版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
PublicDisclosureAuthorizedPublicDisclosureAuthorizedPublicDisclosureAuthorizedPublicDisclosureAuthorized
GOVERNANCEANDTHEDIGITALECONOMYINAFRICA
TECHNICALBACKGROUNDPAPERSERIES
RegulatingDigitalDatainAfrica
GOVERNANCEANDTHEDIGITALECONOMYINAFRICATECHNICALBACKGROUNDPAPERSERIES
RegulatingDataProtectionandCybersecurityinAfrica:FindingsfromtheGlobalDataRegulationDiagnostic
TechnicalBackgroundPaper:RegulatingDataProtectionandCybersecurityinAfricaFindingsfromtheGlobalDataRegulationDiagnostic
iii
Copyright©2023
TheWorldBank
1818HStreetNW
WashingtonDC20433
Telephone:202-473-1000
Internet:
Disclaimer
ThisworkisaproductofthestaffofTheWorldBank.Thefindings,interpretations,andconclusionsexpressedinthisworkdonotnecessarilyreflecttheviewsofTheWorldBank,itsBoardofExecutiveDirectors,orthegovernmentstheyrepresent.
RightsandPermissions
Thematerialinthisworkissubjecttocopyright.Anyqueriesonrightsandlicenses,includingsubsidiaryrights,shouldbeaddressedtoWorldBankPublications,TheWorldBankGroup,1818HStreetNW,Washington,DC20433,USA;fax:202-522-2625;e-mail:pubrights@.
TechnicalBackgroundPaper:RegulatingDataProtectionandCybersecurityinAfricaFindingsfromtheGlobalDataRegulationDiagnostic
iv
Acknowledgements
ThisBackgroundNotewaspreparedbyRongChen(Economist,DigitalDevelopment),LillyanaDazaJaller(consultant),andTaniaBegazo(SeniorEconomist)withcontributionsfromAnaRuival(consultant,DigitalDevelopment).
TheBackgroundNotebenefitedimmenselyfromtheparticipation,assistance,andinsightsfromotherexperts.TheteamisespeciallygratefulforreferencesoncybersecurityassessmentsinAfricaprovidedbyAnatLewin,SeniorDigitalSpecialist,thepeerreviewersDavidSatola,LeadCounsel,Technology&Innovation,LegalandAnatLewin,andthepriorworkconductedfortheWorldDevelopmentReport2021‘DataforBetterLives’thatallowedforthedevelopmentofthesurveyusedtocomparethestatusofdataregulationacrosscountriesinAfrica.
TechnicalBackgroundPaper:RegulatingDataProtectionandCybersecurityinAfricaFindingsfromtheGlobalDataRegulationDiagnostic
v
CommonAbbreviationsandDefinedTerms
Thissectionexplainsthecommontermsandabbreviationsusedinthispaper.
Abbreviation/Term
FullTerminology/Definition
ARP
AdministrativeRedressPanel
ATI
AccesstoInformation
CERTs
ComputerEmergencyResponseTeams
CNDP
Morocco’sDataProtectionNationalCommission
CSIRTs
ComputerSecurityIncidentResponseTeams
CSSSI
Morocco’sCommitteeforInformationSystemsSecurity
DGSSI
Morocco’sDirectorateGeneralforInformationSystemsSecurity(,
DPC
Kenya’sDataProtectionCommissioner
ECCAS
EconomicCommunityofCentralAfricanStates
FRAND
Fair,reasonableandnon-discriminatoryterms
GCI
GlobalCybersecurityIndex
IPR
Intellectualpropertyright
maCERT
MoroccanComputerEmergencyResponseTeam
NCS
Nationalcybersecuritystrategy
NIN
NationalIdentificationNumber
vi
TableofContents
1ImportanceofDataRegulation 1
2Personaldataprotection 2
2.1ObservationsoftheregulatorylandscapeonpersonaldataprotectioninAfrica 3
