世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管

上傳人：1*** IP屬地：北京上傳時(shí)間：2024-06-17 格式：DOCX 頁(yè)數(shù)：76 大?。?.15MB 積分：15 舉報(bào) 版權(quán)申訴

世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管_第2頁(yè)

世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管_第3頁(yè)

世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管_第4頁(yè)

世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管_第5頁(yè)

已閱讀5頁(yè)，還剩71頁(yè)未讀，繼續(xù)免費(fèi)閱讀

版權(quán)說(shuō)明：本文檔由用戶提供并上傳，收益歸屬內(nèi)容提供方，若內(nèi)容存在侵權(quán)，請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

PublicDisclosureAuthorizedPublicDisclosureAuthorizedPublicDisclosureAuthorizedPublicDisclosureAuthorized

GOVERNANCEANDTHEDIGITALECONOMYINAFRICA

TECHNICALBACKGROUNDPAPERSERIES

RegulatingDigitalDatainAfrica

GOVERNANCEANDTHEDIGITALECONOMYINAFRICATECHNICALBACKGROUNDPAPERSERIES

RegulatingDataProtectionandCybersecurityinAfrica:FindingsfromtheGlobalDataRegulationDiagnostic

TechnicalBackgroundPaper:RegulatingDataProtectionandCybersecurityinAfricaFindingsfromtheGlobalDataRegulationDiagnostic

iii

TheWorldBank

1818HStreetNW

WashingtonDC20433

Telephone:202-473-1000

Internet:

Disclaimer

ThisworkisaproductofthestaffofTheWorldBank.Thefindings,interpretations,andconclusionsexpressedinthisworkdonotnecessarilyreflecttheviewsofTheWorldBank,itsBoardofExecutiveDirectors,orthegovernmentstheyrepresent.

RightsandPermissions

Thematerialinthisworkissubjecttocopyright.Anyqueriesonrightsandlicenses,includingsubsidiaryrights,shouldbeaddressedtoWorldBankPublications,TheWorldBankGroup,1818HStreetNW,Washington,DC20433,USA;fax:202-522-2625;e-mail:pubrights@.

TechnicalBackgroundPaper:RegulatingDataProtectionandCybersecurityinAfricaFindingsfromtheGlobalDataRegulationDiagnostic

Acknowledgements

ThisBackgroundNotewaspreparedbyRongChen(Economist,DigitalDevelopment),LillyanaDazaJaller(consultant),andTaniaBegazo(SeniorEconomist)withcontributionsfromAnaRuival(consultant,DigitalDevelopment).

TheBackgroundNotebenefitedimmenselyfromtheparticipation,assistance,andinsightsfromotherexperts.TheteamisespeciallygratefulforreferencesoncybersecurityassessmentsinAfricaprovidedbyAnatLewin,SeniorDigitalSpecialist,thepeerreviewersDavidSatola,LeadCounsel,Technology&Innovation,LegalandAnatLewin,andthepriorworkconductedfortheWorldDevelopmentReport2021‘DataforBetterLives’thatallowedforthedevelopmentofthesurveyusedtocomparethestatusofdataregulationacrosscountriesinAfrica.

TechnicalBackgroundPaper:RegulatingDataProtectionandCybersecurityinAfricaFindingsfromtheGlobalDataRegulationDiagnostic

CommonAbbreviationsandDefinedTerms

Thissectionexplainsthecommontermsandabbreviationsusedinthispaper.

