data protection. The bill would establish the Nigeria Data Protection Commission to regulate personal data processing and outlines principles for processing personal information — including conducting data protection impact assessments and appointing a data protection officer — breach notification and cross-border data transfer restrictions, and enforcement abilities including investigations and civil ... Read More

Kenya created a requirement for startups that process personal data to register with the Office of the Data Protection Commissioner, PYMNTS.com reports. While Kenya’s Data Protection Act is the EU General Data Protection Regulation’s closest parallel on the African continent, a potential bilateral trade deal with the U.S. could save American companies compliance headaches after the EU-U.S. Privacy Shield was overturned in 2020. However, provisions of the anticipated Kenya-U.S. trade deal could c... Read More

The Information Regulator of South Africa announced initial appointments to its Enforcement Committee. Provided for under Section 50 of the Protection of Personal Information Act No. 4 of 2013, the committee is made up of 14 members from various sectors. Helen Fourie was appointed chair of the committee while Simonè Margadie will be alternate chair. Information Regulator Chair Pansy Tlakula said the committee's establishment means the regulator "will be able to enforce its powers and provide an ... Read More

The enactment of data protection legislation across Africa bodes well for the future. The privacy industry has flourished during the last few years. Since the EU General Data Protection Regulation entered into force (following the 1995 Directive, also known as EU Directive 95/46/EC), countries worldwide have passed privacy legislation. From the comprehensive California Consumer Protection Act in the U.S. to Brazil's General Data Protection Law, Canada’s Personal Information Protection and Electi... Read More

On Nov. 16, 2020, Immaculate Kassait was sworn in as Kenya’s first-ever data protection commissioner. Kassait, a former director of voter education and partnerships at the Independent Electoral and Boundaries Commission, was appointed by President Uhuru Kenyatta to actualize the Data Protection Act 2019. She has promised to hold multinational companies, such as Google, Facebook and Twitter, accountable to Kenyan laws.    According to the act, the DPC has powers to conduct investigations on its ... Read More

The Future of Privacy Forum published an overview of Tanzania's Personal Information Protection Act, 2022. Tanzania is the "35th country in Africa to enact a standalone data protection law and effectively extends data protection safeguards to more than 63 million people," Policy Analyst Mercy King'Ori and Policy Counsel for Global Privacy Katerina Demetzou write. The law contains unique provisions differentiating Tanzania from other countries, including a mandatory requirement for all controller... Read More

Nigeria released its draft Data Protection Bill, 2022 outlining a legal framework for personal data protection. The bill would establish the Nigeria Data Protection Commission to regulate personal data processing and outlines principles for processing personal information — including conducting data protection impact assessments and appointing a data protection officer — breach notification and cross-border data transfer restrictions, and enforcement abilities including investigations and civil ... Read More

Tanzania’s Personal Information Protection Bill is expected to be read in Parliament for the first time by the end of September, according to Information, Communications and Information Technology Minister Nape Nnauye. Nnauye said once the bill passes in Parliament, it is expected to be signed into law by President Samia Suluhu Hassan. The bill was crafted in response to online services selling citizens’ personal data without their consent.Full Story... Read More

The Information Regulator of South Africa announced initial appointments to its Enforcement Committee. Provided for under Section 50 of the Protection of Personal Information Act No. 4 of 2013, the committee is made up of 14 members from various sectors. Helen Fourie was appointed chair of the committee while Simonè Margadie will be alternate chair. Information Regulator Chair Pansy Tlakula said the committee's establishment means the regulator "will be able to enforce its powers and provide an ... Read More

The Council of Europe’s Data Protection Unit and the Global Action on Cyber Crime Extended held a workshop Feb. 22 for Gambian officials to help bring the country’s data protection standards more in line with international regulations, according to the Council of Europe. Gambian representatives from government bodies, ministries, public, private sector and civil society discussed a desk analysis where they decided to either establish an independent Data Protection and Privacy Agency or merge it ... Read More