2.2Regionalcollaborationonpersonaldataprotection 7
2.3Africavs.otherincomegroupsonpersonaldataprotectionframeworksonthebook 8
2.4Implementationandcompliance 10
3Cybersecurityandcybercrime 14
3.1ObservationsoftheregulatorylandscapeoncybercrimeandcybersecurityinAfrica 15
3.2Regionalcollaborationoncybersecurityandcybercrime 18
3.3Africavs.otherincomegroupsoncybersecurityandcybercrime 19
3.4Implementationofcybersecurityinitiatives 22
4Dataregulationandgovernance 23
5Useandreuseofdataandcrossborderdataflows 26
5.1Enablingtheuse/reuseofpublicintentandprivateintentdata 26
5.2Cross-borderdataflows 28
6Conclusion 31
7References 33
ListofFigures
FigureI.Individuals’concernabouttheironlineprivacy 3
FigureII.DataprotectionlegalframeworksinAfrica 4
FigureIII.ComprehensivenessofAfricandataprotectionlaws 6
FigureIV.ResponsibilitiesofAfricanDataProtectionAgencies 7
FigureV.Percentofcountriespercountryincomegroupthathaveadoptedgoodregulatorypracticesonpersonal
dataprotection 9
FigureVI.CybersecurityandcybercrimeframeworksinAfrica 15
FigureVII.ComprehensivenessofAfricancybersecurityframeworks 16
FigureVIII.ComprehensivenessofAfricancybercrimeframeworks 17
FigureIX.Regulatoryqualityandcybersecurityandcybercrimescore 25
FigureX.Governmenteffectivenessandcybersecurityandcybercrimescore 25
vii
FigureXI.RuleofLawandcybersecurityandcybercrimescore 25
FigureXII.Regulatoryqualityscoreandpersonalprotectionscore 25
FigureXIII.Percentofcountriesperincomegroupthathaveadoptedgoodpracticesonpublicintentdata 27
FigureXIV.Percentofcountriesperincomegroupthathaveadoptedgoodpracticesonprivateintentdata 28
FigureXV.Averagescoresondifferentdatagovernancedimensionsbyincomegroup/region[Notefornextversion:
includeNorthAfrica,E&SandW&Clines] 32
ListofTables
TableI.Implementationandenforcementofdataprotectionlaws 14
TableII.Implementationandenforcementofcybersecurityrules 23
1
1TheImportanceofDataRegulation
RapiddevelopmentofdigitaltechnologiesinrecentyearshasshownitsgreatpotentialforAfricatopromotejobcreation,improvedeliveryofpublicservices,andenhanceindividualwelfare.Forinstance,itisestimatedthate-commerceplatforms,suchasJumia,couldcreateaboutthreemillionnewjobsinAfricaby2025.1Mobilemoney,exemplifiedbytheglobalhouseholdname—M-Pesa,contributestopovertyreductioninmanyAfricancountries.2TheCOVID-19globalpandemicledtoanacceleratedriseintheuseofdigitaltechnologiesaroundtheworld,increasinginnovationbutalsoleadingtovariousgovernancechallengesandrisks.
Thereisagrowingconcernondataprotectionandcybersecurityrisksassociatedwithvariousdigitaleconomicactivities.Dataprotectionisatthecoreofthisapprehensionforindividualsaroundtheworld.Fromsocialmediatomobilepaymentstotelehealthappointments,ourpersonalinformationisstoredindatabasesonanunprecedentedscale.Whiletheseinnovationsmakeourliveseasierandkeepusconnected,unlessthedataareadequatelyprotecteditcanbemisusedforallkindsofpurposes,fromharassmenttofraud.