Abbreviation/Term

FullTerminology/Definition

ARP

AdministrativeRedressPanel

ATI

AccesstoInformation

CERTs

ComputerEmergencyResponseTeams

CNDP

Morocco’sDataProtectionNationalCommission

CSIRTs

ComputerSecurityIncidentResponseTeams

CSSSI

Morocco’sCommitteeforInformationSystemsSecurity

DGSSI

Morocco’sDirectorateGeneralforInformationSystemsSecurity(,

DPC

Kenya’sDataProtectionCommissioner

ECCAS

EconomicCommunityofCentralAfricanStates

FRAND

Fair,reasonableandnon-discriminatoryterms

GCI

GlobalCybersecurityIndex

IPR

Intellectualpropertyright

maCERT

MoroccanComputerEmergencyResponseTeam

NCS

Nationalcybersecuritystrategy

NIN

NationalIdentificationNumber

TableofContents

1ImportanceofDataRegulation 1

2Personaldataprotection 2

2.1ObservationsoftheregulatorylandscapeonpersonaldataprotectioninAfrica 3

2.2Regionalcollaborationonpersonaldataprotection 7

2.3Africavs.otherincomegroupsonpersonaldataprotectionframeworksonthebook 8

2.4Implementationandcompliance 10

3Cybersecurityandcybercrime 14

3.1ObservationsoftheregulatorylandscapeoncybercrimeandcybersecurityinAfrica 15

3.2Regionalcollaborationoncybersecurityandcybercrime 18

3.3Africavs.otherincomegroupsoncybersecurityandcybercrime 19

3.4Implementationofcybersecurityinitiatives 22

4Dataregulationandgovernance 23

5Useandreuseofdataandcrossborderdataflows 26

5.1Enablingtheuse/reuseofpublicintentandprivateintentdata 26

5.2Cross-borderdataflows 28

6Conclusion 31

7References 33

ListofFigures

FigureI.Individuals’concernabouttheironlineprivacy 3

FigureII.DataprotectionlegalframeworksinAfrica 4

FigureIII.ComprehensivenessofAfricandataprotectionlaws 6

FigureIV.ResponsibilitiesofAfricanDataProtectionAgencies 7

FigureV.Percentofcountriespercountryincomegroupthathaveadoptedgoodregulatorypracticesonpersonal

dataprotection 9

FigureVI.CybersecurityandcybercrimeframeworksinAfrica 15

FigureVII.ComprehensivenessofAfricancybersecurityframeworks 16

FigureVIII.ComprehensivenessofAfricancybercrimeframeworks 17

FigureIX.Regulatoryqualityandcybersecurityandcybercrimescore 25

FigureX.Governmenteffectivenessandcybersecurityandcybercrimescore 25

vii

FigureXI.RuleofLawandcybersecurityandcybercrimescore 25

FigureXII.Regulatoryqualityscoreandpersonalprotectionscore 25

FigureXIII.Percentofcountriesperincomegroupthathaveadoptedgoodpracticesonpublicintentdata 27

FigureXIV.Percentofcountriesperincomegroupthathaveadoptedgoodpracticesonprivateintentdata 28

FigureXV.Averagescoresondifferentdatagovernancedimensionsbyincomegroup/region[Notefornextversion:

includeNorthAfrica,E&SandW&Clines] 32

ListofTables

TableI.Implementationandenforcementofdataprotectionlaws 14

TableII.Implementationandenforcementofcybersecurityrules 23

1TheImportanceofDataRegulation

RapiddevelopmentofdigitaltechnologiesinrecentyearshasshownitsgreatpotentialforAfricatopromotejobcreation,improvedeliveryofpublicservices,andenhanceindividualwelfare.Forinstance,itisestimatedthate-commerceplatforms,suchasJumia,couldcreateaboutthreemillionnewjobsinAfricaby2025.1Mobilemoney,exemplifiedbytheglobalhouseholdname—M-Pesa,contributestopovertyreductioninmanyAfricancountries.2TheCOVID-19globalpandemicledtoanacceleratedriseintheuseofdigitaltechnologiesaroundtheworld,increasinginnovationbutalsoleadingtovariousgovernancechallengesandrisks.

Thereisagrowingconcernondataprotectionandcybersecurityrisksassociatedwithvariousdigitaleconomicactivities.Dataprotectionisatthecoreofthisapprehensionforindividualsaroundtheworld.Fromsocialmediatomobilepaymentstotelehealthappointments,ourpersonalinformationisstoredindatabasesonanunprecedentedscale.Whiletheseinnovationsmakeourliveseasierandkeepusconnected,unlessthedataareadequatelyprotecteditcanbemisusedforallkindsofpurposes,fromharassmenttofraud.

