In today’s data-driven world, We are generating data at an unprecedented rate. Data can reveal trends and patterns, highlight areas needing investment, and monitor the effectiveness of policy interventions. By leveraging data, governments can make informed decisions that lead to better outcomes for citizens, promoting more accountable and responsible governance. 

Should we harmonise data in Africa?

The question of whether to harmonise data in Africa is complex and requires thorough research. According to a 2019 OECD report, studies have shown that national or regional data access and sharing can generate social and economic benefits worth 1%-2.5% of GDP on average. Conversely, a 2021 report from the Information Technology & Innovation Foundation (ITIF) highlighted that increasing data restrictiveness can negatively impact a nation’s economy, reducing gross trade output by 7%, slowing productivity by 2.9%, and raising prices of goods and services by 1.5% over five years.

In our years of work in data governance, we know that beyond data management, privacy, and protection, data governance encompasses comprehensive policies, strategies, standards, rights, and accountabilities. And, for countries to create a vibrant market for data use while safeguarding individual rights, they must lead the way in developing data strategies and governance frameworks that  reflect their people’s unique characteristics and address gaps in digitization, identity, and data access.

Kenya is currently  making strides towards an inclusive and secure data driven future. Speaking at the annual Network of African Data Protection Authorities (NAPDA) Summit which took place on 7th to 9th May 2024, Data Commissioner Immaculate Kassait said,

“There’s a need to harmonise data protection laws across Africa. We call for better data interoperability in Africa to unlock many opportunities and the potential of the digital economy.”

NADPA Conference in Kenya: Credits

The landscape of data protection in Africa has seen significant progress, with 36 out of 54 countries now having established data protection laws. The Malabo Convention on Cyber Security and Personal Data Protection, adopted by the African Union on June 27, 2014, aims to create a robust legal framework for cybersecurity and data protection across the continent. In September 2023, Kenya reaffirmed its dedication to the Pan-African Parliament, joining other nations such as Benin, Chad, Comoros, Congo, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, and Zambia. Additionally, 13 countries, including Niger, have ratified the convention, demonstrating their commitment to promoting cybersecurity and safeguarding personal data.

The year 2022 also marked a period of unprecedented enforcement and implementation of these laws, reflecting a growing commitment to data privacy and security across the continent. With 36 African countries having data protection laws and the Malabo Convention providing a continental framework similar to the EU’s GDPR, Africa is on the right track. Compared to global standards, the EU’s GDPR is considered the gold standard, while the US has a fragmented approach, and Asia has a mix of robust and developing frameworks.

Challenges and opportunities

Data Harmonisation is not a simple task, challenges are inevitable, but Africa must be ambitious. Whether it is regional or continent-wide,  establishing a data governance instrument requires significant funding, human capital, resources, and strong political will. Given Africa’s diversity in culture, language, and political systems, such an instrument must be inclusive, proactive, and realistic to the African experience. 

Data protection laws enacted across Africa: Credits

Towards data harmonisation in East Africa

As East Africa navigates the digital age, it becomes evident that a unified data governance framework is essential. This is not merely a policy requirement but a strategic necessity. Fortunately, the East African Community (EAC) has taken significant steps towards regional digital integration. For instance, the One Network Area (ONA) initiative has reduced rates for cross-border voice traffic within member countries and removed mobile roaming charges. However, the complete implementation and expansion of the ONA and the e-Commerce Strategy need support from both the EAC and its Member States.

At the Open Institute, we are exploring what a unified data governance approach would look like for East Africa. On July 11th 2024, we hosted a virtual workshop on “Data Governance for Regional Integration in East Africa,” where we looked into successful data governance practices across the region. This workshop was attended by representatives from 12 Civil society organisations namely Africa Health Foundation (AHF), Uganda National Health Consumers’ Organisation (UNHCO), Dignity and Well-being for Women living with HIV (Tanzania), Grassroot Development Initiatives Foundation Kenya – (Gradif – Kenya), Rural Empowerment Development Organization among others . The meeting allowed us to address areas needing improvement and solidify our commitment to establishing a unified approach that enhances regional integration and collaboration. 

A key takeaway from the deliberations was the pressing need for training and capacity building in data governance for the East Africa region. We are now actively organising training sessions for non-state actors in Uganda and Tanzania to address this need. We are starting off by having conversations to explore what exists, what can be done, and how we can work together within the region towards a cohesive and effective data governance landscape that works for our regional context. 

Our ongoing engagements with East African Civil Society Organisations, both physically and virtually, have highlighted two key reasons for a unified framework: 

• Protecting citizen digital rights against big tech misuse and supporting cross-border trade. A unified stance would strengthen East African nations’ bargaining power with tech giants like Google, Facebook, and Amazon, ensuring better representation in discussions on data sovereignty and privacy.
• It would simplify regulatory processes for businesses expanding across borders, reducing costs and fostering a more integrated digital market.

But for data harmonisation to work effectively: 

• There needs to be increased  awareness among data controllers about their obligations and conducting audits of their performance is also crucial. 
• Regulators should be empowered to operate independently with adequate resources. 
• It is essential to enhance the capabilities of data collectors, regulators, government departments, and data intermediaries to effectively safeguard the rights of data subjects.

What next?

The exploration of data governance is ongoing, requiring further discussions and research. Future data governance involves more than just adherence to procedures; it is about balancing the use of data for operational efficiency and decision-making with compliance to regulatory standards, while also mitigating risks from poor data management. Additionally, it is crucial for governments to have a clear strategy, vision, and goals regarding data. Overall, African countries are progressing well but need continuous efforts in implementation, resource allocation, and public awareness to fully align with global standards.

As civil society organisations, our role in championing data privacy is very essential in maintaining ethical data governance. We serve as champions of ensuring that data practices align with the interests of the broader population, acting as watchdogs to ensure ethical standards and data subjects’ rights are upheld. 

We continue to actively advocate for data privacy and protection and push for the inclusion of perspectives from marginalised groups in data-driven policymaking. 

Our active engagement and advocacy helps uphold transparency, accountability, and ethical data practices.