TheincreaseduseoftheInternetforbothpersonalandprofessionalneedshascreatedopportunitiesfordangerousplayersseekingtotakeadvantageofvulnerabilitiesforpersonalgain.In2020,Kenyaninternetusersfaced14millionmalwareattacksbetweenJanuaryandAugust.ThenumberofcyberattacksinZimbabwegrewfivetimesduringthesameperiod.3InAugust2020,Experian,aglobalconsumercreditreportingcompany,soldpersonaldataofabout24millionSouthAfricanstoafraudsterposingasalegitimateclient.4InDecember2020,personallyidentifiableinformationbelongingtoAbsaBank’scustomers-whoarespreadthroughouttwelveAfricancountries-wereleaked.AccordingtotheAfricanUnionConventiononCyberSecurityandPersonalDataProtection,cybercrime“constitutesarealthreattothesecurityofcomputernetworksandthedevelopmentoftheInformationSocietyinAfrica”.5
Adequatelegalandregulatoryframeworksarekeyforcountriestobeabletofullyreapthebenefitsofemergingtechnologieswhileminimizingtheassociatedrisks.Theinternationalnatureoftheuseandimpactofthesetechnologiescomplicatetheirregulation.Concernsabouthowdataisacquired,handled,used,sharedandreusedhaveledtogovernmentsestablishingheterogeneousapproachesfordatagovernance.Dataarethebuildingblocksoftheserevolutionarytechnologiesandrestrictingtheirflowcanhampertrade,innovation,andeconomicgrowth.6Governmentshaveadifficulttask:ensuringadequateflowofdataacrossbordersandwithinacountrytoallownoveltechnologiestooperateadequatelywhilesafeguardingindividualrights.Arights-basedapproachcanleadtoincreasedtrust,whichcaninturnfosterdataflowsanddata-baseddigitalsolutionsfordevelopment.7Thisnotefocusesonfewkeyregulatoryaspects:dataprotection,cybersecurityandcybercrimetoboostdigitaltrust;andrulesontheuse,transferandre-useofdatatoenablenewdigitaltechnologies.OtheraspectsofthedataecosystemasdescribedintheWordDevelopmentReport‘DataforBetterLives’arenotcoveredinthisnote.
Tomaximizethedividendsfromaboomingdigitaleconomy,thecontinentshallbepreparedtoaddressrisksassociatedwiththevarietyofdigitaleconomyactivities,whileenablingtheuseofdatafordevelopment.Arobustdatagovernanceenvironmentisessentialinpromotingthesustainabledevelopmentofthedigitaleconomy.Acomprehensiveregulatoryframeworkthatspecifiesrightsand
2
responsibilitiesofdifferentstakeholdersincollecting,using,andreusingofdata,independentauthoritiestoenforcelawsandaddresspubliccomplaintsonviolations,aswellaspublic-privatepartnershipandregionalcollaborationareallimportantcomponentsofsucharobustdatagovernanceenvironment.
ThisnoteaimstoprovideanoverviewofdatagovernanceframeworksinAfricaandexplorelinkswithengenderingpublictrustandimprovingaccountabilityandtransparency,aswellasprovidinganenablingenvironmentforparticipatinginthedigitaleconomy.ItexploitsdatafromtheGlobalDataRegulationDiagnostic(GDRD)8whichcollectedinformationondataregulationsacross80countriesglobally,including24Sub-SaharanAfricancountriesandthreeNorthAfricancountries,asofJune2020.9AdditionalinformationforselectedcountrieswascollectedthroughdeskresearchandinterviewstounderstandchallengesintheimplementationofrulescapturedbytheGDRD.ThiscomplementaryinformationisasofFebruary2022.
Thisnoteisorganizedasfollows.Section1coversdataprotection,whilesection2looksintocybersecurityandcybercrime,bothimportantaspectsfordigitaltrust.Section3looksatthelinkagesbetweendataprotectionandcybersecurityandcybercrimeframeworksandbroadergovernanceindicators.Section4highlightsaspectsthatcanaffecttheuseandreuseofdata-datacollectedforpublicpurposesandbytheprivatesectoraspartofroutinebusinessprocess-forthedevelopmentofdigitaltechnologies.
