Nigeria and other African nations have developed a framework that would harmonise laws on data protection and digital economy across the continent.
Lead, Regulations, Monitoring and Compliance, National Information Technology Development Agency (NITDA), Olufemi Daniel, revealed this during the Investigations, Compliance, and Ethics (ICE) September final series by Udo Udoma and Belo-Osagie Law Chambers.
He said a framework that is currently being tested in five countries has been created.
He maintained that one of the propositions Nigeria is to make Africa a single market.
He explained that if someone is transferring data to any African country that has met with the Malabo Convention for Cyber Security and Data Protection, it means the person is sure of a national law that recognises the principles in Convention 108+.
Daniel said it should not be a cross-border issue on the countries to transfer data but that transfers should be seamless, especially with the kickoff of the African Continental Free Trade Area (AfCFTA).
He said: “The implication is that any data centre could be hosted in any African country. It also enables multinationals to choose a country in Africa they can invest in and any transfer of data would be linked to Africa.
“With 1.3 billion Africans, you have a stronger argument rather than going ahead individually. This will give investors more confidence to do business in Africa.
“We are keeping an eye on the principles as they are developing and shaping our laws, particularly the National Parliamentary Data Act coming up soon.”
Global Privacy Counsel, Google, Peter Fleischer, noted that as a multinational company, it is hard to build dozens of services to comply with the laws of various countries.
“But if you build a single standard for Africa, that is a lot more effective and efficient for protecting user privacy and proliferation of user’s privacy around the world,” he said
As Africa continues to develop standards across the continent, he said: “I hope we will be part of the conversation on how to make it real and the takeoff.”
Partner, Slaughter and May’s Corporate and Commercial Group and co-heads Global Data Privacy Practice, Rebecca Cousin, shared how the General Data Protection Regulation (GDPR) applied to non- European Union businesses.
She noted that data protection guidelines, which came into existence about two years ago, advised companies outside of the EU to pay a lot more attention to the regulations.
She maintained that it was important for businesses globally to understand where the GDPR applied, and where it does not, and some of the grey areas and ambiguity that might be helpful in some circumstances.
“Current legislation does not have extraterritorial effect. If you are using personal data to send market emails to people in the EU, you have to comply with the GDPR and you have to comply with the electronic marketing rules. New rules will have extraterritorial effects as they tend to apply very soon in the future.
“It is important to consider the application of the GDPR and the UK GDPR next year when doing anything with individuals in the EU or UK. You can work out what the implications are. Don’t be scared, it is a principle-based regime and necessary. There is a need to get advice at every point in time to know whether you are going to be caught by regulations or not,” she said.