Africa

Image

Africa Topic Page

Navigate by Topic

Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy and data protection in Africa.

Featured Resources

Privacy Around the Globe: Nigeria

This LinkedIn Live discusses the current data protection regime in Nigeria, the data protection bill proposed in 2022 as part of the National Data Strategy, how and when it will shift the enforcement landscape and where privacy professionals should be focused.
Read More

Privacy Around the Globe: South Africa

In this session, IAPP Vice President and Chief Knowledge Officer Caitlin Fennessy, CIPP/US, connects with ABSA Bank Group Head of Data Privacy Amenda Makhetha, CIPM, to discuss South Africa’s changing privacy terrain.
Read More

A privacy pro’s odyssey in Africa

Access Now Africa Policy Manager Elias Okwara reflects on his privacy journey in Africa since returning home to Kenya in 2017. He noted that while technological developments have been slow in some regions on the continent, approximately two-thirds of African countries have passed privacy protection laws.
Read More


Additional News and Resources

Report: Half of Middle East-North African companies don't yet realize business imperative of data privacy

Less than half of businesses in the Middle East and North Africa recognize the value of data security and customer privacy, The FinTech Times reports, citing a joint survey conducted by the Harvard Business Review Analytic Services and Mastercard. With approximately half the populations in both regions under the age of 24, UNICEF estimates consumer trust will rely heavily on companies' ability to implement data security principals catering to younger customers. According to the report, 80% of co... Read More

Nigeria releases draft Data Protection Bill

Nigeria released its draft Data Protection Bill, 2022 outlining a legal framework for personal data protection. The bill would establish the Nigeria Data Protection Commission to regulate personal data processing and outlines principles for processing personal information — including conducting data protection impact assessments and appointing a data protection officer — breach notification and cross-border data transfer restrictions, and enforcement abilities including investigations and civil ... Read More

Potential Kenya-US trade deal could be favorable to Big Tech

Kenya created a requirement for startups that process personal data to register with the Office of the Data Protection Commissioner, PYMNTS.com reports. While Kenya’s Data Protection Act is the EU General Data Protection Regulation’s closest parallel on the African continent, a potential bilateral trade deal with the U.S. could save American companies compliance headaches after the EU-U.S. Privacy Shield was overturned in 2020. However, provisions of the anticipated Kenya-U.S. trade deal could c... Read More

South African DPA launches enforcement committee

The Information Regulator of South Africa announced initial appointments to its Enforcement Committee. Provided for under Section 50 of the Protection of Personal Information Act No. 4 of 2013, the committee is made up of 14 members from various sectors. Helen Fourie was appointed chair of the committee while Simonè Margadie will be alternate chair. Information Regulator Chair Pansy Tlakula said the committee's establishment means the regulator "will be able to enforce its powers and provide an ... Read More

State of Internet Freedom in Africa

This annual report, published by CIPESA, analyzes the state of privacy and personal data protection in Africa, and addresses developments and events in the privacy industry and their impacts throughout the continent. Click To View (PDF) ... Read More

Privacy and personal data protection in Africa: A rights-based survey of legislation in eight countries

The African Declaration on Internet Rights and Freedoms Coalition published a comprehensive report examining the state of data protection in eight African countries. The countries surveyed were Ethiopia, Kenya, Namibia, Nigeria, South Africa, Tanzania, Togo and Uganda. Four of those nations have privacy legislation, but Research Coordinator Alan Finlay said laws alone were "not necessarily a strong indicator of whether a country is committed to privacy rights, or of the efficacy of a country’s l... Read More

Slowly but surely, data protection regulations expand throughout Africa

The enactment of data protection legislation across Africa bodes well for the future. The privacy industry has flourished during the last few years. Since the EU General Data Protection Regulation entered into force (following the 1995 Directive, also known as EU Directive 95/46/EC), countries worldwide have passed privacy legislation. From the comprehensive California Consumer Protection Act in the U.S. to Brazil's General Data Protection Law, Canada’s Personal Information Protection and Electi... Read More