2Personaldataprotection
Personaldataprotectionisacrucialaspectofaneffectivedatagovernanceenvironment.Personaldatareferstodatathatconveysinformationthatisspecifictoaknownorknowableindividual.Lackoftrustinthewaypersonaldataismanagedmakesindividualsuncomfortableaboutsharingsuchdata,whichcouldlimitthegrowthofthedigitalmarkets.10AccordingtotheDataConfidenceIndex,11internetusersinAfricaareparticularlyconcernedabouttheimpactoftheinterneton“personalprivacy”.12ConsumersinKenyaexpressedpreferencesondigitalloanproductswithmore“dataprivacy”features.13Inastudyconductedin2019,96percentofEgyptiansexpressedconcernabouttheironlineprivacy,wellabovetheglobalaverageof78percent.14Ontheotherhand,Kenyastoodoutwiththehighestlevelofconfidenceamongalltheeconomiescovered(FigureI).Governmentscanhelpengendertrustbygrantingdatasubjectrightswithregardtotheirpersonalinformationandimposingtechnicalrequirementsondatacontrollersanddataprocessorstoensuretheadequateprotectionoftheinformation.Theestablishmentofacapableandeffectiveenforcementauthorityisalsokeytoensureadequateimplementationofthelegislation.15
3
FigureI.Individuals’concernabouttheironlineprivacy
Source:CIGI-Ipsos(2019)
2.1ObservationsoftheregulatorylandscapeonpersonaldataprotectioninAfrica
OverhalfofthecountriesinAfricahaveintroducedgeneraldataprotectionlegislation,applicabletoallsectors(FigureII).Tunisia,Mauritius,andBurkinaFasowereregionalpioneersinthisregard,introducingdataprotectionlawsasearlyas2004.Duringthefollowingdecade,severalcountriesfollowedsuit,andasofDecember2021twenty-sixAfricancountrieshaveadoptedgeneraldataprotectionlaws.Notably,MauritiuspasseditsDataProtectionAct,whichiscloselyalignedwiththeEUGeneralDataProtectionRegulation(GDPR),fivemonthsbeforetheEUregulationwasimplementedinMay2018.Theyear2020wasoneofgreatadvancesfordataprotectionlegislationinAfrica.Egypt’sLawontheProtectionofPersonalDatacameintoforceinOctober2020.Priortotheapprovalofthislaw,Egypthadsector-specificlegislationwhichaddresseddataprotectionissues,suchastheLaborLawandtheBankingLaw.InSouthAfrica,althoughtheProtectionofPersonalInformationActwassignedintolawin2013,mostoftherelevantprovisionswerenotoperationaluntilJuly2020.Mostrecently,RwandapublishedadataprotectionlawinitsOfficialgazetteinOctober2021.Othereconomieshavereportedlyengagedindiscussionstointroducegeneraldataprotectionlaws,includingEthiopia,Malawi,andTanzania;however,nopublicdraftsofthoselawswereavailableasofFebruary2022.
AsmallernumberofAfricancountrieshaveintroducedsector-specificlaws,andsomerelyonconstitutionalprovisionsforprivacyprotection.Forexample,althoughCameroonhasnogeneraldataprotectionlaw,itsLawonCybersecurityandCybercrime–applicabletoelectroniccommunicationsnetworksandinformationsystems—includesprovisionsondataprivacy.AlthoughtheDemocraticRepublicofCongoandLiberiahavenotintroducedanylawsaddressingtheissueofdataprotection,bothcountries’Constitutionsincludeprovisionsregardingtheindividualrighttoprivacy.However,thesemeasuresarenotsufficienttotacklethesituationsdatasubjectsanddataprocessorsareexposedtoin
4
today’sworld.Finally,eightAfricancountries(denotedingrayinthemapbelow)lackanymentionofdataprotectionorprivacyintheirlegalframeworks.
Note:atopscoreof1(darkorange)indicatestheexistenceofageneraldataprotectionlaw,ascoreof0.5indicatestheexistenceofonlyasector-specificpersonaldataprotectionlegislation;ascoreof0.25(lightestorange)indicatesthatthereareprivacyand/ordataprotectionrightsprotectedinthecountry'sconstitution.
