GSMA launches guidelines for smart data privacy laws at Africa International Data Protection and Privacy Conference

More than 1000 experts from around the world will be gathering in Ghana this week to address a key challenge facing Africa’s digital future – data privacy.

The Africa International Data Protection and Privacy Conference (24-27 June) will bring together national authorities from African Member States, as well as policy makers, data protection officers (DPOs) and data protection and privacy experts.

Africa has great potential to profit from a digital transformation that could provide much-needed jobs and improve access to quality services, including finance, healthcare, education and agriculture.

Home to the youngest population in the world, Africa is progressing rapidly in digital adoption. Underpinned by rising mobile connectivity, the continent has recorded the highest growth globally in Internet access, moving from 2.1% in 2005 to 24.4% in 2018. According to the GSMA the “mobile economy” is forecasted to reach 7.6% (US$ 214 billion) of the overall African GDP by 2020.

Africa has the opportunity to harness the digital economy as a driver of growth and innovation. If it fails to seize the opportunities, it runs the risk of economic isolation and stagnation.

The right approach to data privacy will be critical to building trust in new technologies and systems, but there is a need to accelerate the progress being made. Countries across Africa are at varying points on their journeys towards enacting Data Protection and Privacy laws. Less than 15 out of 54 countries in the region have passed a Data Protection Law.

To support countries and other stakeholders move forward as they consider Data Protection and Privacy, the GSMA released its new ‘Guiding Principles for Smart Data Privacy Laws’ at the Africa International Data Protection and Privacy Conference.

“Establishing the right data privacy laws is critical to Africa’s digital transformation,” said Jean-Francois Le Bihan, Public Policy Director, Sub-Saharan Africa, GSMA.

“To be successful, laws must protect individuals while allowing organisations the freedom to innovate and secure positive outcomes for society. Data privacy laws should put the responsibility on organisations to identify and mitigate risks while remaining flexible, technology- and sector-neutral and allowing data to move across borders easily.

“Without adhering to these guiding principles, there is a serious risk that laws will end up being too prescriptive and too rapidly outdated, whilst putting at risk the US$ 214 billion mobile economy Africa has the potential to reach by 2020.”

In summary the GSMA believes data privacy rules need to:

Put individuals in the driving seat: give rights to individuals and establish independent data protection authorities that can deal with complaints and enforcement.

Be horizontal: apply regardless of technology or sector so that people can receive the same protection when their data is processed.

Promote ‘Accountability’: encourage companies to adopt good data governance practices and take responsibility for mitigating privacy risks.

Be flexible: allow companies the flexibility to innovate and operate efficiently provided they take responsibility.

Promote cross-border data flows across the whole of Africa: provide a range of legal mechanisms to allow personal data to flow across borders. Be substantially similar across the whole of Africa with mutual enforcement and cooperation between authorities.

The GSMA’s ‘Guiding Principles for Smart Data Privacy Laws’ report is available in English here.