TheincreaseduseoftheInternetforbothpersonalandprofessionalneedshascreatedopportunitiesfordangerousplayersseekingtotakeadvantageofvulnerabilitiesforpersonalgain.In2020,Kenyaninternetusersfaced14millionmalwareattacksbetweenJanuaryandAugust.ThenumberofcyberattacksinZimbabwegrewfivetimesduringthesameperiod.3InAugust2020,Experian,aglobalconsumercreditreportingcompany,soldpersonaldataofabout24millionSouthAfricanstoafraudsterposingasalegitimateclient.4InDecember2020,personallyidentifiableinformationbelongingtoAbsaBank’scustomers-whoarespreadthroughouttwelveAfricancountries-wereleaked.AccordingtotheAfricanUnionConventiononCyberSecurityandPersonalDataProtection,cybercrime“constitutesarealthreattothesecurityofcomputernetworksandthedevelopmentoftheInformationSocietyinAfrica”.5

Adequatelegalandregulatoryframeworksarekeyforcountriestobeabletofullyreapthebenefitsofemergingtechnologieswhileminimizingtheassociatedrisks.Theinternationalnatureoftheuseandimpactofthesetechnologiescomplicatetheirregulation.Concernsabouthowdataisacquired,handled,used,sharedandreusedhaveledtogovernmentsestablishingheterogeneousapproachesfordatagovernance.Dataarethebuildingblocksoftheserevolutionarytechnologiesandrestrictingtheirflowcanhampertrade,innovation,andeconomicgrowth.6Governmentshaveadifficulttask:ensuringadequateflowofdataacrossbordersandwithinacountrytoallownoveltechnologiestooperateadequatelywhilesafeguardingindividualrights.Arights-basedapproachcanleadtoincreasedtrust,whichcaninturnfosterdataflowsanddata-baseddigitalsolutionsfordevelopment.7Thisnotefocusesonfewkeyregulatoryaspects:dataprotection,cybersecurityandcybercrimetoboostdigitaltrust;andrulesontheuse,transferandre-useofdatatoenablenewdigitaltechnologies.OtheraspectsofthedataecosystemasdescribedintheWordDevelopmentReport‘DataforBetterLives’arenotcoveredinthisnote.

Tomaximizethedividendsfromaboomingdigitaleconomy,thecontinentshallbepreparedtoaddressrisksassociatedwiththevarietyofdigitaleconomyactivities,whileenablingtheuseofdatafordevelopment.Arobustdatagovernanceenvironmentisessentialinpromotingthesustainabledevelopmentofthedigitaleconomy.Acomprehensiveregulatoryframeworkthatspecifiesrightsand

responsibilitiesofdifferentstakeholdersincollecting,using,andreusingofdata,independentauthoritiestoenforcelawsandaddresspubliccomplaintsonviolations,aswellaspublic-privatepartnershipandregionalcollaborationareallimportantcomponentsofsucharobustdatagovernanceenvironment.

ThisnoteaimstoprovideanoverviewofdatagovernanceframeworksinAfricaandexplorelinkswithengenderingpublictrustandimprovingaccountabilityandtransparency,aswellasprovidinganenablingenvironmentforparticipatinginthedigitaleconomy.ItexploitsdatafromtheGlobalDataRegulationDiagnostic(GDRD)8whichcollectedinformationondataregulationsacross80countriesglobally,including24Sub-SaharanAfricancountriesandthreeNorthAfricancountries,asofJune2020.9AdditionalinformationforselectedcountrieswascollectedthroughdeskresearchandinterviewstounderstandchallengesintheimplementationofrulescapturedbytheGDRD.ThiscomplementaryinformationisasofFebruary2022.

Thisnoteisorganizedasfollows.Section1coversdataprotection,whilesection2looksintocybersecurityandcybercrime,bothimportantaspectsfordigitaltrust.Section3looksatthelinkagesbetweendataprotectionandcybersecurityandcybercrimeframeworksandbroadergovernanceindicators.Section4highlightsaspectsthatcanaffecttheuseandreuseofdata-datacollectedforpublicpurposesandbytheprivatesectoraspartofroutinebusinessprocess-forthedevelopmentofdigitaltechnologies.