The Nigerian National Information Technology Development Agency recently announced it trained nearly 5,800 citizens on the Nigeria Data Protection Regulation last year, the Nigerian Tribune reports. NITDA Director General Mallam Kashifu Inuwa said Nigeria licensed 103 Data Protection Compliance Organizations, which created roughly 7,680 jobs. The purpose of the NDPR is to encompass the safeguards for a person’s dignity, their livelihoods and the state’s socioeconomic integrity in an interconnect... Read More

With the two-year anniversary of the Kenyan Data Protection Act fast approaching, there are lessons to be learned from other jurisdictions that have enacted data protection legislation, and from what is happening in Kenya. This is not unlike any other data protection act, as it is common for new laws to go through a teething phase as they develop into fully operational and effective frameworks. As evidenced by recent developments in the Huduma Namba litigation in Republic v Joe Mucheru, Cabinet ... Read More

Kenya's banking regulator can now revoke permits of digital lenders that share personal data of customers with third parties, TechCrunch reports. A new clause added to a law passed by the National Assembly requires digital lenders to be licensed by the Central Bank of Kenya, rather than simply register, to combat rogue lenders. The clause also gives the bank the ability to suspend lender licenses when they breach the Data Protection Act or Consumer Protection Act.Full Story... Read More

South Africa's Information Regulator published guidelines for entities creating voluntary codes of conduct for processing data under the Protection of Personal Information Act. The guidelines are designed to help "assist relevant bodies" decide whether it is necessary for a code to be developed for their processing activities and clarify when the Information Regulator may develop a code of its own.Full Story... Read More

The Constitutional Court of South Africa rendered the country's Regulation of Interception of Communications and Provision of Communication-Related Information Act unconstitutional due to a lack of privacy safeguards. The ruling stems from a challenge brought by the Amabhungane Centre for Investigative Journalism after a journalist questioned surveillance efforts against him. The court found that the collection and monitoring of individuals’ communications under RICA breaches Section 14 of the C... Read More

The Nigerian Tribune reports Nigeria's National Information Technology Development Agency has more data protection and privacy professionals than any African nation. NITDA Director-General Kashifu Abdullahi indicated the Data Protection Compliance Organisations licensing scheme has generated both professionals and income. Additionally, NITDA has launched a Data Breach Investigation Team that will "investigate allegations of breach and make recommendations of actions to be taken on each case," ac... Read More

The Guardian reports a rapid increase in the utilization of digital technologies is causing privacy concerns in Somalia. Nonprofit organizations fear the personal information of Somalians is at risk of being exposed, specifically with online payments, due to a lack of data protection. Organizations are allegedly skipping the collection of informed consent, as well. Digital Shelter Director Abdifatah Hassan said instances of data loss are "extremely dangerous" for affected Somalians, noting it is... Read More

Togo’s Council of Ministers adopted a draft order on the organization and functioning of the country’s Personal Data Protection Authority. “The IPDCP has powers of investigation, intervention and sanction enabling it to support the government’s policy on the protection of personal data,” a release said, adding processing data “respects the fundamental rights and freedoms of individuals as well as the interests of the state, local authorities, companies and other legal entities.” A biometric iden... Read More

On Nov. 16, 2020, Immaculate Kassait was sworn in as Kenya’s first-ever data protection commissioner. Kassait, a former director of voter education and partnerships at the Independent Electoral and Boundaries Commission, was appointed by President Uhuru Kenyatta to actualize the Data Protection Act 2019. She has promised to hold multinational companies, such as Google, Facebook and Twitter, accountable to Kenyan laws.    According to the act, the DPC has powers to conduct investigations on its ... Read More

The office of Rwanda Prime Minister Édouard Ngirente announced the Cabinet voted to approve the country's draft data protection bill. A final draft of the bill was previously published Jan. 30 and included provisions on data subject rights, general rules for data collection and processing, and procedures for data activities, such as transfers, sharing and retention.Full Story... Read More

