Privacy imperilled: analysis of surveillance, encryption and data localisation laws in Africa
Collaboration on International ICT Policy for East and Southern Africa (CIPESA)
(2022), 67 pp.
CC BY-NC
"The right to privacy has come under increased attack in many African countries, with the proliferation of digital technologies being matched by state measures that negate this right. In the past few years, many countries across the continent have enacted various laws that permit surveillance, mandate telecommunication intermediaries to facilitate the interception of communication, stipulate the mandatory collection of biometric data, limit the use of encryption, require the localisation of personal data, and grant law enforcement agents broad search and seizure powers. This report therefore maps and analyses the laws and policies that impact on privacy, notably those that regulate surveillance, limitations on encryption, data localisation, and biometric databases. This analysis could inform remedial and mitigatory steps to protect the right to privacy, which may include strategic litigation and advocacy for legislative and policy reforms. Moreover, the results of this analysis are also crucial for monitoring developments and trends on privacy regulation and practice in the region." (Introduction, p.5-6)
Contents
1 Introduction, 5
2 Policy and Legal Framework, 7
2.1 Algeria, 9
2.2 Angola, 12
2.3 Benin, 13
2.4 Burkina Faso, 16
2.5 Burundi, 18
2.6 Cape Verde, 20
2.7 The Central African Republic (CAR), 21
2.8 Congo Brazzaville, 22
2.9 The Democratic Republic of the Congo (DRC), 24
2.10 Gabon, 26
2.11 Guinea Conakry, 28
2.12 Ivory Coast, 30
2.13 Lesotho, 33
2.14 Liberia, 34
2.15 Madagascar, 36
2.16 Mauritius, 38
2.17 Morocco, 42
2.18 Niger, 45
2.19 São Tome & Principe, 47
2.20 Sierra Leone, 48
2.21 South Sudan, 52
2.22 Sudan, 53
2.23 Togo, 55
3 Discussion, 58
Surveillance -- Imposition of liability on Intermediaries -- Weak Oversight of Surveillance Operations -- Limitations on the Use of Encryption -- Prohibitive Encryption Regulation -- Compelled Assistance by Service Providers -- Data Localisation -- Biometric Data Collection Concerns
4 Recommendations, 66
2 Policy and Legal Framework, 7
2.1 Algeria, 9
2.2 Angola, 12
2.3 Benin, 13
2.4 Burkina Faso, 16
2.5 Burundi, 18
2.6 Cape Verde, 20
2.7 The Central African Republic (CAR), 21
2.8 Congo Brazzaville, 22
2.9 The Democratic Republic of the Congo (DRC), 24
2.10 Gabon, 26
2.11 Guinea Conakry, 28
2.12 Ivory Coast, 30
2.13 Lesotho, 33
2.14 Liberia, 34
2.15 Madagascar, 36
2.16 Mauritius, 38
2.17 Morocco, 42
2.18 Niger, 45
2.19 São Tome & Principe, 47
2.20 Sierra Leone, 48
2.21 South Sudan, 52
2.22 Sudan, 53
2.23 Togo, 55
3 Discussion, 58
Surveillance -- Imposition of liability on Intermediaries -- Weak Oversight of Surveillance Operations -- Limitations on the Use of Encryption -- Prohibitive Encryption Regulation -- Compelled Assistance by Service Providers -- Data Localisation -- Biometric Data Collection Concerns
4 Recommendations, 66
