Issues pertaining to sovereignty over data generated by citizens across Africa have come to the fore as African Union (AU) leaders, member States’ representatives and partners met to chart path to a common continental approach to data privacy in world’s race for digital transformation.

Inputs shared at the inaugural Data Governance and Innovation Forum for Africa held on 17-18 November in Addis Ababa, point to the fact that despite Africa generating vast amount of data, it is not in control of this strategic asset. Countries in Africa also don’t benefit from the use of data collected from their population, or leverage the resource to guide development.

In particular, global big tech companies and private sector actors have been singled out for collecting the data which they use as raw materials to design products and services without knowledge and benefits to the data subjects in Africa. The amount of the data collected by the companies and its exact economic value are not known. 

“Our data is in the wrong hands. Even now it is actively being extracted from our people. I can see a situation where big, large tech companies are getting access to our data and producing products that give them money at expense of our own people and data that they are extracting from us… I don’t want to say collection, what they are doing is extraction,” a delegate only identified as Angela told the forum.

She expressed concerns that massive data extraction is happening unabated following the advent of Artificial Intelligence (AI). She urges the AU, stakeholders and nations to urgently come up with a mechanism that enforces data accountability.

Worrying trend

Current data extraction trend has been linked to both the legal loopholes and lack of IT infrastructure such as data centres on the continent to serve as repository for data generated locally.

Addressing these concerns not only calls for a common regulatory framework, but also huge investment in hard infrastructure, says Dr. Towela Nyirenda-Jere who is head of the economic integration division at the African Union Development Agency (AUDA-NEPAD).

Also read: Sovereign data control could boost Africa’s ‘gig economy’

“We need to think through what it is going to take for us to reverse this situation. There is huge investment that was made in all these data centres and cloud services out there and the magnitude is really beyond any single country on the continent at this particular point in time, but we need to be working towards it in a very consolidated and coordinated way,” she said.

Dr Towela indicates that data infrastructure that exist at the moment barely serve the African continent as they were built (largely by private sector companies) with the sole purpose of moving the extracted data from subjects to where they are stored and used with nothing to do with the beneficiation.

Loopholes

Official figures shared at the forum suggest that personal data protection laws are nonexistent in at least 11 countries of the 55 African Union member States.

So far 44 countries have enacted such legislations, but the latter are either outdated or not enforced in most instances.

This implies that personal data protection cannot be guaranteed in jurisdictions without effective enforcement of such laws. It remains so even after the adoption of the African Union convention on cyber security and personal data protection in 2014 in a bid to harmonise Africa’s approach to data privacy.

Popularly known as the Malabo Convention, the instrument has not gained much attention of governments as it got only 15 ratifications almost a decade later, thereby coming into force on 8th of June this year.

Joint initiative

Meanwhile, stakeholders bank on the ongoing push for implementation of the AU data policy framework to bring African countries at the same level of personal data protection, and ensuring that data collected within member States’ borders remain stored within.

The common approach to data privacy also promises to allow data interoperability, the sharing of data across multiple sectors, as well as cross-border data flows with adequate security.

This ongoing push to achieve harmonized legal and regulatory frameworks for data governance received a boost from European Union (EU) which is partnering with the AU on a project to provide support to member States.

It has been dubbed the Data Governance in Africa Initiative. Its implementation is scheduled to start next year, and will work to tackle aspects of data sovereignty, data localization, data infrastructure gaps, among others.

Also read: What to expect when Rwanda’s data privacy rules take effect

Souhila Amazouz, Senior ICT Policy Officer at African Union said the initiative will support member States to develop integrated data systems, as well as harmonized and coherent data governance across the continent, effectively making data available for innovation for business and boosting digital trade.

“The objective is to integrate the continent to a digital single market by 2030 and it is also in line with AU Agenda 2063 objective of regional integration and sustaibnable development,” Amazouz said.

Negotiations have been ongoing to develop the AfCFTA digital trade protocol which, upon approval by heads of State, will pave the way for the implementation of the digital single market in Africa.

Also read: Africa’s digital divide not shrinking, Govts face a long road ahead