Egypt’s Personal Data Protection Law will be enforced Oct. 14, bringing a range of new obligations for businesses, PwC Middle East Partner for Assurance Services Nabil Diab wrote in an op-ed for Daily News Egypt. To prepare for enforcement, Diab said businesses should “take a holistic approach.” He outlines 10 “essential” steps, including appointing a data protection officer, establishing a data breach management process and reviewing cross-border data transfer operations.Full Story... Read More

A new law has been approved in Egypt that gives victims of sexual harassment or assault the automatic right to anonymity, Reuters reports. Parliamentarian Ghada Ghareeb said a fear of social stigma led to a decline in reported cases. The law is a step “in a long road of issuing regulations that preserve women’s rights,” she said.Full Story... Read More

South Africa finally has data protection legislation! Although the right to privacy has been enshrined as a fundamental right in the Bill of Rights since 1996, United Nations Special Rapporteur on the Right to Privacy Joseph Cannataci said in March South Africa is “about 30 years behind” in implementing its privacy legislation when compared to other jurisdictions. The substantive provisions of the Protection of Personal Information Act 2013 enter into force July 1 (certain provisions relating t... Read More

Kenya’s constitution is among the most progressive in the world, and one clear test is on the question of privacy. Chapter 4 of the constitution, the Bill of Rights, provides an explicit right to privacy, including protections against searches, seizure of property, unwarranted collection or disclosure of information about family or personal affairs, and intrusion of communications. In line with the country’s Data Protection Act 2019, Kenya recently took a decisive step by advertising the positi... Read More

Legislators in Egypt have passed the country’s first data protection law, Daily News Egypt reports. The laws will protect the information of Egyptian citizens, as well as European Union citizens who are in the country. Companies are required to obtain consent before any personal data can be collected, processed or disclosed. Any organization found to have violated the rules faces “[no] less than three months” of imprisonment and fines that can range from EGP 100,000 to EGP 1 million. Any entity ... Read More

The Council of Europe has announced that Morocco and Tunisia are the latest member states to join separate international treaties that provide individuals the right to have their personal data protected. Morocco is the 55th nation to join "Convention 108," more formally known as the Convention for the protection of individuals with regard to Automatic Processing of Personal Data. Tunisia is the 30th member state for "Convention 108+," which allows protection related to the basic processing of pe... Read More

Rwandan Minister for Justice and Attorney General Johnston Busingye’s announcement to create the world’s first countrywide DNA database was met with concern, The Independent reports. The database would include DNA samples from the country’s 12 million citizens but has raised concerns from some that the data could be misused by the government and violate international human rights laws. Busingye said the database would be used to combat crime and added, “We will examine global best practice on th... Read More

In July, the Moroccan data protection authority held a joint seminar with the Delegation of the European Union to Morocco to present the outcomes of a study they conducted on opportunities to bring the Moroccan legal framework for the protection of personal data closer to the EU General Data Protection Regulation. In this Privacy Tracker post, Hind Chenaoui, CIPP/E, CIPM, offers a look at why this alignment is important for Morocco, the steps the nation has already taken, and the findings of the... Read More

Egypt’s Parliament passed legislation requiring ride-hailing apps to share passenger data with the country’s security agencies when requested, The Wall Street Journal reports. Lawmakers dropped provisions of the legislation that called for ride-hailing apps to provide data in real time and require that they store servers in Egypt. The bill must now be approved by President Abdel Fattah Al Sisi, who came to power following a 2013 military coup and has worked to attract foreign investment. Amr Mag... Read More

In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your efforts. In this installment, Russell Nel, CIPP/US, CIPT, compares South Africa’s Protection of Personal Information Act with the GDPR. Admittedly, South Africa was a bit late to adopt a holistic data protecti... Read More