Round up of Data Protection Africa

Wednesday, January 4, 2023

The year 2022 marked another significant milestone in Africa’s data protection development.

The year marked another significant milestone in Africa's data protection development. Since the introduction of the first data protection law in Cape Verde twenty-one years ago, it has continued to expand. In 2022, Eswatini and Tanzania enacted new laws, while Algeria, Mauritania, and Botswana appointed members to their data protection authorities. Nigeria established a new body for enforcing data protection regulations. The year witnessed, among other things, the imposition of a record fine in Angola, increased collaborations and partnerships between data protection authorities, and the publication of secondary instruments to aid compliance by various authorities.

In the last two decades, thirty-five countries have passed data protection legislation, twenty-five have established data protection authorities, and nineteen have yet to pass legislation. Eighteen of the twenty-five authorities were created specifically for data protection, while the remaining seven were added to an existing government agency carrying out another mandate under a different law. Only ten have laws, but there is no data protection authority. Legislation is also being considered in Nigeria, South Sudan, the Gambia, Ethiopia, and Namibia. This report highlights data protection activities in Africa in 2022,providing insights into various thematic areas.

The reports document trends identified within the year from the activities of data protection authorities, court judgments affecting data protection, ancillary laws with an impact, collaborations between authorities, and exploration of international cooperation mechanisms, among other things. The report also created a visualisation of the regulatory landscape in the region and a rating based on a predetermined metric.