Which African data protection laws regulate AI?
The rapid progression of AI has sparked concerns at the potential of these technologies to infringe on human rights, and raised questions of how these technologies should be regulated and governed to ensure they respect and promote human rights and well-being. In particular, AI technologies pose risks to data protection, often because they rely on huge quantities of data, including personal data, in their training or because of their capacity to process personal data.
Very few countries in Africa have taken steps to directly regulate AI in general legislation or regulation. As previous research has shown, only one African country has legislation directly related to AI, and even then only to its use in the financial services industry. As a result, data protection legislation is usually the only form of governance currently in effect.
Of the 36 African countries with data protection laws, 25 provide some kind of protection for data subjects against certain types of automated processing, and even this is very minimal. The types of processing that are covered are either legal decisions intended to evaluate aspects of a person’s personality, and/or decisions with other legal effects based solely on automated data processing intended to profile a person or evaluate aspects of their personality or behaviour.
Three African data protection laws provide partial protections against automated processing: Botswana, Madagascar, and Uganda.
Eight African data protection laws do not appear to regulate automated processing at all: Chad, Cote d’Ivoire, Egypt, Malawi, Mali, Senegal, Seychelles, and Tunisia.
This raises the critical question: what is the best way to regulate AI to ensure we, as data subjects, have control over whether and how our personal information is used in training and developing AI systems?
For more detail on the governance of AI, check out ALT AI’s AI Governance in Africa report here.