2Personaldataprotection

Personaldataprotectionisacrucialaspectofaneffectivedatagovernanceenvironment.Personaldatareferstodatathatconveysinformationthatisspecifictoaknownorknowableindividual.Lackoftrustinthewaypersonaldataismanagedmakesindividualsuncomfortableaboutsharingsuchdata,whichcouldlimitthegrowthofthedigitalmarkets.10AccordingtotheDataConfidenceIndex,11internetusersinAfricaareparticularlyconcernedabouttheimpactoftheinterneton“personalprivacy”.12ConsumersinKenyaexpressedpreferencesondigitalloanproductswithmore“dataprivacy”features.13Inastudyconductedin2019,96percentofEgyptiansexpressedconcernabouttheironlineprivacy,wellabovetheglobalaverageof78percent.14Ontheotherhand,Kenyastoodoutwiththehighestlevelofconfidenceamongalltheeconomiescovered(FigureI).Governmentscanhelpengendertrustbygrantingdatasubjectrightswithregardtotheirpersonalinformationandimposingtechnicalrequirementsondatacontrollersanddataprocessorstoensuretheadequateprotectionoftheinformation.Theestablishmentofacapableandeffectiveenforcementauthorityisalsokeytoensureadequateimplementationofthelegislation.15

FigureI.Individuals’concernabouttheironlineprivacy

Source:CIGI-Ipsos(2019)

2.1ObservationsoftheregulatorylandscapeonpersonaldataprotectioninAfrica

OverhalfofthecountriesinAfricahaveintroducedgeneraldataprotectionlegislation,applicabletoallsectors(FigureII).Tunisia,Mauritius,andBurkinaFasowereregionalpioneersinthisregard,introducingdataprotectionlawsasearlyas2004.Duringthefollowingdecade,severalcountriesfollowedsuit,andasofDecember2021twenty-sixAfricancountrieshaveadoptedgeneraldataprotectionlaws.Notably,MauritiuspasseditsDataProtectionAct,whichiscloselyalignedwiththeEUGeneralDataProtectionRegulation(GDPR),fivemonthsbeforetheEUregulationwasimplementedinMay2018.Theyear2020wasoneofgreatadvancesfordataprotectionlegislationinAfrica.Egypt’sLawontheProtectionofPersonalDatacameintoforceinOctober2020.Priortotheapprovalofthislaw,Egypthadsector-specificlegislationwhichaddresseddataprotectionissues,suchastheLaborLawandtheBankingLaw.InSouthAfrica,althoughtheProtectionofPersonalInformationActwassignedintolawin2013,mostoftherelevantprovisionswerenotoperationaluntilJuly2020.Mostrecently,RwandapublishedadataprotectionlawinitsOfficialgazetteinOctober2021.Othereconomieshavereportedlyengagedindiscussionstointroducegeneraldataprotectionlaws,includingEthiopia,Malawi,andTanzania;however,nopublicdraftsofthoselawswereavailableasofFebruary2022.

AsmallernumberofAfricancountrieshaveintroducedsector-specificlaws,andsomerelyonconstitutionalprovisionsforprivacyprotection.Forexample,althoughCameroonhasnogeneraldataprotectionlaw,itsLawonCybersecurityandCybercrime–applicabletoelectroniccommunicationsnetworksandinformationsystems—includesprovisionsondataprivacy.AlthoughtheDemocraticRepublicofCongoandLiberiahavenotintroducedanylawsaddressingtheissueofdataprotection,bothcountries’Constitutionsincludeprovisionsregardingtheindividualrighttoprivacy.However,thesemeasuresarenotsufficienttotacklethesituationsdatasubjectsanddataprocessorsareexposedtoin

today’sworld.Finally,eightAfricancountries(denotedingrayinthemapbelow)lackanymentionofdataprotectionorprivacyintheirlegalframeworks.

