IGF 2018 WS #301
The Impact of the GDPR and Data Protection Laws In Africa

Organizer 1: Civil Society, African Group
Organizer 2: Civil Society, African Group

Speaker 1: Olumuyiwa Caleb Ogundele, Civil Society, African Group
Speaker 2: Titi Takinsanmi, Private Sector, African Group
Speaker 3: Adenike Ajuwon, Civil Society, African Group
Speaker 4: 'Gbenga Sesan, Civil Society, African Group


Round Table - 90 Min


Each of the speakers set forth in this session is uniquely qualified to speak on the subject at hand:

- Titi Akinsanmi, F, Canada, Private sector
Titi is involved in Public Policy & Development with experience across the public and private sectors. She is an expert strategist on Information and Communications Technologies with a focus on the role of government, civil society and the private sector in enabling innovating digital economy. Her experience spans both the public and private sectors consulting for a range of international institutions including AfriNIC, the World Bank Institute, IICD, Mindset, UN-GAID, UNECA, SchoolNet Africa and MTech Communications. She initiated, managed and or led delivery on projects and initiatives for ICT & development, ICT & Education, the Information Society, Internet Governance, Telecom Value Added Products & Services within Nigeria, South Africa and across over 30 other nations globally.

Gbenga Sesan, M, Nigeria, Civil Society
He is the Executive Director of Paradigm Initiative, The Initiative leads the growth and expansion of a youth-led social enterprise with focus on connecting underserved youth with ICT-enabled opportunities.

- Nnenna Nwakanma, F, Côte d'Ivoire, Civil Society
Nnenna advocates for open data, open government and the open web across Africa, bringing together local and international stakeholders to advance the open agenda. She works to drive forward the Africa Data Consensus, the Africa Open Data Network, the Africa Open Data Conference and the African Declaration on Internet Rights and Freedoms. She represents the Web Foundation at a number of international fora, including the Global Partnership for Sustainable Development Data.

- Akua Gyekye, F, London, Private sector
Akua Gyekye is Facebook’s Public Policy Manager for Africa, where she focuses on issues relating privacy, safety and security, freedom of expression, the impact of the Internet on economic growth, and new opportunities for democratic engagement across Sub-Saharan Africa.


Session speakers have been selected to represent a diversity of backgrounds, experiences and stakeholders groups. In order to properly introduce these perspectives, each speaker will have 5 minutes to speak during the appropriate phase of the agenda. Planned interventions will be capped at time in order to permit fruitful exchanges with other attendees. As previously indicated, Q&A intervals will follow each section to maximize audience engagement and promote a constructive flow of exchanges. A brief, moderated exchange among speakers will follow the final intervention in Part III, then the floor will be opened once more for questions and comments from roundtable participants.

The organizing team, moderators and panelists are all gender balanced, and the panel includes a mix of participants from the private sector and civil society.
The team includes participants from two continents. Speakers and organizing team present a good level of engagement with the proposed subject, being all subject experts of the subject of discourse.

A. Introduction (2 minutes)
B. Part I: Data Protection Laws in Africa (5 minutes): African Countries that have data protection laws and loopholes Q&A (15 minutes)
C.Part II: The GDPR in Africa (15 minutes):
D. Part III: Impact of the GDPR in Africa, implication for businesses, implication for countries without data protection laws (15 minutes)
E. Audience Q&A (25 minutes)

The structure of this round-table is intended to foster an inclusive conversation and promote constructive exchanges between discussants and other participants. In order to promote an informal discussion on the proposed topics between onsite and online audience and to allow interventions, online participation will be facilitated as mentioned above.

The digital age has brought to the fore the impact of information and communication technologies (ICTs) on the promotion and protection of human rights, especially the three information related rights of freedom of expression, access to information and privacy. While the realisation of the right to freedom of expression and access to information is significantly aided by the internet and other ICT platforms, these mediums also pose a risk to privacy. International and regional legal frameworks on the right of access to information recognise that data protection, though most commonly framed as the right to privacy, is a legitimate limitation to the right of access to information. At the same time, there is also international and regional recognition that the exercise of the right to privacy in the context of data protection, requires access to personal information held by public and private institutions

The General Data Protection Regulation (GDPR) which came into force on the 25th of May, 2018 is regarded as the most comprehensive and individual focused law in the world. The GDPR coming to force is the only law that focuses on the rights of individuals and puts consent of individuals as paramount.

Out of the 54 countries in Africa, only 17 have Data protection laws and only 14 of the 17 have comprehensive privacy laws regulating the collection and use of personal information and only 9 have regulators, an estimated 31 countries don’t have data protection law at all.

However, some have started carrying out the process of creating their own data protection law for citizens. The absence of data protection and privacy laws in some countries in Africa means that the Right to privacy is not recognised.
Though the African Union Convention on Cyber Security and Personal Data Protection is considered an important first step aimed at creating a uniform system of data processing and determining a common set of rules to govern cross-border transfer of personal data at the continental level to avoid divergent regulatory approaches between the member states of the African Union.

Though, this law has been made available by the African Union it is not binding upon every country, for example Nigeria has a provision in the Constitution that provides that the Parliament has to rectify external laws before it can be applicable and valid in Nigeria and this is the case for some countries in Africa.

The GDPR which to came to force on the 25th May, 2018 has a lot of implications for Africa especially for countries without Data protection and Privacy laws in place and businesses that handle the personal information of citizens and especially European Union citizens who use and access African platforms and contents.
This roundtable discussion hopes to address the issues of the absences of data privacy laws in Africa and how GDPR affects African digital space.

Online Participation

The opportunity for Q&A will also extend to remote participants, who will be given the opportunity to ask questions and make contributions through the dedicated online forum, such as Skype, Facebook and Youtube live, WebEx or AdobeConnect. All of the session organizers have abundant experience managing remote participation and will have no trouble facilitating remote participation. We will also promote a dedicated hashtag (#AANOIP, #Privacy, #Cybersecurity) so that the panelists, audience members, and online participants can discuss the issues raised in real time on a more widely accessible medium.
A collaborative document will gather these records of comments and questions during and after the workshop, to be later integrated into the report. A variety of media can also serve as background material for this debate, based on previous workshops. Remote participation tools will ensure an inclusive, accessible, and global audience both via the IGF online participation tools.