More than half of Africa’s 54 countries have no data protection or privacy laws, according to London-based rights group Article 19. And, of the 14 countries that do, nine have no regulators to enforce them, the group says.
Unlike in Europe and the United States, where data-privacy laws provide a level of protection to consumers, many Africans have little or no recourse if a data breach occurs because often legal and regulatory safeguards don’t exist.
And yet, recent revelations about British analytics firm Cambridge Analytica, which Facebook says improperly accessed personal data of about 50 million of the social networks users in the 2016 U.S. presidential election, have also touched the African continent.Regulation always lags behind technological developments.
Cambridge Analytica or its parent company SCL Group worked on the 2013 and 2017 campaigns of Kenya’s President Uhuru Kenyatta. The company was also hired to support the failed re-election bid of then-president Goodluck Jonathan of Nigeria in 2015, according to Britain’s Guardian newspaper.
In Kenya, a country of 44 million people with some 8.5 million using Facebook on a monthly basis, specialists say no specific data-protection laws exist. The government has said it is drafting a data protection bill.
But even some data-privacy bills that have been introduced in African parliaments have been held up for years.
In Nigeria, the African country with the most internet users, a data-protection bill that was introduced in 2010 is still making its way through parliament.
The proposed Nigerian legislation, which is being reviewed by the upper house of parliament, would prohibit the processing of data for purposes other than their original intended use and companies could be fined for breaches of personal information.
But digital-rights campaigners question whether law enforcement agencies and the judiciary would be equipped to enforce the Nigerian legislation if it was passed.
A spokesman for Nigeria’s communications ministry declined to comment.
Data privacy groups say that many African governments have a vested interest in not introducing such laws because they use citizens’ data for their own ends – whether for political campaigns, as in Kenya, or for suppressing political dissent, as rights groups allege that the government in Tanzania has done since passing a cyber crime law in 2015.
A spokesman for the Tanzanian government said that authorities issued new regulations last month that, among other things, prevent the national communications regulator from disclosing personal data of web users.
A glimmer of hope?
Growth of internet use in Africa, a continent of 1 billion people, has been fuelled by rapidly expanding mobile broadband networks and ever more affordable phones.
And many internet connections have social networking sites as their destination.
“Facebook is the Internet for many people in Africa,” said Nanjira Sambuli, who heads the World Wide Web Foundation’s office in Kenya.
While specialists say public awareness about the importance of data protection in Africa is far less than in the United States and Europe, there are signs of growing concern.
Phumzile van Damme, a South African politician from the opposition Democratic Alliance, has raised concerns about what she termed the “digital dark arts” being used to manipulate voters ahead of the country’s elections scheduled for next year.
Writing on Twitter on March 25, van Damme said she had been studying the lessons of the 2016 U.S. election and reading reports of the involvement of private firms including Cambridge Analytica in “manipulating” voters using their data in recent African elections.
She said that she hoped South Africa’s communications regulator had been doing the same.
“Regulation always lags behind technological developments,” she said.