In 2014, the African Union Commission (AUC) adopted the Malabo Convention on Cyber Security and Personal Data Protection in order to provide fundamental principles and guidelines, ensure the effective protection of personal data and create a safe digital environment for citizens as well as protect individuals’ online data and privacy.
However, unlike the European Union’s (EU) General Data Protection Regulation (GDPR), the African Union (AU) Convention is not automatically enforceable and countries must transpose it into specific legislation.
Only a few African countries have so far adopted the AU Convention. Although 22 African countries have enacted privacy and data protection laws, many internet users are not aware of the implications of these regulations on their use of the web, in terms of how they impact digital rights. For example, certain regulations permit the automatic collection of user data without their knowledge or consent.
These challenges are part of what the AU’s Policy and Regulation Initiative for Digital Africa (PRIDA) is addressing. The EU-funded initiative will help to foster universally accessible and affordable broadband across the continent in order to unlock the future benefits of internet service.
The project will help to strengthen the African Internet Governance Forum (AfIGF) and assist in the establishment of a “digital policy clinics” framework to offer on-demand assistance to African negotiators. This initiative will also help to increase the number of digital champions in Africa, as witnessed during the 7th annual AfIGF held from 4-6 November, 2018, at the Corinthia Hotel Khartoum in Sudan.
The 7th AfIGF, which had the theme “Development of the Digital Economy and Emerging Technologies in Africa”, showed the need to open the minds of leaders to understand the value of the digital economy. The event also addressed the importance of unlocking human potential online, protecting digital rights, enhancing access to the internet and developing stakeholder trust, among other topics.
The message from the 7th AfIGF was clear: African countries must support the development of an internet that is secure, open, accessible, usable and affordable and which improves the quality of life of citizens in order to seize the potential of a digital economy. This undertaking should include setting up minimal standards on e-signatures as well as investing in big data, cloud computing, innovation hubs, Internet of Things (IoT) and artificial intelligence, among other developments.
Similarly, the recommendations that emerged from the forum included ensuring that member states adopt the AU Malabo Convention on Cyber Security and Personal Data Protection. The right to privacy is enshrined in various international human rights instruments. These include the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, the UN Convention on the Rights of the Child and the United Nations Convention on Migrant Workers.
The question that constantly came up during the 7th AfIGF was whether Africa is ready for the digital economy. Currently, citizens of developing countries do not produce enough local content. In addition, there is low internet penetration and few data centres in Africa.
According to the African Network Information Centre (AfriNIC), the region’s registries are still small and there is a need for increased awareness about the registries in Africa. AfriNIC has allocated more than 112 million IPv4 addresses, which are nearing exhaustion. Governments and organisations now need to migrate to IPv6, implement Internet Exchange Points (IXP) and host local content to reduce the cost of access to the internet in Africa.
The 7th AfIGF also demonstrated that entrepreneurship is important in the development of the digital economy. Proper policies that address digital identity, cybersecurity, privacy and internet exchange points are essential to enhancing the digital society ecosystem. In addition, adequate resources need to be available to build the capacity of African governments and organisations in a range of areas relevant to internet management at all levels.
However, the success of countries in embracing the digital economy will depend on putting evidence-based policies into place. Many African countries have proposed or passed laws and regulations that undermine public confidence in the use of online platforms. Some African countries have put into place laws and regulations that undermine internet access and affordability and enable network disruptions and the increasing criminalisation of online conduct.
Human rights defenders, journalists, government officials, private sector players, global information intermediaries, bloggers, developers and regulators have a duty to curtail the misuse of personal data as it threatens fundamental rights, undermines trust and damages the digital economy.
In May 2018, the AUC and the Internet Society (ISOC) launched the Personal Data Protection Guidelines for Africa. The guidelines are grounded on principles of privacy, trust and responsible use. The guidelines emphasise the importance of ensuring trust in online services as a key factor in sustaining a productive and beneficial digital economy.
In addition, the guidelines provide essential principles related to online personal data protection including consent, accuracy, deletion, transparency of processing, confidentiality and security of personal data.
The Malabo Convention is the first step towards all African countries developing legislative frameworks for cybersecurity and data protection. What now remains to be seen is whether all the AU member states will protect their citizens as they advance their digital economy.
Bob is a Kenyan working as an ICT Trainer and Community Facilitator with Arid Lands Information Network (ALIN). I am based at ALIN-Ng’arua Maarifa Centre in Sipili, Laikipia West Sub County, Kenya. I have studied Information Technology although I have a strong interest in agricultural development and working with rural communities in arid parts of Kenya.