Kenya appoints its first ever data protection commissioner

On Nov. 16, 2020, Immaculate Kassait was sworn in as Kenya’s first-ever data protection commissioner. Kassait, a former director of voter education and partnerships at the Independent Electoral and Boundaries Commission, was appointed by President Uhuru Kenyatta to actualize the Data Protection Act 2019. She has promised to hold multinational companies, such as Google, Facebook and Twitter, accountable to Kenyan laws.    According to the act, the DPC has powers to conduct investigations on its ... Read More

Regional Resources

FPF publishes overview of Tanzania's PIPA

The Future of Privacy Forum published an overview of Tanzania's Personal Information Protection Act, 2022. Tanzania is the "35th country in Africa to enact a standalone data protection law and effectively extends data protection safeguards to more than 63 million people," Policy Analyst Mercy King'Ori and Policy Counsel for Global Privacy Katerina Demetzou write. The law contains unique provisions differentiating Tanzania from other countries, including a mandatory requirement for all controller... Read More

Privacy Around the Globe: Nigeria

Original broadcast date: March 15, 2023 In this LinkedIn Live series, we travel (virtually) to a different region for an up-close analysis of the current and future state of privacy there. This round, we turn our attention to Nigeria. IAPP Vice President and Chief Knowledge Officer Caitlin Fennessy, CIPP/US, will speak with Enobong “Gift” Ekim, CIPM, who led privacy compliance efforts as a data protection officer and privacy analyst at several Nigerian companies before joining the IAPP as a leg... Read More

Privacy Around the Globe: South Africa

Original broadcast date: Dec. 6, 2022 This LinkedIn Live is part of the IAPP Privacy Around the Globe series which takes a close look at the changing privacy landscape in different countries around the world. In this session, IAPP Vice President and Chief Knowledge Officer Caitlin Fennessy, CIPP/US, connects with ABSA Bank Group Head of Data Privacy Amenda Makhetha, CIPM, to discuss South Africa's changing privacy terrain. Watch the full recording on LinkedIn. Access the IAPP's LinkedIn profil... Read More

Nigeria releases draft Data Protection Bill

Nigeria released its draft Data Protection Bill, 2022 outlining a legal framework for personal data protection. The bill would establish the Nigeria Data Protection Commission to regulate personal data processing and outlines principles for processing personal information — including conducting data protection impact assessments and appointing a data protection officer — breach notification and cross-border data transfer restrictions, and enforcement abilities including investigations and civil ... Read More

Tanzanian Parliament expected to receive Personal Information Protection Bill

Tanzania’s Personal Information Protection Bill is expected to be read in Parliament for the first time by the end of September, according to Information, Communications and Information Technology Minister Nape Nnauye. Nnauye said once the bill passes in Parliament, it is expected to be signed into law by President Samia Suluhu Hassan. The bill was crafted in response to online services selling citizens’ personal data without their consent.Full Story... Read More

South African DPA launches enforcement committee

The Information Regulator of South Africa announced initial appointments to its Enforcement Committee. Provided for under Section 50 of the Protection of Personal Information Act No. 4 of 2013, the committee is made up of 14 members from various sectors. Helen Fourie was appointed chair of the committee while Simonè Margadie will be alternate chair. Information Regulator Chair Pansy Tlakula said the committee's establishment means the regulator "will be able to enforce its powers and provide an ... Read More

Gambian officials look to bring country's data protection standards closer to EU

The Council of Europe’s Data Protection Unit and the Global Action on Cyber Crime Extended held a workshop Feb. 22 for Gambian officials to help bring the country’s data protection standards more in line with international regulations, according to the Council of Europe. Gambian representatives from government bodies, ministries, public, private sector and civil society discussed a desk analysis where they decided to either establish an independent Data Protection and Privacy Agency or merge it ... Read More

Nearly 5,800 Nigerians trained on country's data protection regulation last year

The Nigerian National Information Technology Development Agency recently announced it trained nearly 5,800 citizens on the Nigeria Data Protection Regulation last year, the Nigerian Tribune reports. NITDA Director General Mallam Kashifu Inuwa said Nigeria licensed 103 Data Protection Compliance Organizations, which created roughly 7,680 jobs. The purpose of the NDPR is to encompass the safeguards for a person’s dignity, their livelihoods and the state’s socioeconomic integrity in an interconnect... Read More

