Picture: ddzphoto/Pixabay – Africa should work towards the harmonisation of the legal and technical data management and regulation standards, says the writer.
By David Monyae
The regulation and legislation of the ownership and control of data produced and generated in a particular jurisdiction – data sovereignty – has become a global buzzword.
While data sovereignty has assumed many forms, the most popular one has been data localisation, which entails the legally binding requirements that data (both personal and non-personal) produced in the territory of a specific jurisdiction be stored and processed in servers located in that jurisdiction.
At times, the law, such as the European Union’s General Data Protection Regulations (GDPR) and South Africa’s Protection of Personal Information Act (POPIA), may impose onerous conditions on the transfer of data to other countries so much so that it effectively forces companies to store and process data locally. The number of countries with data localisation policies has grown from just 35 in 2017 to over 100 by the end of 2021.
The most often cited reasons for data localisation policies include the protection of citizens’ privacy, enhancing cybersecurity, moving up the data value chain, censorship and surveillance and the ease of law enforcement and compliance monitoring.
The data sovereignty wave has also reached Africa’s shores, with countries such as Zimbabwe, Ivory Coast, Ghana, Kenya, South Africa, Senegal and Nigeria, among others adopting legislation and policies regulating the cross-border flow of data.
At the continental level, the African Union (AU) adopted the Convention on Cybersecurity and Personal Data Protection, also known as the Malabo Convention in 2014, to improve the continent’s cybersecurity and protect citizens’ data as digital transformation gains momentum.
The 2020-2030 Digital Transformation Strategy proposes the localisation of key digital infrastructure, such as data centres, to reduce the cost of international connectivity and enhance the continent’s data sovereignty.
The piece states that “even though Africa is at the moment less restrictive, soon it will be necessary to ensure localisation of all personal data of Africa’s citizens.”
In a world where malicious and harmful cyberspace behaviour has become more frequent and sophisticated, with its consequences becoming even more severe and devastating, surely there is a case for the states’ quest to exercise more control of cyberspace under their jurisdictions.
In July 2021, one of South Africa’s critical state-owned enterprises, Transnet, suffered a major cyberattack which threw operations of the country’s main ports such as Durban, Cape Town, Gqeberha and Ngurha into disarray.
This attack disrupted major supply chains with a potentially catastrophic effect on the economy. Cybercrime is also on the rise in Africa. According to a 2021 report from Interpol, 679 million cyber threats were detected on emails, 8,72 million on files and 14 million on the web targeting internet users in Africa, including businesses and individuals.
The report states that the continent loses $4.5 billion (R75.2 billion) annually to cybercrimes such as digital extortion, online scams, ransomware and botnets. South Africa is one of the most affected countries reported to have lost almost $150 million to cybercrime in 2021.
As such, with so many individuals, businesses and critical infrastructure becoming vulnerable to cyberattacks, states’ clamouring for sovereignty over cyberspace is perhaps justified.
However, in Africa, the wave of data sovereignty coincides with concerted efforts to promote economic integration, as demonstrated most recently with the launching of the African Continental Free Trade Area (AfCFTA) in 2021.
The AfCFTA’s objectives of creating a single continental market by liberalising the movement of capital, goods, persons, and services across borders simply cannot happen without the free flow of data across borders.
With the increasing penetration and adoption of digital technologies in both the economy and society, digitally enabled trade in goods and services offers Africa considerable efficiency gains in trade which could result in economic growth, improved global competitiveness and increased consumer welfare. Already, Africa’s e-commerce market is valued at $24 billion and is projected to increase to over $36 billion (over 1% of Africa’s GDP) in 2024.
Digital transformation offers numerous benefits, including reduced transaction costs, improved market information flow, and increased market access and participation for small and medium enterprises (SMEs).
Digital payment systems will cut the red tape and make it easier for businesses and consumers to make and receive payments across borders. The digitisation of customs services will go a long way in fast-tracking the processing of goods and services across borders and thus reduce the costs of exporting, which have long hampered intra-continental trade.
However, the realisation of this digital utopia depends on the approaches adopted by African countries to data governance. Digital trade can only thrive and flourish in an environment of free-flowing information across borders.
This means that Africa should work towards the harmonisation of the legal and technical data management and regulation standards to enable swift processing of payments, digital platform services and customer and business links in the region. Thus far, the proliferation of national-level approaches to data sovereignty is characterised by incompatible and inconsistent data governance laws and policies will hinder the flow of data across the continent and stifle digital trade.
According to a report by the United Nations Conference on Trade and Development (UNCTAD), only 25 out of 54 countries in Africa have legislation on online consumer protection, 39 have cybercrime legislation, 27 have data protection and privacy laws, and 33 have legislation on electronic transactions.
These numbers indicate that half of the countries in the continent do not have laws on data protection and consumer protection. Without such fundamentals in place, digital trade is not possible.
The new AU Data Policy Framework is a crucial intervention in this regard as it lays the foundation for intra-Africa data free-flow under a shared governance framework. Proposals under the new policy, such as the Cross Border Data Flows Mechanism and the Common Data Categorisation and Sharing Framework, will go a long way in ameliorating the fragmentation of the continental data economy.
An African fintech company, Flutterware, with a market value of $3 billion, processes over 200 million transactions worth over $16 billion in 34 African countries. The company’s platform has to contend with a multitude of digital regulatory frameworks in the continent, which eats into its profit margins and serves as an entry barrier to potential fintech start-ups.
It is disappointing that the first attempt at harmonising cybersecurity and personal data protection regulations at the continental level, 2014 Malabo Convention, has only been signed by 14 countries, with only eight having ratified it thus far.
Continental rather than national data sovereignty is the right way if Africa is to enjoy the economic dividends of the digital revolution. A continent-wide sovereign cloud infrastructure, similar to the proposed GAIA-X cloud network in Europe, to store and process data underpinned by shared African values and interests if Africa is to harness the digital revolution to its benefit.
Shared continent-wide digital infrastructure and regulatory framework will and regulatory framework will see the realisation of the single digital market as envisioned in the AfCFTA Agreement and drive continental integration further.
Of course, Africa still has to overcome the hurdle of low digital technology penetration, with only 22% of the continent having access to an internet connection. However, as efforts to expand digital infrastructure gather pace, the AU Data Policy Framework could not have come at a better time.
David Monyae is an associate professor of international relations and political Sciences and Director of the Centre for Africa-China Studies at the University of Johannesburg.