Ethiopia

DATA PROTECTION FACTSHEET

Vector art by SKopp, Public domain, via Wikimedia Commons

DATA PROTECTION LAW IN PLACE

DATA PROTECTION AUTHORITY APPOINTED

Download the Act

Fast Facts
Domestic Law
International Commitments
Scope of Application

Applies to natural persons: Unknown

Applies to juristic persons: Unknown

Applies to public entities: Unknown

Domestic/personal purposes exclusion: Unknown

National security exclusion: Unknown

Law enforcement exclusion: Unknown

Cabinet or Executive Council exclusion: Unknown

Judicial functions exclusion: Unknown

Journalistic, literary or artistic purposes exclusion: Unknown

Temporary copies exclusion: Unknown

Other exclusion(s): Unknown

Broad or vague exclusions: Unknown

Applies to foreign entities: Unknown

Excludes foreign entities that only transit personal data through the country: Unknown
Personal Data
The Freedom of the Mass Media and Access to Information Proclamation No. 590/2008, which applies to public bodies, identifies the following categories of information about an identifiable individual as personal data:

medical, education, academic, employment, financial transaction, professional or criminal history;

ethnic, national or social origin, age, pregnancy, marital status, colour, sexual orientation, physical or mental health, wellbeing, disability, religion, belief, conscience, culture, language, or birth;

an identification number, symbol, or other identifier assigned to the individual, address, fingerprints, or blood type;

personal opinions, views, or preferences, except as they relate to another individual;

views or opinions on grant proposals, awards, or prizes granted to another individual, provided such views or opinions are not associated with the other individual’s name;

views or opinions of others about the individual; or

an individual’s name, in combination with other personal data, or alone, if it could reasonably be linked to personal data. (An exception applies for persons deceased for more than 20 years.)
Collection and Processing
Transparency

Notification that data is being processed: Unknown

Notification to DPA in event of data breach: Unknown

Notification to data subject in event of data breach: Unknown

Timeframe for notification is specified: Unknown

Exceptions exist to breach notifications: Unknown

Requires a data processing register: Unknown

Register is publicly available: Unknown

Provides for terms of service icons: Unknown

DPA must submit at least annual report: Unknown

DPA report is made public: Unknown
Accountability

Explicit provision for civil liability: Unknown

Established/designates a Data Protection Authority: The Ethiopian Communication Authority (ECA).

DPA is empowered to investigate: Unknown

DPA is empowered to subpoena or request evidence: Unknown

Law provides for criminal penalties: Unknown

Law provides for administrative penalties: Unknown

DPA is independently structured (does not exist within or receive instructions from another public body): Unknown

DPA receives funding directly from the state budget/legislative body: Unknown

DPA may receive some forms of external funding/own revenue: Unknown

Adequate protections against undue removal: Unknown

Number of members in DPA: Unknown

Maximum term length for members of the DPA (years): Unknown
Participation

Right of data subject to access a copy of their personal data: Unknown

Right of data subject to request a correction of data: Unknown

Right of data subject to request deletion of data: Unknown

Justification required for a request for deletion: Unknown

Defines the requirements for consent: Unknown

DPA is mandated to participate in policy formulation: Unknown
Cross-border Transfer
Automated Processing

LEARN MORE ABOUT THE METHODOLOGY

Page last updated: 28 January 2026