Protecting data protection rights in Kenya

With the two-year anniversary of the Kenyan Data Protection Act fast approaching, there are lessons to be learned from other jurisdictions that have enacted data protection legislation, and from what is happening in Kenya. This is not unlike any other data protection act, as it is common for new laws to go through a teething phase as they develop into fully operational and effective frameworks. As evidenced by recent developments in the Huduma Namba litigation in Republic v Joe Mucheru, Cabinet ... Read More

Kenya law penalizes lenders that share personal data

Kenya's banking regulator can now revoke permits of digital lenders that share personal data of customers with third parties, TechCrunch reports. A new clause added to a law passed by the National Assembly requires digital lenders to be licensed by the Central Bank of Kenya, rather than simply register, to combat rogue lenders. The clause also gives the bank the ability to suspend lender licenses when they breach the Data Protection Act or Consumer Protection Act.Full Story... Read More

South African regulator creates data-processing code of conduct guidelines

South Africa's Information Regulator published guidelines for entities creating voluntary codes of conduct for processing data under the Protection of Personal Information Act. The guidelines are designed to help "assist relevant bodies" decide whether it is necessary for a code to be developed for their processing activities and clarify when the Information Regulator may develop a code of its own.Full Story... Read More

South African surveillance law ruled unconstitutional

The Constitutional Court of South Africa rendered the country's Regulation of Interception of Communications and Provision of Communication-Related Information Act unconstitutional due to a lack of privacy safeguards. The ruling stems from a challenge brought by the Amabhungane Centre for Investigative Journalism after a journalist questioned surveillance efforts against him. The court found that the collection and monitoring of individuals’ communications under RICA breaches Section 14 of the C... Read More

Privacy profession sees growth in Nigeria

The Nigerian Tribune reports Nigeria's National Information Technology Development Agency has more data protection and privacy professionals than any African nation. NITDA Director-General Kashifu Abdullahi indicated the Data Protection Compliance Organisations licensing scheme has generated both professionals and income. Additionally, NITDA has launched a Data Breach Investigation Team that will "investigate allegations of breach and make recommendations of actions to be taken on each case," ac... Read More

Data protection concerns raised with Somalia's digitization

The Guardian reports a rapid increase in the utilization of digital technologies is causing privacy concerns in Somalia. Nonprofit organizations fear the personal information of Somalians is at risk of being exposed, specifically with online payments, due to a lack of data protection. Organizations are allegedly skipping the collection of informed consent, as well. Digital Shelter Director Abdifatah Hassan said instances of data loss are "extremely dangerous" for affected Somalians, noting it is... Read More

Togo adopts order on personal data protection

Togo’s Council of Ministers adopted a draft order on the organization and functioning of the country’s Personal Data Protection Authority. “The IPDCP has powers of investigation, intervention and sanction enabling it to support the government’s policy on the protection of personal data,” a release said, adding processing data “respects the fundamental rights and freedoms of individuals as well as the interests of the state, local authorities, companies and other legal entities.” A biometric iden... Read More

Kenya appoints its first ever data protection commissioner

On Nov. 16, 2020, Immaculate Kassait was sworn in as Kenya’s first-ever data protection commissioner. Kassait, a former director of voter education and partnerships at the Independent Electoral and Boundaries Commission, was appointed by President Uhuru Kenyatta to actualize the Data Protection Act 2019. She has promised to hold multinational companies, such as Google, Facebook and Twitter, accountable to Kenyan laws.    According to the act, the DPC has powers to conduct investigations on its ... Read More

Rwanda data protection bill approved

The office of Rwanda Prime Minister Édouard Ngirente announced the Cabinet voted to approve the country's draft data protection bill. A final draft of the bill was previously published Jan. 30 and included provisions on data subject rights, general rules for data collection and processing, and procedures for data activities, such as transfers, sharing and retention.Full Story... Read More

