In Africa, scant data protection leaves internet users exposed

In Kenya, which has a large and fast growing population of internet users, there are no specific laws or regulations to protect the privacy of those individuals.

Kenya is not alone in Africa, which as a region has clocked the world’s fastest growth in internet use over the past decade. Unlike in Europe and the United States, where data-privacy laws provide a level of protection to consumers, many Africans have little or no recourse if a data breach occurs because often legal and regulatory safeguards don’t exist.

Recent revelations about British analytics firm Cambridge Analytica, which Facebook says improperly accessed personal data of about 50 million of the social networks users in the 2016 U.S. presidential election, have also touched the African continent.

Cambridge Analytica or its parent company SCL Group worked on the 2013 and 2017 campaigns of Kenya’s President Uhuru Kenyatta. The company was also hired to support the failed re-election bid of then-president Goodluck Jonathan of Nigeria in 2015, according to Britain’s Guardian newspaper.

A spokesman for the Nigerian president said on Monday that the country’s government will investigate allegations of improper involvement by Cambridge Analytica in the 2007 and 2015 elections.

Kenya’s ruling Jubilee party told Reuters that it had hired SCL for “branding” in the 2017 presidential election but did not elaborate on the precise nature of the work.

Cambridge Analytica didn’t respond to a request for comment. The company has suspended its chief executive pending what it said would be a full, independent investigation.

LIMITED PROTECTION

Growth of internet use in Africa, a continent of 1 billion people, has been fueled by rapidly expanding mobile broadband networks and ever more affordable phones.

That presents a major growth opportunity for internet companies such as Facebook, which currently sees some 123 million people across sub-Saharan Africa accessing its social network platform monthly.

While some governments on the continent have responded to these rapid changes – rights campaigners welcomed a data-protection law passed by South Africa 2013 – many have not.

Privacy advocacy groups say that is leaving a lot of Africans, many of whom are accessing the internet for the first time, with little or no protection.

More than half of Africa’s 54 countries have no data protection or privacy laws, according to London-based rights group Article 19. And, of the 14 countries that do, nine have no regulators to enforce them, the group says.

In Kenya, a country of 44 million people with some 8.5 million using Facebook on a monthly basis, specialists say no specific data-protection laws exist. The government has said it is drafting a data protection bill.

But even some data-privacy bills that have been introduced in African parliaments have been held up for years.

In Nigeria, the African country with the most internet users, a data-protection bill that was introduced in 2010 is still making its way through parliament.

The proposed Nigerian legislation, which is being reviewed by the upper house of parliament, would prohibit the processing of data for purposes other than their original intended use and companies could be fined for breaches of personal information.

But digital-rights campaigners question whether law enforcement agencies and the judiciary would be equipped to enforce the Nigerian legislation if it was passed.