Data Protection Legal Regime and Data Governance in Africa: An Overview
African Economic Research Consortium
In its simplest sense, Data Governance refers to the overall management of (personal and non-personal) data to facilitate organizational goals. Data Protection, on the other hand, predominantly regulates the management of personal data for the overall protection of users’ privacy and other fundamental rights and freedoms. The Fourth Industrial Revolution has greatly increased the processing of personal data for business and social purposes in Africa, hence the imminent need to regulate dealings with such personal information for undesirable purpose(s) by setting up relevant legal frameworks to address the unfavourable effects on humans, whose personal information are utilized for sundry purposes. This research paper analyses the regional legal framework around data protection in Africa in the light of their salient provisions, adequacy, efficiency, and enforceability in relation to data governance on the continent. The paper makes some juxtaposition with the European Union General Data Protection Regulation in relation to its remote or immediate impact on the African legislation on data protection. The research exposes the inadequacies of the data protection legal framework and the non-existent mechanism for cross border transfers of personal data, which ought to be regulated by the existing Data Protection Authorities (DPAs) in Africa. The paper then concludes with some incentives for data protection within the context of data governance on the continent.
data protection, data governance, GDPR, Malabo Convention, personal data