The State of Data Protection in Africa

By Rodrigue Anani*

We are living in the digital age. We buy online, we sell online, we bank online. Everything we do online reveals small pieces of our real existence. When filling out forms, we provide our names, email addresses, home addresses, telephone number(s), and other pieces of information. We provide information to all of these websites, which get to know a bit about us. But, what happens when that “bit” of us falls into malicious hands?

In a world where our personal information is increasingly valuable, data protection is paramount. For the purposes of this article, we define data as facts, statistics, value, individual pieces of information that are available for reference or analysis. They could be numbers, dates, names, documents, images, audio, video, etc. Cloudian defines data protection as a set of strategies and processes that can be used to secure the privacy, availability, and integrity of your data. Data protection can also be referred to as data security or information privacy. We can look at data protection as a set of tools or policies that guide which data are collected, and how the data collected are stored. Data protection ensures that the private data of users is protected.

Artificial Intelligence (AI) technology, which is rapidly evolving, enables the analysis of personal information with unprecedented accuracy and speed. A publication by the Carr Center for Human Rights Policy, from the Harvard Kennedy School entitled The Ethical Use of Personal Data to Build Artificial Intelligence Technologies states that:

AI technologies can do a great deal of good in the world, but whether they do so is not only dependent upon how we use those AI technologies but also how we build those AI technologies in the first place. The unfortunate truth is that personal data has become the bricks and mortar used to build many AI technologies and more must be done to protect and safeguard the humans whose personal data is being used.

The publication highlights the importance of data protection frameworks and the need to further reflect and work on how personal data is protected and safeguarded.

In a world increasingly dominated by data, personal data should be strongly and carefully protected. Furthermore, governments and organisations should ensure that data are only used for the purpose for which they have been collected and for which we have given our consent. Governments are putting in place tough measures to ensure their citizens' data are protected, especially with the advent of cloud computing. The European Union enacted one of the toughest privacy and security laws in the world in May 2018: the General Data Protection Regulation (GDPR). It imposes obligations onto organisations anywhere, so long as they target or collect data related to people in the European Union. Brazil’s Lei Geral de Proteçao de Dados was modeled directly after GDPR. The State of California in the United States of America also used the GDPR as a model for their California Consumer Privacy Act (CCPA)

However, this duty should not only be the responsibility of governments. Protecting customers' and employees’ data is of utmost importance to businesses too. Their survival and reputation could depend on it. The Equifax case highlights the growing importance of data protection for corporations. In September 2017, the Equifax breach cost the company up to US$700M in fines and had a long-term impact on its reputation.

Africa is not standing on the side-lines when it comes to data protection. The State of Data Protection Rules Around the World report highlights that 19 countries from the continent (Angola, Benin, Burkina Faso, Chad, Equatorial Guinea, Mali, Gabon, Ghana, Ivory Coast, Lesotho, Madagascar, Malawi, Morocco, Niger, Senegal, South Africa, Tunisia, Zambia) have enacted data protection and privacy laws. Another six African countries have laws in draft stages (including Kenya, Nigeria, Togo, Tanzania, Uganda, and Zimbabwe). Despite progress, it is deeply concerning that only 25 out of the 54 African countries have data protection laws. The remaining countries either have no legislation or have no data available on the matter. The report further states that:

As a continent, the African Union adopted the progressive Convention on Cyber Security and Personal Data protection in 2014. Only ten countries (Benin, Chad, Comoros, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, and Zambia) are signatories and only two (Mauritius and Senegal) have ratified the convention.”

Africa is an importer and consumer of technologies produced elsewhere in the world. As a direct result, the personal data of its citizens are stored in databases around the world with governments that have no clue with regards to how the data are stored, protected, and processed.

The Cambridge Analytica scandal that occurred in 2017 should be a wake-up call for stronger data protection in Africa.  The scandal was instrumental in showing how the outcome of a democratic process may have been flawed because of gaps in data protection laws.

As we shift towards a global digital economy, data sovereignty should be a concern to all African countries. Data has become a priceless asset. For the African region in general — and African countries in particular — to be able to plan strategically and ensure data from their citizens is protected, immediate action is required. Unless they do so, their independence and bargaining power are at stake, and the continent risks becoming the playing ground of the next Cambridge Analytica-like scandal, which could have severe and detrimental consequences to the democratic future of the continent.


Rodrigue Anani is a software engineer who has over five years of experience. Rodrigue is open-minded, pragmatic, and has a keen interest in building world-class solutions that have a positive impact on genuine and sustainable development. Rodrigue holds a Bachelor of Science in Information Technology from BlueCrest College, Ghana. He also holds a certificate in the “Internet of Things” delivered by the GSMA, and a certificate in Leading with Artificial Intelligence delivered by the Training Center of the International Labour Organisation and the Global Leadership Academy (GLAC). Mr. Rodrigue Anani has working experience and knowledge both in West Africa and North Africa countries.

Next Event: AI Leadership Webinar Series
Friday, 30th July @ 16.00 CEST

Register here for this free event.

Register here for this free event.

Announcement: New Summer Schedule

Dear Readers,

For the months of July and August, the Leading with AI newsletter will move to a bi-weekly schedule. Our next issue will follow on Thursday (as usual) 29th July. Wishing everyone a safe and healthy summer.

Warm wishes,
The Leading with AI Team