Note:atopscoreof1(darkorange)indicatestheexistenceofageneraldataprotectionlaw,ascoreof0.5indicatestheexistenceofonlyasector-specificpersonaldataprotectionlegislation;ascoreof0.25(lightestorange)indicatesthatthereareprivacyand/ordataprotectionrightsprotectedinthecountry'sconstitution.

FigureII.DataprotectionlegalframeworksinAfrica

Source:AuthorsbasedonGlobalDataRegulationDiagnosticandDataGuidance(2021)

Afteradoptingadataprotectionlawofgeneralapplication,comprehensivenessofsuchlawdeterminesthelevelofprotectionprovidedtodifferentmarketplayers.AspointedoutintheGlobalDataRegulationDiagnostic,itiscrucialtoexaminewhetherthedataprotectionlawspecifiesdatasubjectrightssuchasredressandtherighttochallengetheaccuracyofdatacollected,andrequirementsforcollectionandprocessing,suchaspurposelimitation,dataminimization,andstoragelimitation(Box1).Itisalsoimportanttolookatwhetherlimitationsexistontheabilitytomakedecisionsaboutindividualsonlyonthebasisofautomatedprocessing,whichmightleadtosocialdiscrimination,andwhetheranecessityand

proportionalitytestappliestoexceptionstolimitationsongovernmentdatacollectionorprocessing.Finally,otherkeyinformationincludeswhetherdatasubjectrightsareeffectivelyprotectedonthetechnicalsidethroughtheimplementationofmeasuresbasedonthedataprotectionbydesignanddataprotectionbydefaultprinciples,aswell

BoxI.Dataprocessingrequirements

Purposelimitation

Datamustonlybecollectedforaspecifiedpurpose

Data

minimization

Datamustbeadequate,relevant,andlimitedtowhatisnecessaryinrelationtothespecifiedpurpose

Storagelimitation

Datamustnotbekeptlongerthanisnecessaryforthespecifiedpurpose

Source:ICO(2021)

asbythemonitoringactivityofadataprotectionauthority.

TheexistingdataprotectionframeworksinAfrica16arelargelycomprehensive(FigureIII).Governmentsthathaveintroducedanoverarchingdataprotectionlawhavetendedtoincludewhatareemergingascommonelementsofgoodinternationalpracticeinthisarea,suchaspurposelimitation,dataminimization,anddatasubjectrights,whichfeatureinsourcesrangingfromtheOECDPrinciplesandGDPR.KenyaandBeninhavealsoincludedmorenovelmeasures,suchasdataprotectionbydesignanddataprotectionbydefault.Notably,SouthAfrica’sdataprotectionlaw,whichcameintoeffectin2020,leavesouttheserequirements.Dataprotectionbydesignmeansthatentitiesshouldconsiderdataprotectionattheinitialdesignstagesoftheirproductsandsystemsandthroughoutthelifecycleofthedatacollected,andnotasanafterthought.Theprincipleofdataprotectionbydefaultentailsincorporatingtheprincipleof‘dataprotectionbydesign’bydefaultintoitsdataprocessingactivities.Olderdataprotectionlaws,whichcalledfor‘a(chǎn)ppropriatetechnicalandorganizationalmeasurestoprotectdata’,weretoobroad,allowingcontrollerstobereactivewithregardtodataprotectioninsteadofimplementingpreventativemeasuresfromtheoutset.Finally,PrivacyEnhancingTechnologies(PETs)aretechnologiesdesignedtoalloworganizationstoextractthefullpotentialofdatawithoutputtingadatasubject’sprivacyatrisk.

Datasubject'srighttoredressDatasubject'srighttochallengeaccuracyDatasharingrestrictions

Storagelimitation

Dataminimization

Purposelimitation

DataProtectionAuthoritySafeguardsonautomateddecisionsNecessity&proportionalitytest