FigureII.DataprotectionlegalframeworksinAfrica
Source:AuthorsbasedonGlobalDataRegulationDiagnosticandDataGuidance(2021)
5
Afteradoptingadataprotectionlawofgeneralapplication,comprehensivenessofsuchlawdeterminesthelevelofprotectionprovidedtodifferentmarketplayers.AspointedoutintheGlobalDataRegulationDiagnostic,itiscrucialtoexaminewhetherthedataprotectionlawspecifiesdatasubjectrightssuchasredressandtherighttochallengetheaccuracyofdatacollected,andrequirementsforcollectionandprocessing,suchaspurposelimitation,dataminimization,andstoragelimitation(Box1).Itisalsoimportanttolookatwhetherlimitationsexistontheabilitytomakedecisionsaboutindividualsonlyonthebasisofautomatedprocessing,whichmightleadtosocialdiscrimination,andwhetheranecessityand
proportionalitytestappliestoexceptionstolimitationsongovernmentdatacollectionorprocessing.Finally,otherkeyinformationincludeswhetherdatasubjectrightsareeffectivelyprotectedonthetechnicalsidethroughtheimplementationofmeasuresbasedonthedataprotectionbydesignanddataprotectionbydefaultprinciples,aswell
BoxI.Dataprocessingrequirements
Purposelimitation
Datamustonlybecollectedforaspecifiedpurpose
Data
minimization
Datamustbeadequate,relevant,andlimitedtowhatisnecessaryinrelationtothespecifiedpurpose
Storagelimitation
Datamustnotbekeptlongerthanisnecessaryforthespecifiedpurpose
Source:ICO(2021)
asbythemonitoringactivityofadataprotectionauthority.
TheexistingdataprotectionframeworksinAfrica16arelargelycomprehensive(FigureIII).Governmentsthathaveintroducedanoverarchingdataprotectionlawhavetendedtoincludewhatareemergingascommonelementsofgoodinternationalpracticeinthisarea,suchaspurposelimitation,dataminimization,anddatasubjectrights,whichfeatureinsourcesrangingfromtheOECDPrinciplesandGDPR.KenyaandBeninhavealsoincludedmorenovelmeasures,suchasdataprotectionbydesignanddataprotectionbydefault.Notably,SouthAfrica’sdataprotectionlaw,whichcameintoeffectin2020,leavesouttheserequirements.Dataprotectionbydesignmeansthatentitiesshouldconsiderdataprotectionattheinitialdesignstagesoftheirproductsandsystemsandthroughoutthelifecycleofthedatacollected,andnotasanafterthought.Theprincipleofdataprotectionbydefaultentailsincorporatingtheprincipleof‘dataprotectionbydesign’bydefaultintoitsdataprocessingactivities.Olderdataprotectionlaws,whichcalledfor‘appropriatetechnicalandorganizationalmeasurestoprotectdata’,weretoobroad,allowingcontrollerstobereactivewithregardtodataprotectioninsteadofimplementingpreventativemeasuresfromtheoutset.Finally,PrivacyEnhancingTechnologies(PETs)aretechnologiesdesignedtoalloworganizationstoextractthefullpotentialofdatawithoutputtingadatasubject’sprivacyatrisk.
6
Datasubject'srighttoredressDatasubject'srighttochallengeaccuracyDatasharingrestrictions
Storagelimitation
Dataminimization
Purposelimitation
DataProtectionAuthoritySafeguardsonautomateddecisionsNecessity&proportionalitytest
Dataprotectionbydesign/default,PETs
25
25
25
25
25
25
24
2
9
19
0510152025
#ofnationallawsthatadoptedtheprovision
FigureIII.ComprehensivenessofAfricandataprotectionlaws
Source:AuthorsbasedonGlobalDataRegulationDiagnosticanddesktopresearch
EveryAfricancountryinthesamplethathasadoptedadataprotectionlawofgeneralapplicationhasbuttresseditwiththerequirementtoestablishadataprotectionauthority(DPA),butthisauthorityisnotalwaysindependentorinoperation.InseveralAfricancountries,includingAngolaandEgypt,althoughthedataprotectionlawrequirestheestablishmentofaDPA,ithadnotbeenestablishedinpracticebyFebruary2022.AnindependentDPAisregardedasacriticalelementofaneffectivedataprotectionregulatoryframework17andmostdataprotectionlawsinthecontinentcallforit,howevermanyAfricancountriescannotaffordtoestablishanindependentDPAandthereforeestablishitaspartofanexistingagencyasafirstphase.ThisisthecaseinNigeria,Rwanda,andUganda,forexample,wherethedataprotectionauthoritiesarenotseparatefromtheministry.Othercountriesintheregionareenvisioninganalternativeapproach,includingBurundiandSomalia,wheretheDPAwillbepartofthetelecommunicationsregulator.Thisphasedevolution,aspartofanexistingregulator,canhelpdevelopingcountriessetuptheirDPAs,focusingonbuildingtheagency’sresourcesbeforeitbecomesfullyindependent.
