Harmonizing Africa’s Data Governance: Challenges and Solutions
By Donrich Thaldar
The establishment of a single data market across African nations promises significant socio-economic advantages, facilitating unrestricted and fluid data exchange. This concept has captured the attention of political leaders and has been prominently featured in the African Union’s (AU) Digital Transformation Strategy for Africa, as well as the AU’s Data Policy Framework. Further, entities like Smart Africa are actively championing the cause of creating an African single data market.
To transform the vision of an African single data market into reality, and to unlock its potential benefits for the continent’s populace, establishing regulatory alignment is paramount. This necessitates the integration of markets, the implementation of uniform online payment systems, the standardization of taxation and duties, and cross-border trade facilitation. This article delves into two critical legal dimensions of cross-border trade facilitation: data privacy and data ownership.
When it comes to data privacy, there are evident opportunities for legal harmonization. However, the scenario is markedly different in the realm of data ownership, where a fundamental conceptual clarity is noticeably absent. This lack of a solid conceptual foundation poses a significant obstacle, and until it is resolved, the aspiration of an African single data market risks remaining an unrealized ideal. The journey toward this ambitious goal necessitates not just policy alignment, but also a deep and shared understanding of the foundational legal principles that underpin data ownership and privacy across the continent.
A promising point of convergence for data privacy
In the realm of data privacy, the African Union (AU) Convention for Cyber Security and Data Protection, colloquially referred to as the Malabo Convention, stands poised to play a transformative role. Consider the following harmonization approach: Every African country should legislate to automatically deem any other African country that ratifies the Malabo Convention as providing adequate data protection, and govern personal data flows to such a country in the same way as domestic transfers of personal data. Consequently, personal data transfers between African countries that adopt this policy would be as seamless as domestic data transfers, effectively eliminating the need for additional legal hurdles in cross-border data transactions. This would create a streamlined system for ensuring consistent data protection standards across the continent. Nigeria, taking the lead, has already adopted an implementation framework in 2020 that provides for unrestricted cross-border data transfers among African nations party to the Malabo Convention.
However, the potential for an even more robust data protection regime emerges when one considers the synergies between the Malabo Convention and the Updated Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data — known succinctly as Convention 108+. Convention 108+ boasts a potential global reach and is often seen as the international gold standard for protecting individual privacy rights. Remarkably, six African countries have already applied to accede to Convention 108+. In light of these considerations, an innovative proposition emerges: African nations might find it beneficial to adopt a dual-ratification approach, embracing both the Malabo Convention and Convention 108+ as prerequisites for facilitating cross-border personal data transactions devoid of legal impediments. This approach, as advocated by scholars like Townsend, holds the promise of harmonizing data protection standards across the continent while simultaneously aligning African nations with global best practices.
The lack of a conceptual basis for data ownership
The prospects for similarly harmonizing standards across Africa with respect to data ownership rest on weaker footing. The Digital Transformation Strategy for Africa merely calls for policy development towards ensuring data ownership, but does not provide any further detail. The Data Policy Framework, released in 2022, handles data ownership in a profoundly confusing way: It calls for legal clarity and certainty on data ownership, but a few pages later it dismisses ownership of raw data without citing any authority. It proceeds to conflate data ownership with intellectual property rights, and to present a superficial discussion and plainly wrong interpretation of a South African court ruling. This disappointing engagement with data ownership in the Data Policy Framework shows a critical lack of legal expertise. Moreover, at a practical level it shows a puzzling lack of appreciation of the importance of ownership as a basis for commercial transactions.
The AU’s blunder stands in stark contrast with China’s policy on data commercialization, which was also released in 2022. As discussed by Xiong et al., China’s policy realizes the importance of providing conceptual clarity regarding legal rights in data, and sets out a sophisticated model of “modular” rights in data based on the practical reality of the various role-players involved in today’s cloud-based digital economy. Among others, data processors have proprietary rights modules in data, which may—in the case of personal data—be encumbered by a privacy rights “module” of data subjects. In terms of the basic recognition of both privacy and proprietary rights in personal data, and the encumbrance of proprietary rights by privacy rights, China’s policy is similar to the position in South African law, as analyzed by my research group. However, positions in the other 54 countries of Africa remain unclear.
Working towards a pan-African position on data ownership
The African Continental Free Trade Agreement (AfCFTA) is a landmark trade agreement, signed under the auspices of the AU. The primary objective of AfCFTA is to create a single continental market for goods and services, with free movement of people and investments. This will pave the way for a continent-wide customs union. AfCFTA is expected to be one of the world’s largest free trade areas in terms of the number of countries, covering a market of more than 1.2 billion people and a combined GDP of over $3 trillion. One of the primary pillars of the AfCFTA is the commitment by countries to remove tariffs on 90% of goods.
The AfCFTA, in its current form, does not directly address data as a digital good. However, there is ongoing dialogue and planning around the introduction of a protocol on digital trade under the AfCFTA’s umbrella. This protocol is expected to encapsulate various facets of digital trade: from digital goods and services to digital trade facilitation, and — importantly — the flow of data across borders. Its ambit should not be limited to just financial and cloud services, but should also include pivotal sectors such as data analytics and health research.
The introduction of this protocol on digital trade could be a game-changer in streamlining Africa’s data governance and in paving the way for an African single data market. Yet, its realization depends on successfully addressing data ownership. It is imperative that the protocol provides a legal model for proprietary rights in data — discerning their acquisition, stratification, and interplay, especially when data contains personal information that gives rise to privacy rights of data subjects. Drawing from the insights of China’s policy, this legal certainty is essential for fostering intra-African collaboration and ultimately the growth of the African digital economy.