Privacy and Personal Data Protection in Africa - Advocacy Toolkit
Privacy and Personal Data Protection in Africa - Advocacy Toolkit
New toolkit offers insights into advocacy around the growing need for privacy and personal data protection in Africa
As online interactions form an ever greater part of our daily lives, a growing amount of our personal data is being collected, stored and mined by different public and private sector players. As a result, issues regarding the right to privacy and personal data protection have become increasingly relevant. The COVID-19 pandemic has sped up this shift to the digital sphere significantly around the world, and Africa is no exception. This makes the recent launch of the Privacy and personal data protection in Africa: Advocacy toolkit especially timely.
The toolkit was developed by the African Declaration on Internet Rights and Freedoms (AfDec) Coalition. It provides an overview of all relevant national, regional and international mechanisms, duty bearers and rights holders, and a checklist for analysing data protection and privacy-related policy and legislation using the human rights-based approach (HRBA).
The two lead consultants in the development of the toolkit, the University of Pretoria Centre for Human Rights and ALT Advisory, have been prominently involved in privacy and data protection in Africa.
A broad range of African stakeholders from diverse geographical and professional backgrounds validated the toolkit, which is meant to raise awareness among civil society actors, policy makers and human rights activists on the HRBA.
This advocacy toolkit provides an overview of the legal standards concerning the right of privacy and personal data protection in Africa and offers a set of practical tools for stakeholders in the formulation and implementation of data protection frameworks.
At the same time, the toolkit is a guide to engage with, advocate for, and inform policy makers on data protection and privacy in Africa, and can also be used as a manual by trainers in the understanding of data protection and privacy for various actors.
The toolkit is divided into three parts, with the first one providing an introduction to the international and regional human rights frameworks, while part two delves into the content of the right to privacy and personal data protection. Part three, on the other hand, deals with duty bearers and rights holders. It focuses on issues such as data protection terminology; key principles of data protection law; the rights of data subjects and obligations of duty bearers; and policy guidelines on data protection and privacy.
The toolkit draws lessons from the European frameworks relating to data protection such as the General Data Protection Regulation (GDPR), which is intended to harmonise the collection, storage, use, sharing and processing of personal information across Europe.
The toolkit also highlights the existing African frameworks on data protection, including the revised Declaration of Principles on Freedom of Expression and Access to Information in Africa adopted by the African Commission on Human and Peoples’ Rights, as well as the African Union Convention on Cyber Security and Personal Data Protection.
Several recommendations are offered, among them, the need for the African Union Commission to incorporate the right to privacy in the work of other special mechanisms beyond the Special Rapporteur on Freedom of Expression and Access to Information.
It also recommends that the Pan African Parliament, the legislative body of the African Union, develop programmes on privacy, data protection, consumer protection, electronic commerce, cybercrime, the fourth industrial revolution and the implications of technology on privacy and data protection.
On national data protection agencies, the toolkit recommends that their powers, tasks and responsibilities should be to supervise and monitor the application of data protection laws and implementation of sanctions in cases of non-compliance.
The toolkit also spells out the role of law enforcement agencies, which should including working with the data protection agencies and processing personal information in a lawful, fair and transparent manner.
For their part, national human rights institutions are urged to see privacy and data protection as human rights concerns that should fall within the scope of their mandate.