Finally,legallymandatedDPAsinAfricaaretaskedmainlywithresponsibilitiessuchaspromotingawarenessoftherisks,rules,andsafeguardsofrightspertainingtopersonaldata,providingaredressmechanism,providingguidanceontheinterpretationofthelaworregulation,andenforcingnationaldataprotectionrightsandobligationsenshrinedunderthelaworregulation(FigureIV).However,taskssuchaspublishingactivityreportsandencouragingthecreationofcodesofconductandcertificationsreviewarescarceramongDPAmandatesinAfrica,limitingtheagencies’powertoensurecompliance.Finally,fewAfricanlegalprotectionframeworksrequirekeepingrecordsofsanctionsandenforcement,reducingthetransparencyandaccountabilityoftheagencies.
7
24
22
22
21
20
19
18
Codesof
conductand
certification
review
ActivityreportsSanctionsandenforcement
records
Raisingawareness
Redressmechanism
Guidanceand
interpretation
ofrules
Enforcement
FigureIV.ResponsibilitiesofAfricanDataProtectionAgencies
Source:AuthorsbasedonGlobalDataRegulationDiagnosticanddesktopresearch
2.2Regionalcollaborationonpersonaldataprotection
Withthebourgeoningofdigitaltrade,dataflowsarenotboundtonationalterritories.Forinstance,cross-borderremittancesorcross-bordere-commercerequiresconsistentrulesacrosscountriestoprovidesimilarlevelofconsumerprotection.18Reachingregionalconsensusondataprotectionstandardsisneededtoensurecompatibilityandavoidfragmentation.19Regionalcollaborationalsohelpsamplifythevoiceofsmallerdevelopingcountriesinglobalnegotiationsrelatedtodatagovernance,especiallygiventhelackofrepresentationinafewongoinginternationaltalkssuchasthediscussionledbytheWorldTradeOrganization(WTO)onadatagovernanceframeworkforcross-borderdataflows.
AfewAfricanregionalcommunitieshavetakeninitiativestopromoteregionalintegrationonpersonaldataprotection.TheEconomicCommunityofWestAfricanStates(ECOWAS)hasbeenworkingtowardsregion-wideconvergenceinIT-relatedstandardsandtheharmonizationofregulations.ThecommunityadoptedtheSupplementaryActonPersonalDataProtectionin2010.Thelegallybindingactspecifiesdatasubjectrights,includingtherightofaccessandtherightofdeletion,aswellasrequirementsforcontrollers,suchasconfidentialityandsecurityofthepersonaldata.TheActalsorequiresallmemberstoestablishanindependentdataprotectionauthoritytoensurecompliance.AlthoughimplementationwasrequiredwithintwoyearsoftheadoptionoftheAct,onethirdoftheMemberStateseitherhavenolegislationorarestillintheprocessofadoptinglegislation.Benin,BurkinaFaso,andSenegalhadalreadyintroduceddataprotectionlawspriortotheSupplementaryAct,andMali,Ghana,andCoted’IvoireareamongthecountriesthatincorporatedtheAct.
