The African Union's Data Privacy Convention: A Major Step Toward Global Consistency?
(2014) 131 Privacy Laws & Business International Report, 18-21
6 Pages Posted: 8 Jan 2015 Last revised: 19 Apr 2015
Date Written: October 8, 2014
Abstract
On 27 June 2014 the African Union Convention on Cyber-security and Personal Data Protection was adopted at the African Union’s Summit in Malabo, Equatorial Guinea. This is a major step forward for data privacy protection in Africa, and globally. This article analyses the scope of the Convention, the privacy principles it adopts (generally as strong as in Europe), and the strong enforcement structure it requires (including a data protection authority). There are also complex provisions concerning data exports.
Only a few weeks after the AU Convention adoption, 21 civil society organisations working on Internet governance in Africa, including many of the most prominent human rights organisations in Africa, also launched an African Declaration on Internet Rights and Freedoms. Two of the Declaration’s twelve ‘Key Principles’ are demands for protections on the Internet of privacy (including personal data), and data security, and it also includes strong statements against mass surveillance. The article concludes that the call for data privacy protection in Africa is therefore now coming from both government and civil society alike, though with different emphases.
The significance of the Convention depends to a large extent on how rapidly it is adopted by African states. The article concludes with a comparison of how significant other international data privacy agreements are likely to be within Africa.
Keywords: privacy, data protection, e-commerce, Africa, African Union, convention, international agreement
Suggested Citation: Suggested Citation