International and regional commitments in African data privacy laws: A comparative analysis

IF 3.2 3区社会学 Q1 LAW

Computer Law & Security Review Pub Date : 2022-04-01 DOI:10.1016/j.clsr.2021.105638

Graham Greenleaf , Bertil Cottier

{"title":"International and regional commitments in African data privacy laws: A comparative analysis","authors":"Graham Greenleaf , Bertil Cottier","doi":"10.1016/j.clsr.2021.105638","DOIUrl":null,"url":null,"abstract":"<div>Thirty three of the 55 African countries have enacted data privacy laws since 2001. This paper analyses two types of potential legal influences on these national laws: standards and obligations originating from outside Africa (international); and those developed within Africa, both at the continental (African Union) level, and at the level of Regional Economic Communities (RECs).Analysis commences with which countries have laws or Bills, and constitutional requirements International influences are shown to be indirect, with only slight UN influences, but with accessions by African countries to data protection Convention 108 significant in converting it into a global Convention. EU influences are also indirect (aspirational) with both the DPD and the GDPR perceived as standards to be emulated in African instruments. Of African multilateral agreements, the African Union's data protection and cybercrime Convention (2014) is yet of limited influence because it is not in force. In contrast, the ECOWAS Supplementary Act (2010) has been of considerable practical influence in West Africa. The HIPPSA ‘Model Acts’ with higher standards (particularly SADC Model Law, 2013) remain of potential influence in other regions of sub-Saharan Africa.European instruments are presented as typifying ‘three generations’ of development of data privacy laws (exemplified by (i) Convention 108, 1980; (ii) EU DPD, 1995; and (iii) EU GDPR, 2016 plus Convention 108+, 2018). The three main African multilateral instruments (ECOWAS Act, AU Convention, SADC Model Law) are compared with them, as well as between themselves.These comparisons enable conclusions to be drawn, some of which are as follows.The African regional framework does not display any Africa-specific approach to data protection. Less individualist and more communitarian African culture or human rights discourse is absent from the texts of these laws.Drafters of the African instruments seem to accept, tacitly or expressly the necessity to be consistent with other international texts, in particular European instruments. They have adopted many ‘2nd generation’ DPD elements but have anticipated relatively few of the ‘third generation’ GDPR standards.Sub-regional agreements (ECOWAS Act and model laws) have provided a means to move forward despite the lack of progress in bring the regional AU convention into force.</div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"44 ","pages":"Article 105638"},"PeriodicalIF":3.2000,"publicationDate":"2022-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364921001114","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 4

Abstract

Thirty three of the 55 African countries have enacted data privacy laws since 2001. This paper analyses two types of potential legal influences on these national laws: standards and obligations originating from outside Africa (international); and those developed within Africa, both at the continental (African Union) level, and at the level of Regional Economic Communities (RECs).

Analysis commences with which countries have laws or Bills, and constitutional requirements International influences are shown to be indirect, with only slight UN influences, but with accessions by African countries to data protection Convention 108 significant in converting it into a global Convention. EU influences are also indirect (aspirational) with both the DPD and the GDPR perceived as standards to be emulated in African instruments. Of African multilateral agreements, the African Union's data protection and cybercrime Convention (2014) is yet of limited influence because it is not in force. In contrast, the ECOWAS Supplementary Act (2010) has been of considerable practical influence in West Africa. The HIPPSA ‘Model Acts’ with higher standards (particularly SADC Model Law, 2013) remain of potential influence in other regions of sub-Saharan Africa.

European instruments are presented as typifying ‘three generations’ of development of data privacy laws (exemplified by (i) Convention 108, 1980; (ii) EU DPD, 1995; and (iii) EU GDPR, 2016 plus Convention 108+, 2018). The three main African multilateral instruments (ECOWAS Act, AU Convention, SADC Model Law) are compared with them, as well as between themselves.

These comparisons enable conclusions to be drawn, some of which are as follows.

The African regional framework does not display any Africa-specific approach to data protection. Less individualist and more communitarian African culture or human rights discourse is absent from the texts of these laws.

Drafters of the African instruments seem to accept, tacitly or expressly the necessity to be consistent with other international texts, in particular European instruments. They have adopted many ‘2nd generation’ DPD elements but have anticipated relatively few of the ‘third generation’ GDPR standards.

Sub-regional agreements (ECOWAS Act and model laws) have provided a means to move forward despite the lack of progress in bring the regional AU convention into force.

查看原文本刊更多论文

非洲数据隐私法中的国际和区域承诺:比较分析

自2001年以来，55个非洲国家中有33个颁布了数据隐私法。本文分析了两类对这些国家法律的潜在法律影响:来自非洲以外(国际)的标准和义务;以及那些在非洲大陆(非洲联盟)和区域经济共同体(RECs)层面上发展起来的国家。分析开始于哪些国家有法律或法案，以及宪法要求。国际影响是间接的，只有轻微的联合国影响，但非洲国家加入数据保护公约108对于将其转变为一项全球公约具有重要意义。欧盟的影响也是间接的(理想的)，DPD和GDPR都被视为非洲文书效仿的标准。在非洲多边协定中，非洲联盟的《数据保护和网络犯罪公约》(2014年)的影响力有限，因为它尚未生效。相比之下，西非经共体补充法(2010年)在西非产生了相当大的实际影响。具有更高标准的“示范法”(特别是2013年南共体示范法)在撒哈拉以南非洲其他地区仍然具有潜在影响。欧洲文书被认为是数据隐私法发展“三代”的典型代表(例如:(i) 1980年第108号公约;欧盟发展和发展方案，1995年;(iii)欧盟GDPR, 2016年加上公约108+，2018年)。对三个主要的非洲多边文书(西非经共体法案、非盟公约、南部非洲发展共同体示范法)进行了比较，并在它们之间进行了比较。这些比较可以得出结论，其中一些如下。非洲区域框架没有显示任何针对非洲的数据保护方法。在这些法律的文本中，缺乏个人主义，而更多的是共同体主义的非洲文化或人权话语。非洲文书的起草者似乎默认或明确地接受必须与其他国际文书，特别是欧洲文书保持一致。他们采用了许多“第二代”GDPR元素，但对“第三代”GDPR标准的预期相对较少。分区域协定(西非经共体法和示范法)提供了一种向前推进的手段，尽管在使非盟区域公约生效方面缺乏进展。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Law & Security Review LAW-

CiteScore

5.60

自引率

10.30%

发文量

审稿时长

67 days

期刊介绍： CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.