Similarly,theAfricanUnion(AU)ConventiononCyberSecurityandPersonalDataProtection(alsoknownastheMalaboConvention),whichseekstocreateapan-Africanframeworktoaddresselectronictransactions,personaldataprotection,andcybercrime,wasadoptedbytheAUin2014.Todate,ithasbeensignedbyfourteencountriesandratifiedbyeightcountries.20However,theConventionmustberatifiedbyfifteenofthefifty-fiveAUstatestoenterintoforce.Thechapteronpersonaldataprotectionaddressesautomatedandnon-automateddataprocessingbypublicandprivateentities.Itimposesanobligationonallstatepartiestoestablishadataprotectionagency,responsibleforinformingindividuals
8
anddataprocessorsoftheirrightsandobligations.Italsolaysoutdataprocessingprinciples,includingspecificprinciplesfortheprocessingofsensitivedata.GiventheConvention’sdeficienciesandlackoftraction,recentconversationsamongtheAfricanUnionhavefocusedonhowtoreboottheMalaboConvention.Additionally,inFebruary2022,theAfricanUnionExecutiveCouncilendorsedtheAfricanUnionDataPolicyFrameworkthataimsatprovidingguidanceonvariousareasincludingdataprotection.21
Finally,BurkinaFaso,CaboVerde,Mauritius,Morocco,Senegal,andTunisiahaveratifiedtheCouncilofEurope’sConvention108.Thisisaninternationalhumanrightstreatyfocusedondataprotection,settingoutprinciplesthatarecompatiblewiththerequirementsofEuropeanUnion(EU)regulation.Itistheonlyexistingbindinginternationaldataprotectionconvention.In2018,21statessignedaprotocolmodernizingConvention108,knownas“Convention108+”,whichalignswiththeEUGDPR.MauritiusandTunisialatersignedtheamendingprotocol,andotherpartiestoConvention108,suchasMorocco,areintheaccessionprocessfor108+.Atthesametime,Moroccoisupdatingitsowndataprotectionlegislation
toseekanadequacydeterminationfromtheEuropeanUnionundertheGDPR.Thislatterapproachis
alsoanoptionforotherAfricancountriestofacilitatetradeandcrossborderdataflowswithkeytradepartners.
2.3Africavs.otherincomegroupsonpersonaldataprotectionframeworksonthebook
Comparedtoothercountriesincludedinthesample,theexistingdataprotectionlegalframeworksofAfricancountriesarecomprehensive.Thecontinentperformsonparwithorbetterthanlow-and-middle-incomeeconomiesinotherregionsonmostofthedimensionsstudied.AdoptionoftheregulatorypracticeondataprotectionbydesignislowerAfricathaninothercountriesstudiedacrossdifferentincomegroups.However,fortherestofthedimensions,Africancountriesareamongthetopperformers.Forexample,althoughonlynineAfricandataprotectionlawsincludeatestofnecessityandproportionalitytodeterminewhetheranexceptiontolimitationsondatacollectionorprocessingbythegovernmentislegitimatelyapplied,theregionfaresbetterinthisregardthanotherlow-incomecountries(LICs),andothermiddle-incomecountries(MICs)inthesample(FigureV).Furthermore,Africaisinlinewithorslightlybelowtheado
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 二零二五年版事业单位临时聘用合同范本汇编3篇
- 二零二五年度冷链设备维修保养与冷链物流服务合同3篇
- 二零二五年度城市综合体小区广告资源转包合同3篇
- 铸铁雨篦子施工方案
- 二零二五版中小学食堂炊事员岗位职责及考核合同范本3篇
- 怒江景观透水砖施工方案
- 二零二五年度商标使用权质押合同范本3篇
- 二零二五版养老护理院物业经营管理合同3篇
- 湖南监控服务器施工方案
- 二零二五年度旅游行业旅游行业人才引进合同4篇
- (完整版)高考英语词汇3500词(精校版)
- 我的家乡琼海
- (2025)专业技术人员继续教育公需课题库(附含答案)
- 《互联网现状和发展》课件
- 头颈外科临床诊疗指南2021版
- 大国重器北斗系统
- 网球运动知识教育PPT模板
- 防火墙漏洞扫描基础知识
- 运动技能学习PPT
- 软件风险分析报告
- A320自动飞行系统-飞行管理(B)-MCDU课件
评论
0/150
提交评论