Data Protection in Africa – Ong’anya Ombo Advocates

African countries face a mirage of challenges concerning Cyberspace and Telecommunication, both concerning useful technology and laws. It is not only hard to tell how companies and/or their subsidiaries such as Alphabet (parent company for Google), Yahoo, WhatsApp, Instagram, Facebook, Twitter, International Financial Institutions, etc. use the big data that they collect and analyse from African Countries, but also how the companies can be regulated or held liable if the laws are violated.

Like in the World Trade Organisation (WTO), African countries have little say on issues touching on Data Protection and other activities that surround the handling of Data collected from African Countries. Therefore, it is reasonable that African countries should borrow a leaf from the European Union (EU). In precision, that will require African Countries commit to a common purpose; it is for such reasons that EU member States have influential standing when presenting their grievance irrespective of the geographical and economic standing in the world.

Irrespective of the African Union adopting the African Union Convention on Cyber Security and Personal Data Protection (the Convention), it is evident that not much effort has been put in place to utilise its purpose. The Convention should not serve as other provisions that seem to be decorations rather it must be a tool for guiding and achieving certain goals.

Questions such as where will the Information Communication Technology Infrastructure be installed, not to mention how the data is to be processed is also of importance. Issues regarding third parties accessing the said private information.

Irrespective of some controversial provisions found in the Convention, it is also clear that it was meant to be broad enough since cyber-oriented topics are very dynamic. Hence, the possible view of it to violate fundamental human rights and that is because that the Convention seems to down its tools for States to take the necessary measures such as developing various legislations to that effect. To some extent, the Convention appears to reflect the purpose of the Budapest Convention, whereby it provides guidelines on how to address issues of Cyberspace Laws.

That said, it is clear that the AU has taken steps to ensure that African countries are a step ahead concerning Cyberspace and Telecommunication activities. However, leaving the whole task to member States makes it unviable move, because in the event a multinational corporation violates the laws, it will be much swifter to handle it as AU rather than an individual State.

The member States of the EU enjoy protection through State or personal protection. The European Court of Justice made a decision that has been dubbed as Right to be forgotten. It is a Spanish citizen who needed Google to delete any information regarding his insolvency from the search engine. Predominantly, the information was not be viewed within EU at all when searched online. The case portrays issues of control of the content in the cyberspace as raised in The LICRA v Yahoo! Inc.

Lastly, it will be imperative for AU to come up with mandatory Directives enforced by it and not optional guidelines for Member States to apply. Also, in implementing or learning from Safe Harbour and now Privacy Shield, the AU can come up with sound provisions of law that will protect the privacy of the People of Africa more so when companies intend to collect, process and share information to other third parties.