In recent years, the number of African countries which have enacted privacy frameworks or are planning data protection laws has vastly increased.

Currently, 14 African countries have privacy framework laws and some sort of data protection authorities in place. Once the African Union Convention on Cyber Security and Personal data Protection (Convention) is ratified across the continent, many other nations will likely enact personal data protection laws.

Currently, seven African countries have data protection bills in place: Kenya, Madagascar, Mali, Niger, Nigeria, Tanzania, and Uganda. Many analysts believe that the Convention seeks to replicate the European Union data protection model whereby each country has its own national data protection laws and authority.

Despite these developments, the Convention still has many important areas to provide guidance on. For instance, the Convention fails to define what is meant by “consent”, “personal data” and the “legitimate grounds” individuals can raise to object to the processing of their information.

The international human rights advocacy group, Access, welcomes these changes, but stresses that “change won’t happen overnight”, and that “it will likely be a few years” before countries enact laws to implement the Convention.