Research Reports
Reports produced as part of the ProDP-Africa Research Program
Executive Summary (Senegal Report)
Table of contents
Senegal began legislating on personal data protection in 2008, primarily through Law No. 2008-12 of January 25, 2008, on personal data protection, and its implementing decree No. 2008-721 of June 30, 2008. The 2008 legislation addressed the challenges of its time, related to the emergence and development of the information society in Senegal. It considered issues within the Senegalese, African, and international contexts of personal data protection.
Fifteen years later, the context, challenges, and issues related to the digital society in general—and to data in particular—have evolved significantly. This evolution is due to the development, diversification, and widespread adoption of digital technologies and their applications. Personal data, in particular, has come under increasing focus as both a resource and an integral part of the broader concept of data as a whole.
The perception of data as a resource has given rise to nearly limitless technological applications and uses. This is the era of artificial intelligence, smart and connected devices, big data, social networks, augmented reality, enhanced individuals, and more. These digital civilizations and uses, almost entirely based on data, bring new and more complex dimensions to the question of personal data protection and privacy.
How can we protect personal data today in a context and society where data is perceived as a legal object, an economic resource, a political and strategic issue, and a lever for social and cultural development?
This study, focused on Senegal, begins with the current state of affairs. It explores the opportunities associated with personal data at the political, social, cultural, and legal levels while also identifying the risks tied to these uses. The study then analyzes the content of the legal and institutional framework currently in place for personal data protection, aiming to uncover both identified and unidentified risks that remain unaddressed.
To provide a better basis for the diagnosis, the project team called on civil society organizations to provide their opinions and contributions.
The shortcomings identified are linked to the lack of control over the use of personal data, the quality of the standards and the performance of the institutions responsible for implementing the legal framework. Finally, the study concludes with recommendations likely to help master the issues, improve the legal framework and anticipate imminent challenges.
Recommendations ( Senegal report)
Here is a summary of the main recommendations from our Senegal 2022 Report on the protection of personal data:
1. Improving the legal and institutional framework :
- Updating of the law on the protection of personal data (2008) to adapt it to technological and societal developments, such as artificial intelligence, big data and the Internet of Things.
- Strengthen the coherence of the institutional framework by clarifying the roles of the various stakeholders, in particular the Personal Data Protection Commission ( CDP ).
- Adopt a guideline law on data management and protection to clearly define the concepts, including strategic or sovereignty data.
2. Strengthening human and technical capacities:
- Develop training programmes and university research to train qualified data protection experts.
- Provide the CDP with sufficient financial and technical resources to enable it to carry out its tasks effectively, particularly in terms of monitoring and raising awareness.
3. Promoting digital sovereignty:
- Develop a national strategy to ensure control of critical data, such as civil status, justice and health data.
- Encourage local hosting of sensitive data to strengthen sovereignty and reduce dependency on foreign players.
4. Raising awareness and inclusion :
- Implement campaigns to raise public awareness of their rights about their personal data protection rights.
- Promoting the inclusion of civil society players and businesses in data governance.
5. Economic development:
- Supporting start-ups and local businesses in making the most of their data, while complying with data protection regulations.
- Promote the adoption of local technological solutions for data storage and processing.
Executive summary (Article on the Malabo Convention)
Table of contents
The Malabo Convention, which will officially come into force in 2023 following its ratification by Mauritania, represents a crucial step towards the harmonisation of legal frameworks in Africa concerning cybersecurity and the protection of personal data. This legal instrument, adopted by the African Union in 2014, aims to respond to the challenges posed by the rapid evolution of information and communication technologies (ICTs) and to promote regional cooperation in these areas. Despite its significant potential to improve digital security and data governance on a continental scale, the article highlights the need for the convention to be continually updated to incorporate emerging issues such as artificial intelligence and cyberterrorism. It also calls for effective implementation and increased cooperation between African countries to ensure successful legislative harmonisation, while taking account of international standards.
Recommendations (Article on the Malabo Convention)
The following is a summary of the main recommendations arising from our study of the Malabo Convention:
1. Updating the Agreement :
- Updating the text to take account of recent technological such as artificial intelligence (AI), big data, blockchain and the Internet of Things (IoT), big data, blockchain and the Internet of Things (IoT).
- Include specific provisions on emerging issues such as cyberterrorism and critical infrastructure protection.
2. Permanent update mechanisms:
- Introduce a regular review and amendment mechanism to ensure that the the Convention remains relevant in the face of rapid technological advances.
- Entrust this task to a specialised body made up of experts in cybersecurity and digital technologies.
3. Strengthening institutionalisation :
- Create an institutional framework at continental level to ensure effective implementation, including monitoring and support for Member States in transposing the provisions into national law.
- Offer resources and technical support to overcome the capacity disparities between African countries.
4. More detailed provisions on cyber security:
- Develop specific strategies to combat cyberterrorism, including measures to protect critical infrastructure and ensure better regional and international cooperation.
- Adapting criminal laws and judicial procedures to better deal with offences related to digital technologies.
5. Reinforcing the protection of personal data:
- Introduce clear criteria to guarantee the independence of national data protection authorities.
- Simplify administrative formalities for data controllers, while strengthening a posteriori controls.
6. Framing the African digital market:
- Develop rules to ensure fair competition and limit abuses by major technology platforms.
- Provide additional protection for consumers and encourage responsible commercial practices.
7. Promoting digital inclusion :
- Ensure that emerging technologies are accessible and inclusive, particularly for marginalised groups.
- Incorporate principles of fairness and transparency into the development of AI systems and digital services.
8. Enhanced cooperation:
- Promote sub-regional, regional and international collaboration to harmonise legal frameworks and share best practice.
- Strengthening partnerships between governments, the private sector and civil society to promote trust in the digital ecosystem.
