More than 1000 experts from around the world, including Rwanda, will be gathering in Ghana this week to address a key challenge facing Africa’s digital future – data privacy.
The Africa International Data Protection and Privacy Conference (24-27 June) will bring together national authorities from African Member States, as well as policy makers, data protection officers (DPOs) and data protection and privacy experts.
Africa has great potential to profit from a digital transformation that could provide much-needed jobs and improve access to quality services, including finance, healthcare, education and agriculture.
Home to the youngest population in the world, Africa is progressing rapidly in digital adoption. Underpinned by rising mobile connectivity, the continent has recorded the highest growth globally in Internet access, moving from 2.1% in 2005 to 24.4% in 2018.
According to the GSMA, the “mobile economy” is forecasted to reach 7.6% (US$ 214 billion) of the overall African GDP by 2020.
The right approach to data privacy will be critical to building trust in new technologies and systems, but there is a need to accelerate the progress being made.
Countries across Africa are at varying points on their journeys towards enacting Data Protection and Privacy laws.
Less than 15 out of 54 countries in the region have passed a Data Protection Law.
Rwanda has taken a leadership role in East Africa and continent-wide, promoting the Smart Africa Strategic Vision and adopting its own Smart Rwanda strategy.
If Rwanda wants to seize the opportunities arising from digital transformation, it should establish a comprehensive approach to data privacy that is not subsumed within an ICT Law, but applies generally regardless of sector or technology.
To support countries and other stakeholders move forward as they consider Data Protection and Privacy, the GSMA released its new ‘Guiding Principles for Smart Data Privacy Laws’ at the Africa International Data Protection and Privacy Conference.
“Establishing the right approach to data privacy is critical to Rwanda’s digital transformation,” said Jean-Francois Le Bihan, Public Policy Director, Sub-Saharan Africa, GSMA.
“To be successful, Rwanda must protect individuals while allowing organisations the freedom to innovate and secure positive outcomes for society.
Data privacy laws should put the responsibility on organisations to identify and mitigate risks while remaining flexible, technology- and sector-neutral and allowing data to move across borders easily.
“Without adhering to these guiding principles, poor data privacy enforcement could put at risk the US$ 214 billion mobile economy Africa has the potential to reach by 2020.
Rwanda has the opportunity to harness the digital economy as a driver of growth and innovation. If it fails to seize the opportunities, it runs the risk of economic isolation and stagnation.”
In summary the key learnings from the GSMA report for Rwanda include:
• Accountability – Embrace the idea of accountability by incentivising companies to adopt and be able to demonstrate responsible data governance practices. In particular the law can ensure that good accountable practices into consideration when investigating or imposing sanctions. This is by far the best way to promote effective protection for individuals;
• Horizontal – apply the law to processing of personal data generally, not just in the context of ICT giving individuals a consistent level of protection and defining a common baseline for all organisations participating in the data-driven economy regardless of sector or technology;
• Flexibility – provide a range of flexible grounds for processing that allow companies to innovate and operate efficiently while adopting responsible data governance practices;
• Cross-Border Data Flows – facilitate cross-border data flows by aligning its law as much as possible to regional frameworks and international standards, establishing an independent supervisory authority that can cooperate with equivalent authorities in other countries and participate in networks to develop mutual understanding of laws and enforce data privacy rules on each other’s behalf; and
• Localisation – Limit localisation requirements to what is strictly necessary for specific legitimate national security reasons. Such measures can act as a disincentive to foreign investors and ultimately fragment the internet, depriving local businesses of the knowledge and services they need to innovate and grow.