TRENDING NOW

Top 10 Global Consumer Trends 2020

Top 10 Global Consumer Trends 2021

Understanding the Why? Projective Techniques in Qualitative…

Thinking from the data, research & business intelligence industry
Privacy & Ethics

Data protection developments in Africa

by 0

This week, we continue our series of new data protection developments with the latest from Africa.

Over the past two years, several countries on the continent have implemented laws on personal data protection, or have taken the first steps in this direction. Below you will find a short overview per country of these developments.

Tunisia

In March 2018, a Bill was introduced to amend the 2004 Law on the Protection of Personal Data. The goal of the draft is to become more in line with the GDPR, so as to open more business opportunities with Europe. It provides more independence to the National Personal Data Authority, and gives it more power, namely: being able to issue financial and judiciary sanctions, being able to issue recommendations regarding the protection of personal data, and a consultative power in this domain. The draft also limits custodial sentences to dangerous crimes threatening public security and national defense. Under the Bill, transfer of personal data to a third party cannot be done without the consent of the data subject.

Algeria

The 2018 Algerian law on the Protection of Individuals in the Processing of Personal Data contains provisions which cover most topics expected to be found in a data privacy law: data subject’s consent requirements regarding data processing, the right to modification and erasure, and children’s data protection. Furthermore, the new Law requires that all personal data processing operations first be subject to a declaration to the national authority. This same authority (Autorité National de Protection des Données à Caractère Personnel) is allowed to deliver administrative sanctions in case of a breach. The sanctions regarding processing one’s sensible data are very strict: it can involve not only a monetary fine, but also two to five years of jail. Finally, it may be interesting to know that researchers are allowed to contact a data subject without consent through automatic call, e-mail or similar technology.

Egypt

A brand-new Data Protection law was passed in June 2019. It will protect personal data for Egyptians and EU citizens based in Egypt. It applies to all firms dealing with personal data. The law includes a consent clause, as with most Data Protection laws, both for the collection, processing and disclosure of one’s data. but also for the transfer, storage and preservation of said data. It also provides a definition for sensitive data: data relating to physical/mental health, financial, political, and religious data. Any transfer or sharing of personal data to a foreign country must first obtain a license from the newly created Personal Data Protection Centre.

Kenya

There are currently two separate draft Data Protection Bills currently under consideration in Kenya; one submitted to the Kenyan Parliament, and another to the senate. Not much is known about the status of these bills at this moment in time. The voting on the Bill presented to the Senate was delayed as of July 2019. The two Bills seem to be clashing on clauses that have remained unnamed. Due to the lack of information on this topic, the main element to take out of Kenya’s current legislation state regarding Data Privacy is that it is on its way to develop regulations regarding this topic, and on its way to adopting international standards.

Zambia

In June 2018, the Zambian Cabinet approved the introduction of a Data Protection Bill to Parliament. It applies to both private and public bodies, and has an extraterritorial scope, meaning that this Bill would apply to a personal data controller using processing means located in Zambia (save for if the data is merely in transit through Zambia). It provides for the establishment of an independent Administrative Authority, which will have oversight and control of the law. It will not be able to sanction on breaches itself, but will have the power to conduct inquiries, and submit to court any breach of the Act. The Bill also contains provision on requirements regarding the quality of data, such as adequacy of the data, accuracy, and anonymization. Interestingly enough, the processing of non-sensitive personal data is permitted without consent of the data subject, whereas processing sensitive data requires written consent. Information as to when this Bill is expected to pass is unclear.

Zimbabwe

Laws on Data Protection and on Freedom to Access Information are expected to come in the near future, as the Minister of Information, Publicity, and Broadcasting Services has announced in February of this year that the current Access to Information and Protection of Privacy Act would be repealed to welcome new laws on the topic. The information regarding these laws is, currently, quite scarce.

For a more exhaustive description or clarification of any of the aforementioned legislation, our Data Protection Officers will be happy to answer all of your question through our ESOMAR Plus service, an exclusive consultancy package tailored to help with your compliance needs.

Former Governmental Affairs Trainee, ESOMAR, The Netherlands

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.
Please note that your e-mail address will not be publicly displayed.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Technology’s role in preventing fraud

Angela Canin

A practical guide to employing trust principles for consumer data collection

Angela Canin

Understanding your customers

Angela Canin