Op-ed: Businesses should take ‘holistic’ approach to Egypt’s PDPL

Egypt’s Personal Data Protection Law will be enforced Oct. 14, bringing a range of new obligations for businesses, PwC Middle East Partner for Assurance Services Nabil Diab wrote in an op-ed for Daily News Egypt. To prepare for enforcement, Diab said businesses should “take a holistic approach.” He outlines 10 “essential” steps, including appointing a data protection officer, establishing a data breach management process and reviewing cross-border data transfer operations.Full Story... Read More

New law in Egypt protects anonymity of abuse victims

A new law has been approved in Egypt that gives victims of sexual harassment or assault the automatic right to anonymity, Reuters reports. Parliamentarian Ghada Ghareeb said a fear of social stigma led to a decline in reported cases. The law is a step “in a long road of issuing regulations that preserve women’s rights,” she said.Full Story... Read More

After 7-year wait, South Africa's Data Protection Act enters into force

South Africa finally has data protection legislation! Although the right to privacy has been enshrined as a fundamental right in the Bill of Rights since 1996, United Nations Special Rapporteur on the Right to Privacy Joseph Cannataci said in March South Africa is “about 30 years behind” in implementing its privacy legislation when compared to other jurisdictions. The substantive provisions of the Protection of Personal Information Act 2013 enter into force July 1 (certain provisions relating t... Read More

Kenya takes important step forward in data protection

Kenya’s constitution is among the most progressive in the world, and one clear test is on the question of privacy. Chapter 4 of the constitution, the Bill of Rights, provides an explicit right to privacy, including protections against searches, seizure of property, unwarranted collection or disclosure of information about family or personal affairs, and intrusion of communications. In line with the country’s Data Protection Act 2019, Kenya recently took a decisive step by advertising the positi... Read More

Egypt passes first data protection law

Legislators in Egypt have passed the country’s first data protection law, Daily News Egypt reports. The laws will protect the information of Egyptian citizens, as well as European Union citizens who are in the country. Companies are required to obtain consent before any personal data can be collected, processed or disclosed. Any organization found to have violated the rules faces “[no] less than three months” of imprisonment and fines that can range from EGP 100,000 to EGP 1 million. Any entity ... Read More

Morocco, Tunisia sign on to Council of Europe's 'Convention 108' treaties

The Council of Europe has announced that Morocco and Tunisia are the latest member states to join separate international treaties that provide individuals the right to have their personal data protected. Morocco is the 55th nation to join "Convention 108," more formally known as the Convention for the protection of individuals with regard to Automatic Processing of Personal Data. Tunisia is the 30th member state for "Convention 108+," which allows protection related to the basic processing of pe... Read More

Rwanda announces plans for countrywide DNA database

Rwandan Minister for Justice and Attorney General Johnston Busingye’s announcement to create the world’s first countrywide DNA database was met with concern, The Independent reports. The database would include DNA samples from the country’s 12 million citizens but has raised concerns from some that the data could be misused by the government and violate international human rights laws. Busingye said the database would be used to combat crime and added, “We will examine global best practice on th... Read More

Aligning Morocco's privacy protections with the GDPR

In July, the Moroccan data protection authority held a joint seminar with the Delegation of the European Union to Morocco to present the outcomes of a study they conducted on opportunities to bring the Moroccan legal framework for the protection of personal data closer to the EU General Data Protection Regulation. In this Privacy Tracker post, Hind Chenaoui, CIPP/E, CIPM, offers a look at why this alignment is important for Morocco, the steps the nation has already taken, and the findings of the... Read More

Egypt's Parliament passes data-sharing legislation for ride-hailing apps

Egypt’s Parliament passed legislation requiring ride-hailing apps to share passenger data with the country’s security agencies when requested, The Wall Street Journal reports. Lawmakers dropped provisions of the legislation that called for ride-hailing apps to provide data in real time and require that they store servers in Egypt. The bill must now be approved by President Abdel Fattah Al Sisi, who came to power following a 2013 military coup and has worked to attract foreign investment. Amr Mag... Read More

GDPR matchup: South Africa's Protection of Personal Information Act

In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your efforts. In this installment, Russell Nel, CIPP/US, CIPT, compares South Africa’s Protection of Personal Information Act with the GDPR. Admittedly, South Africa was a bit late to adopt a holistic data protecti... Read More