Dataprotectionbydesign/default,PETs

0510152025

#ofnationallawsthatadoptedtheprovision

FigureIII.ComprehensivenessofAfricandataprotectionlaws

Source:AuthorsbasedonGlobalDataRegulationDiagnosticanddesktopresearch

EveryAfricancountryinthesamplethathasadoptedadataprotectionlawofgeneralapplicationhasbuttresseditwiththerequirementtoestablishadataprotectionauthority(DPA),butthisauthorityisnotalwaysindependentorinoperation.InseveralAfricancountries,includingAngolaandEgypt,althoughthedataprotectionlawrequirestheestablishmentofaDPA,ithadnotbeenestablishedinpracticebyFebruary2022.AnindependentDPAisregardedasacriticalelementofaneffectivedataprotectionregulatoryframework17andmostdataprotectionlawsinthecontinentcallforit,howevermanyAfricancountriescannotaffordtoestablishanindependentDPAandthereforeestablishitaspartofanexistingagencyasafirstphase.ThisisthecaseinNigeria,Rwanda,andUganda,forexample,wherethedataprotectionauthoritiesarenotseparatefromtheministry.Othercountriesintheregionareenvisioninganalternativeapproach,includingBurundiandSomalia,wheretheDPAwillbepartofthetelecommunicationsregulator.Thisphasedevolution,aspartofanexistingregulator,canhelpdevelopingcountriessetuptheirDPAs,focusingonbuildingtheagency’sresourcesbeforeitbecomesfullyindependent.

Finally,legallymandatedDPAsinAfricaaretaskedmainlywithresponsibilitiessuchaspromotingawarenessoftherisks,rules,andsafeguardsofrightspertainingtopersonaldata,providingaredressmechanism,providingguidanceontheinterpretationofthelaworregulation,andenforcingnationaldataprotectionrightsandobligationsenshrinedunderthelaworregulation(FigureIV).However,taskssuchaspublishingactivityreportsandencouragingthecreationofcodesofconductandcertificationsreviewarescarceramongDPAmandatesinAfrica,limitingtheagencies’powertoensurecompliance.Finally,fewAfricanlegalprotectionframeworksrequirekeepingrecordsofsanctionsandenforcement,reducingthetransparencyandaccountabilityoftheagencies.

Codesof

conductand

certification

review

ActivityreportsSanctionsandenforcement

records

Raisingawareness

Redressmechanism

Guidanceand

interpretation

ofrules

Enforcement

FigureIV.ResponsibilitiesofAfricanDataProtectionAgencies

Source:AuthorsbasedonGlobalDataRegulationDiagnosticanddesktopresearch

2.2Regionalcollaborationonpersonaldataprotection

Withthebourgeoningofdigitaltrade,dataflowsarenotboundtonationalterritories.Forinstance,cross-borderremittancesorcross-bordere-commercerequiresconsistentrulesacrosscountriestoprovidesimilarlevelofconsumerprotection.18Reachingregionalconsensusondataprotectionstandardsisneededtoensurecompatibilityandavoidfragmentation.19Regionalcollaborationalsohelpsamplifythevoiceofsmallerdevelopingcountriesinglobalnegotiationsrelatedtodatagovernance,especiallygiventhelackofrepresentationinafewongoinginternationaltalkssuchasthediscussionledbytheWorldTradeOrganization(WTO)onadatagovernanceframeworkforcross-borderdataflows.

AfewAfricanregionalcommunitieshavetakeninitiativestopromoteregionalintegrationonpersonaldataprotection.TheEconomicCommunityofWestAfricanStates(ECOWAS)hasbeenworkingtowardsregion-wideconvergenceinIT-relatedstandardsandtheharmonizationofregulations.ThecommunityadoptedtheSupplementaryActonPersonalDataProtectionin2010.Thelegallybindingactspecifiesdatasubjectrights,includingtherightofaccessandtherightofdeletion,aswellasrequirementsforcontrollers,suchasconfidentialityandsecurityofthepersonaldata.TheActalsorequiresallmemberstoestablishanindependentdataprotectionauthoritytoensurecompliance.AlthoughimplementationwasrequiredwithintwoyearsoftheadoptionoftheAct,onethirdoftheMemberStateseitherhavenolegislationorarestillintheprocessofadoptinglegislation.Benin,BurkinaFaso,andSenegalhadalreadyintroduceddataprotectionlawspriortotheSupplementaryAct,andMali,Ghana,andCoted’IvoireareamongthecountriesthatincorporatedtheAct.

