CAMEROON
DATA PROTECTION FACTSHEET
-
Population: 27,412,055
Capital: Yaoundé
President: Paul Biya
2021 Freedom House Score: 16/100
Data protection law? No, and no data protection authority has yet been appointed
-
Privacy enshrined in Constitution: Yes, the right to privacy is entrenched in Preamble of the Cameroonian Constitution.
DPA legislation: There is currently no comprehensive data protection legislation in Cameroon, but various sectoral laws contain relevant provisions, including:
- Law No. 2005/007 of 27 July 2005 on the Criminal Procedure Code;
- Law No. 2000/011 of 19 December 2000 on Copyright and Neighbouring;
- Law No. 2003/004 of 21 April 2003 on Banking Secrecy;
- Law No. 2010/013 of 21 December 2010 Regulating Electronic Communications in Cameroon;
- Law No. 2010/012 of 21 December 2010 on Cybersecurity and Cybercrime in Cameroon;
- Law No. 2015/006 of 20 April 2015 Amending and Completing Some Provisions of Law No. 2010/013 of 21 December 2010 Regulating Electronic Communications in Cameroon;
- Law No. 2010/021 of 21 December 2010 Regulating Electronic Commerce in Cameroon.
These laws provide various rights to data subjects, such as:
- The right to be informed: article 4(1) of the E-Communications Consumer Protection Decree states the consumer has the right to be informed of any of their information that an operator or service provider will be processing;
- The right to rectification: article 11 of the Identification Requirements Law allows for persons to be able to update or rectify data concerning them;
The Central African Economic and Monetary Community (CEMAC) has also issued some legislation which is applicable. Notably, Regulation No. 01/20/CEMAC/UMAC/COBAC of 3 July 2020 on the Protection of Consumers of Banking Products and Services in CEMAC provides in article 30 for the right to erasure by allowing for a person to access information that is collected on them and to request its erasure.
-
ICCPR: Acceded
Council of Europe Convention 108: No
Council of Europe Convention 185: No
Malabo Convention: Signed
ECOWAS Supplementary Act on Personal Data Protection: No
Council of Europe Additional Protocol to Convention 108 (Treaty No. 181): No
-
Applies to natural persons: No law
Applies to juristic persons: No law
Applies to public entities: No law
Domestic/personal purposes exclusion: No law
National security exclusion: No law
Law enforcement exclusion: No law
Cabinet or Executive Council exclusion: No law
Judicial functions exclusion: No law
Journalistic, literary or artistic purposes exclusion: No law
Temporary copies exclusion: No law
Other exclusion(s): No law
Broad or vague exclusions: No law
Applies to foreign entities: No law
Excludes foreign entities that only transit personal data through the country: No law
-
Personal data is not defined under Cameroonian law.
-
Certain sectoral laws and regulations require data handlers to process personal information confidentially.
-
Notification that data is being processed: No law
Notification to DPA in event of data breach: No law
Notification to data subject in event of data breach: No law
Timeframe for notification is specified: No law
Exceptions exist to breach notifications: No law
Requires a data processing register: No law
Register is publicly available: No law
Provides for terms of service icons: No law
DPA must submit at least annual report: No law
DPA report is made public: No law
-
Explicit provision for civil liability: No law
Established/designates a Data Protection Authority: No law
DPA is empowered to investigate: No law
DPA is empowered to subpoena or request evidence: No law
Law provides for criminal penalties: No law
Law provides for administrative penalties: No law
DPA is independently structured (does not exist within or receive instructions from another public body): No law
DPA receives funding directly from the state budget/legislative body: No law
DPA may receive some forms of external funding/own revenue: No law
Adequate protections against undue removal: No law
Number of members in DPA: No law
Maximum term length for members of the DPA (years): No law
-
Right of data subject to access a copy of their personal data: No law
Right of data subject to request a correction of data: No law
Right of data subject to request deletion of data: No law
Justification required for a request for deletion: No law
Defines the requirements for consent: No law
DPA is mandated to participate in policy formulation: No law
-
There are no laws restricting cross-border transfer.
-
Provides a right not to be subject to automated decision-making: No law
Page last updated: 26 May 2022