Strengthening Personal Data Protection
in Africa: Toward a Harmonized and Efficient System

Facebook Linkedin Youtube
ProDP-africa
Online courses
Research Reports

Reports produced as part of the ProDP-Africa Research Program

This section contains all the reports produced as part of the ProDP-Africa program. These documents come from in-depth research and provide a detailed analysis of personal data protection issues in Africa. They are meant to serve as a basis for decision-makers, institutions, and researchers seeking to better understand the legal, social, and technology dynamics in this field. The reports cover a range of topics, such as data regulation, harmonization of legal frameworks, and the impact of emerging technologies on privacy.
Senegal Report – Status of Personal Data Protection - Produced by LASPAD, ProDP-Africa
Study on the African Union Convention on Cybersecurity and Personal Data Protection

Table of contents

Senegal began legislating on personal data protection in 2008, primarily through Law No. 2008-12 of January 25, 2008, on personal data protection, and its implementing decree No. 2008-721 of June 30, 2008. The 2008 legislation addressed the challenges of its time, related to the emergence and development of the information society in Senegal. It considered issues within the Senegalese, African, and international contexts of personal data protection.

Fifteen years later, the context, challenges, and issues related to the digital society in general—and to data in particular—have evolved significantly. This evolution is due to the development, diversification, and widespread adoption of digital technologies and their applications. Personal data, in particular, has come under increasing focus as both a resource and an integral part of the broader concept of data as a whole.

The perception of data as a resource has given rise to nearly limitless technological applications and uses. This is the era of artificial intelligence, smart and connected devices, big data, social networks, augmented reality, enhanced individuals, and more. These digital civilizations and uses, almost entirely based on data, bring new and more complex dimensions to the question of personal data protection and privacy.

How can we protect personal data today in a context and society where data is perceived as a legal object, an economic resource, a political and strategic issue, and a lever for social and cultural development?

This study, focused on Senegal, begins with the current state of affairs. It explores the opportunities associated with personal data at the political, social, cultural, and legal levels while also identifying the risks tied to these uses. The study then analyzes the content of the legal and institutional framework currently in place for personal data protection, aiming to uncover both identified and unidentified risks that remain unaddressed.

To provide a better basis for the diagnosis, the project team called on civil society organizations to provide their opinions and contributions.

The shortcomings identified are linked to the lack of control over the use of personal data, the quality of the standards and the performance of the institutions responsible for implementing the legal framework. Finally, the study concludes with recommendations likely to help master the issues, improve the legal framework and anticipate imminent challenges.

Below is a summary of the main recommendations from our 2022 Senegal Report on personal data protection:

1. Critical analysis of the current legal framework:

  • Study the effectiveness of the 2008 law on personal data protection and its limits in the face of technological developments (big data, artificial intelligence, etc.).
  • Explore the impact of the absence of a specific data management law, particularly concerning strategic or sensitive data.
  • Evaluate the coherence and articulation between different sectoral regulations, such as those for health data, education or finance.

2. Political and strategic dimensions of personal data:

  • Examine how personal data influences digital sovereignty and public policy.
  • Study the role of data in electoral processes, including the risks of using data for political sponsorship or marketing.
  • Analyze protection strategies against mass surveillance and privacy breaches.

3. Economics and monetization of data:

  • Investigate the role of personal data in economic development, particularly in the business models of startups and large local companies.
  • Study the role of data in the African Continental Free Trade Area (AfCFTA) and its potential in the African digital economy.
  • Assess data monetization practices, including associated cybercrime risks.

4. Human and institutional capacity building:

  • Identify gaps in training and research in the field of personal data in Senegal.
  • Propose strategies to fill these gaps, such as the creation of specialized curricula and the strengthening of CDP capacities.
  • Study the implications of low local scientific output on dependence on international frameworks.

5. Social inclusion and protection of rights:

  • Explore the perceptions and uses of personal data in local communities, particularly in rural areas.
  • Study the social impacts of data, including its role in cultural transformations and the reduction of digital inequalities.
  • Evaluate initiatives aimed at raising public awareness of their data protection rights.

6. Emerging technologies and digital sovereignty:

  • Study the implications of new technologies (drones, surveillance cameras, connected objects) on privacy and data security.
  • Analyze the challenges of hosting data on foreign servers and propose solutions to encourage local storage.
  • Explore opportunities for leveraging data through technological innovation, while respecting ethical principles.
Download report

Table of contents

The Malabo Convention, which will officially come into force in 2023 following its ratification by Mauritania, represents a crucial step towards the harmonisation of legal frameworks in Africa concerning cybersecurity and the protection of personal data. This legal instrument, adopted by the African Union in 2014, aims to respond to the challenges posed by the rapid evolution of information and communication technologies (ICTs) and to promote regional cooperation in these areas. Despite its significant potential to improve digital security and data governance on a continental scale, the article highlights the need for the convention to be continually updated to incorporate emerging issues such as artificial intelligence and cyberterrorism. It also calls for effective implementation and increased cooperation between African countries to ensure successful legislative harmonisation, while taking account of international standards.

Some ideas identified in the study on the Malabo convention for researchers :

1. Analysis of the Convention's effectiveness

  • Examine the extent to which the Malabo Convention enables real harmonization of national legislation in Africa.
  • Assess the impact of the lack of binding mechanisms and a dedicated institutional framework for implementing the Convention.

2. Cybersecurity and digital sovereignty

  • Examine the implications of the Convention for the digital sovereignty of African states in the face of global digital players.
  • Study the strategic and political issues related to cybersecurity in national and regional contexts.

3. Personal data protection: law and practice

  • Analyze the disparities between African states regarding the transposition of personal data protection standards.
  • Explore the practical and ethical challenges of applying the provisions relating to sensitive data and file interconnections.

4. Digital transformation and social inclusion

  • Study the potential impact of the Convention on reducing digital divides between countries and within marginalized populations (young people, women, rural areas).
  • Analyze structural obstacles (lack of infrastructure, training disparities) to the implementation of legal frameworks and their influence on digital inclusion.

5. Cybercrime and criminal justice

  • Explore the adequacy of the incriminations and sanctions provided for in the Convention to the realities of cybercrime in Africa.
  • Study mechanisms for transnational judicial and police cooperation in the fight against cybercrime.

6. Regulation of emerging technologies

  • Propose frameworks for integrating regulations on artificial intelligence, blockchain or other emerging technologies into the Convention’s updating mechanisms.
  • Analyze the ethical and social challenges posed by these technologies in an African context (algorithmic bias, automation, etc.).

7. African digital market

  • Study the interactions between the Malabo Convention and initiatives such as the African Continental Free Trade Area (AfCFTA) to develop an integrated digital market.
  • Analyze tax, competition and consumer protection obstacles in African e-commerce.

8. Regional/international partnerships and cooperation

  • Examine the effectiveness of planned cooperation between member states and international partners to strengthen cybersecurity capabilities.
  • Analyze opportunities for cross-border collaboration to harmonize legal frameworks in line with international standards.

9. Critical perspectives on the Convention

  • Criticize the Convention’s drafting process, particularly in terms of the inclusion of local stakeholders (civil society, economic players).
  • Study the role of international organizations in the design and adoption of the Convention, and their influence on local priorities.
Download report
Newsletter
Subscribe to our newsletter to keep up to date with the latest news and resources on data protection.
See also
Explore

Strengthening Personal Data
Protection in Africa: Toward a
Harmonized and Efficient System

Facebook Linkedin Youtube

Quick Links

Useful links

Contact

A LASPAD program

© 2025 UGB LASPAD

Receive the latest news

Subscribe to our newsletter

Be informed of new articles