Mapping the progress (and delays) for data protection in Africa
As part of our ongoing series analysing the trends in data protection in Africa, this post unpacks the overall progress in adopting data protection laws across the continent — and the long work ahead.
In an increasingly digital world, data protection has never been more important. It’s therefore encouraging to see that — after long policy delays in many parts of the continent — there has been a steady rise in the number of African data protection laws.
Here are three noteworthy trends:
* * *
1. The majority of African countries now have a data protection law
As of January 2024, 36 out of 55 African countries (65%) now have a data protection law. Another three countries (Ethiopia, Namibia, and Malawi) have a draft law under consideration. This does mean that another 16 countries (29%) in Africa still show no progress in enacting data protection legislation.
* * *
2. The pace of policy-making has sped up
As this visualisation shows, there has been a steady uptick in the number of data protection laws enacted across Africa. The number of data protection laws in Africa has more than doubled in the last decade, and a third of these laws were passed in just the last five years.
* * *
3. Some regions have moved quicker than others
As the table shows, some regions have done better than others in passing this important legislation. Among traditionally Francophone countries, 75% have adopted a data protection law — and many were among the earliest to do so.
Many Southern African countries have only adopted data protection laws more recently, but 73% now have a law in place — with draft laws under consideration in Namibia and Malawi. By contrast, only 54% of countries in East Africa have enacted laws.
* * *
But there is still a long way to go. In addition to the many African states with no significant progress in developing a data protection law, many of the countries who have enacted such a law are facing major challenges in implementing these laws, including through a lack of independence for the regulatory authorities and a resource and capacity constraints to enforce violations.
These trends will be unpacked in a future installment of this series.
