Today, the Future of Privacy Forum released a Report looking into the Strategic Plans for the coming years of seven African Data Protection Authorities (DPAs). The Report gives insight into the activity and plans of DPAs from Kenya, Nigeria, South Africa, Benin, Mauritius, Côte d’Ivoire, and Burkina Faso. It also relies on research conducted across several other African jurisdictions who have adopted data protection laws in recent years but have not yet established a DPA, or whose DPAs have not published strategic documents in the past two to three years.
Since the 2001 enactment of Africa’s first data protection law by Cape Verde, many other African countries have followed suit. Two decades later, 33 African countries boast comprehensive data protection laws. This growth in legislation has received well-deserved attention as the continent continues to articulate its position on privacy and data protection matters.
Until now, most publications on the state of data protection in Africa have focused on the processes of creating and enacting comprehensive laws. As a result, other important aspects of the data protection machinery including implementation and enforcement have received little attention. This has hampered efforts to obtain a comprehensive picture on the state of data protection in Africa. Particularly, despite their important role in shaping data protection discourse on the continent, the activities of the Data Protection Authorities (DPAs) entrusted with implementing the laws are not well known or documented. Even with comprehensive data protection laws, not all countries have operational DPAs due to factors