Multiple systems of authority and regulation
The term “legal pluralism” is often used to describe the coexistence of different legal and quasi-legal systems (Berman, 2020, p.2). Within the African context, researchers specifically focus on the interconnection between pre-colonial, colonial, and post-colonial legal systems (Gebeye, 2017). In addition to this already complex web, technology itself has to be seen within a complicated historical context. That not only includes the role of technology in colonialism, but also the history of global interconnectedness outside of euro-centric lenses (Arnold, 2005), and the neglected histories of African-specific innovation and technology (Mavhunga, 2014).
In summary, African states are confronted with drawing up effective data protection legislation within an environment of intertwined pre-colonial, colonial, post-colonial, and regional systems of authority. All while having to consider emerging technologies (Howson, 2021) and the geopolitical issue of data sovereignty in an international context (Kathure, 2021), as well as the conflicted legacy of technologies.
Navigating “informal” spaces
Within this plural system, political actors determine which behavior is accounted for by formal laws and which behavior is deemed rule-breaking or outside of “formal” in “informal” spaces. This has a great impact on the digital economy, where new technological innovations often start out in unregulated territory.
Prominent examples include the biggest names of the platform economy, such as Uber and Airbnb, whose foray into transport and hospitality respectively, had legislators catching up with regulatory initiatives (Bissada, 2021). This process of regulation and formalization is also particularly interesting in the area of emerging technologies, where the risk of unforeseen consequences runs especially high (Stankovic et al., 2021). Sometimes, as for example in the case of Nigeria’s temporary Twitter ban, sweeping regulation can come unexpectedly swift (Onuah, 2022) with consequences for civil society and businesses, who rely on these technologies.
The so-called “informal economy”, which is often talked about in the African context, illustrates that it is usually political conditions which offer clear-cut definitions of what is “informal”. One definition is that the informal economy comprises activities outside of state regulation and taxation, but in reality the distinction between what is “formal” and “informal” cannot easily be drawn. This is partly due to the fact that the nature of economic systems differs greatly from country to country but also that the criteria to determine informality are often extremely simplified. Different economists use different definitions, different criteria and different indicators, and are therefore coming to different conclusions (Mbaye et al., 2020). In order to better understand informality, the economics professor Ahmadou Aly Mbaye argues that we need to move past the simplified categorisation towards the idea of a spectrum, that is, we need to acknowledge that “informal” can mean a range of different things in different contexts (Institute Montaigne, 2021).
A difficult delimitation between formality/informality and legal/illegal
The drawing of boundaries between formality/informality and legal/illegal also impacts what is deemed “legitimate” technological innovation. For example, improving living conditions in informal settlements, non-proprietary software innovation and even hacking are often excluded. Looking at the margins of these categories illustrates that there are diverse ideas of what innovation can mean and of who is innovated for, as well as that technological innovation at these margins is often a process of interaction between many communities (Moreno-Martínez & Guerrero-Castro, 2020).
In the context of data protection regulation it is therefore useful to ask what the spectrum of informality is. Which rules and norms define whether a space is formal or informal, and who are the norm-generating (political) communities influencing this definition? In other terms, who are the actors elaborating the frame of rules for data protection in Africa: what organizations do they belong to and what values lay at the heart of their communities ? Importantly, the varying degrees of formality as well as the at times competing legal and quasi-legal authorities impact behavior. Rather than simply looking at compliance and non-compliance, it is therefore interesting to investigate in what different ways people behave in light of rules (Chiodelli & Moroni, 2014) and what impacts these different behaviours.
Within African-centric data protection, it remains to be explored which factors guide different behaviors towards data and in how far these are influenced by degrees of informality. Moreover, it is important to analyse how marginalised communities are affected by these definitions of informality.
Setting up effective regulatory text is only one part of the equation, the other crucial remaining part is the implementation of such policy. In a recent brief from the Center for Global Development, Teki Akuetteh Falconer from the Africa Digital Rights Hub pointed towards the lack of institutional resources as one of the most pressing needs in data regulation (Pisa & Nwankwo, 2021, p.2). In some instances, countries may have legislation but no governmental agency to enforce it. In other instances, such as Nigeria for example, crucial legislation still remains to be approved by the president (Ilori, 2020). Even in the context of the European Data Protection Regulation (GDPR), which is often seen as a model for regulation, the number of complaints largely outnumber the fines issued, with Germany for instance having just issued 28 fines as of March 2021 (Chander et al., 2021).
Launching “Research by Digital Africa” on African-centric data protection
How can all of these insights guide data regulation on the continent? To investigate this question, Digital Africa is launching a research project on the conditions for African-centric data protection approaches. To start answering this, Digital Africa has convened experts from different disciplines in an online multi-disciplinary research workshop, posted online on February 11th , with the following question to be addressed: How can an African-centric data protection be conceived in the context of co-existing authorities that shape the conditions for behavior towards regulations?
The research “African-centric data protection” is a part of the broader project “Research by Digital Africa” that aims to produce knowledge on critical issues related to Made-in-Africa innovation and technology. Stay tuned for more research-related content on Resilient Digital Africa!
If you have any questions, feedback or remarks, you can reach out to akadiri@digital-africa.co.