Realizing the huge opportunity of digital transformation, governments are keen to establish a regulatory environment that supports data-driven economic growth while strengthening trust in technology. Many countries are therefore considering data privacy laws for the first time, while others are reappraising their existing approaches.
On the backdrop of this, the Ghana Data Protection Commission in collaboration with the Network of African Data Protection Authorities and the Ministry of Communications, held the first Africa Region Data Protection and Privacy Conference in Accra – Ghana.
Speaking at a closed session meeting of the African Network of Data Protection Authorities (ANDPA), at the Omanye Hall at the Labadi Beach Hotel on Monday 24th June, 2019, the Minister for Communications Mrs. Ursula Owusu-Ekuful, noted that, privacy and data protection was becoming more topical as we digitize all operations around the world, and Africa couldn’t be left behind.
Explaining that, the other side of cyber security was that, you could protect the systems but there was the need to protect the information held in the system as well.
Mrs. Owusu-Ekuful, said, “We have a data protection law which we passed in 2012 which says that, you cannot use anybody’s personal information without their consent. And so the way we handle our files, our medical records, our salary details, even leave request in the various MDAs that staff provide in the course of their work, the forms we make people fill out almost everywhere putting their names, date of birth, children, address …they are all their personal information and if it falls into wrong hands, people can use it to harm them in some way.”
“So the law provides a protection and a manner and which that information can be used. A lot of people don’t know that for all those who collects that information, they need to register with the data protection commission so that the commission can train personnel in their organizations as to how to handle that data well. You look at the information the electoral commission is collecting, once they compile their register digitally, what do they do with those forms? Do they handle it properly? Does it fall into the wrong hands? Because, it provides clues to as to how people an locate you, who you are, your phone number, address…… all of that can expose you to some kind of insecurity.”
She further noted that, the African Network of Data Protection Practitioners and Authorities have been set up in order to help and encourage those countries that don’t have data protection laws, to promulgate and pass them. And as well as help the ones that don’t have Data Protection Authorities which would help implement those laws, to establish the Authorities properly.
The Minister, noted that, Ghana had already began training and certifying data protection practitioners and professionals in various organizations so that they can also help the organizations to better manage the data that they collect, in order not to fall foul of the law.
She said, the law give the commission the right to fine people who do not apply the law properly, and as well as a prison term for wrongful use of personal data.
She emphasized that, “We want to encourage more African countries to ratify those conventions. We need about fourteen countries to ratify to make it effective, then we can begin to make alliances with the Europeans, Americans and the Asian Authorities, so that we can all build up our own capacity through the provision of their technical assistance. And it is critical looking at how all our systems are linked, one cyber attack in Ukraine infected systems across the world. In the same way, as we move towards the continental free trade area, we are linking our systems more, even our telecommunication systems…. we are building regional networks which will carry all our information.”
The Minister also stressed on the fact that, the African Region has been slow in enacting Data Protection and Privacy laws and establishing Supervisory Authorities in spite of the increased use of new technology, pace of digitisation and the activity in the global cyber space.
According to her, less than sixteen out of the fifty five countries in the region have passed a Data Protection Law. This lack of action, the digital divide and knowledge deficit of the subject area, she said, has global implications and impact on the protection of individuals considering that there is the one global cyber space and village for all actors.
She also disclosed that, fifty three countries outside Europe including four African countries, namely; Tunisia, Cape Verde, Senegal and Mauritius, have acceded the convention. “Morocco have been invited to accede.”
Mrs. Ursula Owusu-Ekuful, further noted that, of the nineteen common wealth countries in Africa, only three, Ghana, Mauritius and South Africa, have passed a Data Protection Law and established Supervisory Authorities.
She also disclosed that, the recently modernised Council of Europe’s Convention 108+ on data protection was the legally binding instrument that had been for decades, the international best practices standard open to all countries.
She therefore indicated that, the Network’s priority was to support more Commonwealth nations in enacting data protection laws.
Hon. Ursula, also said, Ghana has passed the right to information act, which allows anybody to seek any information at all. She however, quizzed if we as a country have looked into the privacy implications of that in the implementation of the law? “We’ve tasked them to also help us to build the right framework so that, while giving effect to one human right, we do not infringe upon another human right. We need to balance the competing interest very well,” She added.
The Minister also expatiated on the fact that, it was not enough to be doing the right thing in your country, if your subregions in the continent are also not putting in place the proper structures. Explaining that, “Our systems are linked, and a ‘chain is as weak as strong as its weakest link’. We urge countries that have not yet put the legislation, legal and regulatory framework in place, to establish the Authorities that will implement then build the skills and capacity that we need in-house. This way, the international community will take Africa serious for taking our destinies in our own hands,” She said.
On her part, the president of the ADPA, MME. Marguerite Ouedraogo Bonane, intimated that, Europe was ahead of Africa on the continent with respect to data protection and privacy. Saying, “So most of the laws we have here are based on what is in existent in Europe.”
“So what we are going to do is to collaborate together to come out with laws that will conform with the African context. We are also going to give a summary of activities undertaken in the various countries in Africa since the network was set up in 2012. A lot of activities have gone on including a meeting in Casablanca,” She said.
Adding that, “So we are going to have a close session meeting with the commissioners in the evening of 24th June, 2019, at the same venue to bring together and discuss whatever we have done in our various countries, and come out with best practices to adopt, because as part of activities that are being done in other countries, they are training personnel and people on data protection. Therefore, the meeting will let us know where we are, and then set milestones and objectives to be accomplished.”