Similarly,theAfricanUnion(AU)ConventiononCyberSecurityandPersonalDataProtection(alsoknownastheMalaboConvention),whichseekstocreateapan-Africanframeworktoaddresselectronictransactions,personaldataprotection,andcybercrime,wasadoptedbytheAUin2014.Todate,ithasbeensignedbyfourteencountriesandratifiedbyeightcountries.20However,theConventionmustberatifiedbyfifteenofthefifty-fiveAUstatestoenterintoforce.Thechapteronpersonaldataprotectionaddressesautomatedandnon-automateddataprocessingbypublicandprivateentities.Itimposesanobligationonallstatepartiestoestablishadataprotectionagency,responsibleforinformingindividuals

anddataprocessorsoftheirrightsandobligations.Italsolaysoutdataprocessingprinciples,includingspecificprinciplesfortheprocessingofsensitivedata.GiventheConvention’sdeficienciesandlackoftraction,recentconversationsamongtheAfricanUnionhavefocusedonhowtoreboottheMalaboConvention.Additionally,inFebruary2022,theAfricanUnionExecutiveCouncilendorsedtheAfricanUnionDataPolicyFrameworkthataimsatprovidingguidanceonvariousareasincludingdataprotection.21

Finally,BurkinaFaso,CaboVerde,Mauritius,Morocco,Senegal,andTunisiahaveratifiedtheCouncilofEurope’sConvention108.Thisisaninternationalhumanrightstreatyfocusedondataprotection,settingoutprinciplesthatarecompatiblewiththerequirementsofEuropeanUnion(EU)regulation.Itistheonlyexistingbindinginternationaldataprotectionconvention.In2018,21statessignedaprotocolmodernizingConvention108,knownas“Convention108+”,whichalignswiththeEUGDPR.MauritiusandTunisialatersignedtheamendingprotocol,andotherpartiestoConvention108,suchasMorocco,areintheaccessionprocessfor108+.Atthesametime,Moroccoisupdatingitsowndataprotectionlegislation

toseekanadequacydeterminationfromtheEuropeanUnionundertheGDPR.Thislatterapproachis

alsoanoptionforotherAfricancountriestofacilitatetradeandcrossborderdataflowswithkeytradepartners.

2.3Africavs.otherincomegroupsonpersonaldataprotectionframeworksonthebook

Comparedtoothercountriesincludedinthesample,theexistingdataprotectionlegalframeworksofAfricancountriesarecomprehensive.Thecontinentperformsonparwithorbetterthanlow-and-middle-incomeeconomiesinotherregionsonmostofthedimensionsstudied.AdoptionoftheregulatorypracticeondataprotectionbydesignislowerAfricathaninothercountriesstudiedacrossdifferentincomegroups.However,fortherestofthedimensions,Africancountriesareamongthetopperformers.Forexample,althoughonlynineAfricandataprotectionlawsincludeatestofnecessityandproportionalitytodeterminewhetheranexceptiontolimitationsondatacollectionorprocessingbythegovernmentislegitimatelyapplied,theregionfaresbetterinthisregardthanotherlow-incomecountries(LICs),andothermiddle-incomecountries(MICs)inthesample(FigureV).Furthermore,Africaisinlinewithorslightlybelowtheado

人人文庫(kù)> 全部分類> 應(yīng)用文書 > 研究報(bào)告

溫馨提示

1. 本站所有資源如無(wú)特殊說(shuō)明，都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
2. 本站的文檔不包含任何第三方提供的附件圖紙等，如果需要附件，請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
3. 本站RAR壓縮包中若帶圖紙，網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽，若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間，僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理，對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯，并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容，請(qǐng)與我們聯(lián)系，我們立即糾正。
7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管

文檔簡(jiǎn)介

溫馨提示

最新文檔

評(píng)論

世界銀行 -非洲數(shù)字?jǐn)?shù)據(jù)監(jiān)管

文檔簡(jiǎn)介

溫馨提示

最新文檔

評(píng)論

相關(guān)文檔