Implementing Data Protection and Privacy in Africa
Personal information can be defined as any piece of information that can be used to identify an individual. This not only constitutes obvious identifiers such as name, address , date of birth, credit card, national identity card number, it also includes health information, sexual preference, online activity, IP address, GPS location (The list goes on…..).
It has widely been recognised that Personal Information has value both from a commercial and criminal perspective.
To that end many countries have developed and implemented Data Protection and Privacy legislations which lay down the rules in relation to what constitutes acceptable and lawful processing of the personal information of their citizens.
• The European Union is set to overhaul the 1995 Data Protection Directive, with penalties for breach set to rise from an average maximum penalty of €500,000 to 5% of annual global turnover (up to €100m),
• The United States of America has numerous Data Protection and Privacy legislations at both the federal and State level,
• Latin American and Asian countries have also developed and implemented Data Protection and Privacy Frameworks.
In Africa, while The African Union has recently adopted the Convention on Cybersecurity and Personal Data, many countries are yet to fully implement Data Protection and Privacy legislations.
The Value of Information
According to a recent research conducted by the Boston Consulting Group it is estimated that the value of personal information services in Europe which has an estimated population of 704 million people will reach €1 trillion by year 2020 (a significant rise from its 2011 value of €315m).Africa has an estimated population of 1.1 billion people. Based on the above figures it stands to reason that the value of such services in Africa will be significantly more. It is therefore imperative that countries across the continent implement Data Protection and Privacy legislations raise awareness, invest in training and put in place infrastructures for its citizens to be given the opportunity to tap into the growing and lucrative Data Processing industry especially the areas of Data Mining and Data Analytics. The effects of which could lead to increased innovation, productivity and technical development resulting in improvement in economic, social, and political well-being.
Role of the Regulator
Aside from implementing legislations, African countries will also need to ensure that they set up robust and autonomous data protection and privacy regulatory bodies, which will not only be able to name and shame organisations that do not comply with regulatory and legislative requirements but also have the power to impose and collect penalties. This must also include enforcement powers to stop organisations processing personal information where it is identified that there has been a breach.The Regulators must also be able manned by staff that are able to provide fit for purpose guidance to members of the public where they have enquires or disputes in relation to data protection and privacy.
Legislating against Negative Profiling
Rest assured, many foreign countries and organisations have already seen the potential and value of processing African citizens data and are using the continents lack of legislations and regulatory bodies to trawl up on an industrial scale valuable bio-metric, financial, academic and location data which could if not checked, lead to seriously detrimental consequences for the continent at large in the near future. As an example it has been recognised that many Nation States have initiated and implemented spying and espionage programs to ensure they maintain a country competitive advantage. We have also seen a rise in profiling campaigns which could be unfavourable to Africans in general. Armed with Bio-metric, Location and Financial data, countries and organisations can then develop algorithms from such information to initiate artificial blocks on Africans creating barriers to entry to certain environments thereby reducing economic, social and political aspirations.
A study by Harvard University Professor Latanya Sweeney suggested that Google’s advertising algorithms may be unfairly associating some individuals with wrongdoing they didn’t commit . Sweeney set out to investigate whether an individual’s race shaped online ad results. She searched over 2,000 “racially associated names” to determine if names “previously identified by others as being assigned at birth to more black or white babies” turned up ad results that indicated a criminal record. Specifically, she focused on ads purchased by companies that provide background checks used by employers. Sweeney concluded that so-called black-identifying names were significantly more likely to be accompanied by text suggesting that person had an arrest record, regardless of whether a criminal record existed or not.
In the European Union, Article 15 of the Directive on ‘automated individual decisions’ says individuals have a general right “not to be subject to a decision which produces legal effects concerning him/her or significantly affects him/her and which is based solely on automated processing of data intended to evaluate certain personal aspects relating to him/her”.
To that end, it is imperative that African Data Protection and Privacy laws contain clauses to protect their citizens against negative profiling through automated and manual systems.
The Need for Data Protection Professionals in Africa
In order to ensure Africa is in a position to protect its citizens while at the same time enabling and participating in a digital economy to which Africans as opposed to foreign countries process the bulk of African citizens data, CEO of DataLaws F.Franklin Akinsuyi has estimated that over the next 12 months each African country will need to train on average 1000 people to become Data Protection Professionals. On the face of it, this may sound like a large number, however when you take into consideration the number of sectors affected by Data Protection and Privacy combined with the current lack of suitably skilled individuals and the urgent need to catch up with the rest of the world, this number represents only the tip of the iceberg of the required number to deal with the issue at hand.
An example of the Sectors affected includes but are not limited to the following:
• Banks (Financial Information),
• Hospitals (Health Information),
• Government Institutions, (Tax, Vehicle licensing, Electoral rolls, state and local government etc.),
• Telecommunications (Communications and Location Data)
• Judiciary and Law Enforcement (Data on criminals)
• Academic Institutions (Student and child information)
• Defence (Details of Military Personnel)
Data Protection Training Solutions
Recognising that there is a major gap between Data Protection and Privacy training and awareness across the African Continent compared with the rest of the world, DataLaws (UK) Limited is proud to introduce its UK CPD Certificate Accredited flagship Data Protection and Privacy course aimed at providing African Countries, Governments and Individuals with the tools to protect personal information of its citizens in the 21st Century.
Aptly titled “Implementing Data Protection and Privacy in Africa”, this 5 day practical, hands on course provides delegates with a comprehensive understanding of the legal and technical issues relating to Data Protection and Privacy.
Covering all the “Heavy Lifting” aspects of Data Protection and Privacy, the course takes the form of 4 days intense teaching and 1 day practical workshop the objective of which is to allow delegates to be in a position to not only implement data protection and privacy frameworks within their organisations; it also provides them with the tools to recognise potential threats and vulnerabilities.
Recognising the mammoth task and not taking for granted the logistical and cost issues DataLaws is prepared to work with African Governments and Institutions to raise awareness and train Africans on this topical issue.
For more information on DataLaws UK CPD Accredited courses visit http://www.datalaws.com/training.html or email [email protected]
Resources:
1.F.Franklin Akinsuyi is CEO at DataLaws( [email protected] www.datalaws.com)
2. http://europa.eu/rapid/press-release_MEMO-14-60_en.htm
3.http://www.huffingtonpost.com/2013/02/05/online-racial-profiling_n_2622556.html
4.http://arxiv.org/ftp/arxiv/papers/1301/1301.6822.pdf