The need for a data protection strategy for African economies and societies is becoming increasingly pressing. For a while now, digitalization has been permeating the social, political and economic spheres of life, raising questions about the use of data that have an impact on the global ecosystem of the digital economy. The most obvious group affected are legislators, who are responsible for enshrining the rules for the digital economy into law. But also for users of digital products the protection of their privacy and data seems a pretty straightforward concern. Interestingly, the answer to the question “why should businesses care?” is often that data protection can serve as a competitive advantage and unique selling point with both customers and investors.
Effective data protection concerns the global tech ecosystem
However, to purely see the topic from a balance-sheet-perspective would be a mistake since the right to privacy and data protection are fundamental guardrails not only of the digital economy but also the whole society.
Legislation is the government’s responsibility and companies cannot &should not fulfill that function. But in the absence of adequate legal frameworks, companies can engage in assessments of their own data protection systems. Thus, self-regulation is by no means the end goal but can serve as a temporary solution.
Incorporating data protection concerns could for example mean to ask “what is the impact of our machine learning algorithms and what data are they trained on?”. The answers to these questions are not “just” business decisions but fundamentally decisions on privacy, fairness, inclusion etc.
Thus, the choice that entrepreneurs and companies in the burgeoning digital economy have is only to either explicitly or implicitly address the power of these data practices. That is to say, even a non-engagement with that matter and non-protection of data ultimately still has an effect on customers — albeit most likely in detrimental ways. Importantly, these are not “just” business decisions but rather choices about what kind of societies we want to live in.
The need for research-informed policy
As digital technology plays a progressively larger role, research-informed policy remains evermore crucial for setting the terms and conditions based on which technology is integrated into society and what future is being built on this. A recent report estimated the economic potential for Africa’s internet economy to be $180 billion by 2025 (Google and IFC, a member of the World Bank Group, n.d.). From a political perspective, digital technologies form the newest iteration in the historical tradition in which communication technologies play a substantial part in who has political power and how it is exercised (Srinivasan & Diepeveen, 2019). Therefore, without proper guardrails, the “digital revolution”, as some call the increasing access to the internet and the rising digital economy, also harbors political risks such as rising inequality (Allen, 2021) and surveillance (Roberts et al., 2021).
Clear and enforceable regulation of data not only has the advantage of protecting the rights of individuals and groups that the data is linked to, but also of providing a coherent framework for the tech ecosystem, particularly with regards to emerging technology and business models. In light of this regulatory need, Digital Africa is asking: How can an African-centric data protection be conceived in the political context of different co-existing regimes?
Several, at times competing, data and privacy protection regulations already exist on the continent, forming an “African Digital Rights Agenda” (Abimbola et al., 2021) that consists of an array of “digital strategic plans” (p.4), “national development plans” (p.6), and “disparate documents, policies, laws, and activities” (p.7). The Mauritian Ministry of Technology, Communication and Innovation for example has issued a strategic plan for “digital government, ICT Infrastructure, Innovation, Talent Management and Cyber Security” (Ministry of Technology, Communication & Innovation, 2018, p.2). Digital strategies such as Mauritius’, cover wide-ranging topics that will significantly impact politics, the economy, and society.
Another example is Nigeria’s case, where , as Akintola and Akinpelu (2021) point out, the 2019 Nigerian Data Protection Regulation aims to comply with international standards, one reason being “to enhance the competitiveness of Nigerian companies in international trade” (p.308). Yet, the regulation needs to be amended in order to ensure “data protection principles consistent with those contained in the African Union and ECOWAS Data Protection Regulation” (p.317). Both the African Union Convention on Cyber security and Data Protection, which was adopted in 2014 and the Data Protection Act by the Economic Community of West African States adopted in 2010 are important first steps towards regional alignment and harmonisation, but remain to be widely ratified.
Stay tuned for part 2 of this series, where we will delve into how data protection legislation is complicated by different understandings of the “informal” economy and multiple systems of authority.
If you have any questions, feedback or remarks, you can reach out to akadiri@digital-africa.co