Find a legal text

Legislation

Texts international continental community national

This section brings together key African legal texts related to privacy and personal data protection. The documents are classified into four categories: international, regional, community and national texts. It serves as an essential resource for exploring the legal frameworks in force on the continent, and analyzing harmonization and regulatory efforts in personal data governance in Africa.

International texts

Guiding principles for the regulation of computerised files containing personal data

Adopted on 14 December 1990 by the United Nations General Assembly (resolution 45/95), these principles define minimum guarantees to protect privacy in the management of computerised files. They address issues such as the lawfulness, accuracy and purpose of data, access rights, non-discrimination, security, controls and cross-border data flows. Applicable to public and private files and those of international organisations, These principles aim to ensure that data is processed ethically, securely and in compliance with human rights.

United Nations resolution on the right to privacy in the digital age

Adopted on 17 December 2018 at the 73rd session of the United Nations General Assembly, this resolution reaffirms the importance of the right to privacy, both online and offline, in the age of digital technologies. It highlights the growing concerns about surveillance, the massive collection of personal data, and the risks of human rights violations. The resolution encourages states to adopt legal frameworks aligned with international standards, to promote transparency, and to guarantee effective remedies for violations. It also calls on companies to respect human rights, enhance the security of communications and provide clear information about their data practices. Finally, it stresses the importance of independent control mechanisms, multi-party cooperation, and regulation adapted to the challenges of artificial intelligence and emerging technologies.

Universal Declaration of Human Rights

Adopted on 10 December 1948 by the United Nations General Assembly, the Universal Declaration of Human Rights is a founding text that proclaims the fundamental rights inherent in every individual. Structured around 30 articles, it affirms principles such as equality, freedom, human dignity and justice, while protecting civil, political, economic, social and cultural rights. It emphasises the prohibition of discrimination, slavery and torture, as well as the right to education, social security and privacy. As a universal instrument, it aims to guide nations and promote a world based on peace, freedom and equality.

Continental texts

African Union Convention on cybersecurity and personal data protection

Adopted in 2014, this convention establishes a harmonised legal framework within the Member States to strengthen cybersecurity and protect personal data. It aims to secure electronic transactions, protect the rights of individuals and combat cybercrime. The convention sets out obligations for states, including the creation of national data protection authorities , and promotes principles such as transparency, confidentiality, security and legitimacy in data processing. It also commits the parties to work together to harmonise legislation and strengthen international cooperation in the face of cyber threats. It entered into force in 2013 with the ratification of Mauritania.

Community texts

Directive C/DIR/1/08/11 on combating cybercrime in the CEDEAO region.

This directive , adopted by the Council of Ministers of the Economic Community of West African States (ECOWAS) aims to harmonise the national legislation of Member States in the fight against cybercrime. It defines specific offences related to information and communication technologies (ICTs ), establishes appropriate penalties , proposes procedural rules for the collection of electronic evidence, and promotes international judicial cooperation. Adopted on 19 August 2011 in Abuja, it calls on Member States to incorporate the necessary provisions into national law by 1 January 2014 at the latest.

Regulation n°15/2002/CM/UEMOA of 23 May 2002 relating to payment systems in the the Member States of the West African Economic and Monetary Union (WAEMU)

Regulation No. 15/2002/CM/UEMOA on payment systems provides a legal framework for payments in the Union to ensure their security and efficiency. payments in the Union to ensure their security and efficiency, while incorporating modern features such as electronic money and electronic signatures. It raises major issues for privacy, in particular the strict collection of personal data to open accounts (Article 43), the mandatory retention of electronic data (Article 20) and the securing of qualified electronic signatures (Articles 21-26). Although intended to guarantee the traceability and integrity of transactions, these measures call for a balance between innovation, data protection and user privacy, these measures call for a balance between innovation, data protection and respect for users ‘ privacy.

Additional Act A/SA.2/01/10 of 16 February 2010 on electronic transactions in the CEDEAO region.

TheAdditional Act A/SA.2/01/10 of 16 February 2010 adopted by ECOWAS establishes a common legal framework to regulate electronic transactions within the Member States. This instrument aims to promote confidence in the digital economy and to harmonise national legislation in order to support trade and digital transformation in the ECOWAS region. to support trade and digital transformation in the CEDEAO region.

Additional Act A/SA.1/01/10 of 16 February 2010 on the protection of personal data within the CEDEAO region.

TheAdditional Act A/SA.1/01/10 of 16 February 2010 adopted by ECOWAS establishes a harmonised legal framework for the protection of personal data in its Member States. for the protection of personal data in its Member States. This instrument is an essential milestone in guaranteeing the fundamental rights of individuals to privacy, while facilitating the development of the digital economy and regional integration. privacy while facilitating the development of the digital economy and regional integration.

CEDEAO Supplementary Act A/SA 2/01/07 of 19 January 2007 on access to and interconnection of networks and services in the information and communication technologies (ICT ) sector

The CEDEAO Supplementary Act A/SA 2/01/07, adopted on 19 January 2007, establishes the legal framework for access to and interconnection of networks and services in the Information and Communication Technologies (ICT ) networks and services in the ECOWAS region. This instrument was designed to strengthen regional integration by harmonising the rules and practices rules and practices relating to network interconnection and access to ICT services, in order to foster the development of the sector and universal access to digital services.

Directive n°07/08-UEAC-133-CM-18 of 19 December 2008 laying down the legal framework for the protection of users ' rights of electronic communications networks and services within CEMAC

The Directive n°07/08-UEAC-133-CM-18 of 19 December 2008 establishes the legal framework for the protection of the rights of users of electronic communications networks and services. rights of users of electronic communications networks and services. This directive aims to strengthen the rights of consumers in the telecommunications sector while telecommunications sector, while promoting a fair and competitive environment in the CEMAC region.

Regulation No. 01/20/CEMAC/UMAC/COBAC on the protection of consumers of banking products and services in CEMAC

Regulation No. 01/20/CEMAC/UMAC/COBAC, adopted on 23 April 2020, establishes a legal framework for the protection of consumers of banking products and services in the Central African Economic and Monetary Community (CEMAC). This regulation, initiated by the Central African Banking Commission (COBAC), aims to guarantee transparency, fairness and security in relations between banking establishments and their customers.