African Union Reaffirms Commitment to Data Protection
The African Union (AU) established the “Convention on Cyber Security and Personal Data Protection,” conventionally known as the Malabo Convention, in 2014. The Malabo Convention was created to “provide fundamental principles and guidelines to ensure an effective protection of personal data and create a safe digital environment for citizens, security, and privacy of individuals’ data online.” Unfortunately, since 2014, only 14 of the 55 member states of the AU have signed the agreement. With a widespread failure to adopt these standards, the AU was determined to create a distinguished group of experts to promote the principles of digital security and privacy throughout the continent.
The first meeting of the African Union Cybersecurity Expert Group (AUCSEG) opened in December with a specific task: to “facilitate the ratification and domestication of the Malabo Convention into national laws.” The AUCSEG is comprised of up to 15 members from the five regions of Africa. Members must possess at least seven years of relevant experience and serve a maximum of four years in the group to allow for diversity of experience within the body. The formation of the AUCSEG generates a significant signal from the AU Commission to its member states that it remains committed the Malabo Convention and its principles.
The AUCSEG will serve as the outreach arm of the Information Society Division to promote the following rights:
Six principles Governing the Processing of Personal Data
1. Principle of consent and legitimacy of personal data processing
Processors of data must first receive consent
2. Principle of lawfulness and fairness of personal data processing
Processors of data must be in compliance with the law
3. Principle of purpose, relevance, and storage of processed personal data
Processors of data must specify the purpose of data collected, why it is relevant, and how long it will be stored
4. Principle of accuracy of personal data
Processors of data will ensure data stored is accurate and up to date
5. Principle of transparency of personal data processing
Processors of data must disclose what specific data is being collected
6. Principle of confidentiality and security of personal data processing
Processors of data must keep the data they collect confidential, including during transmission through a network
Data Subject’s Rights
1. Right of Information
To know what information is being stored
2. Right of Access
To have access to the information being stored
3. Right to Object
To reject to personal data being processed or stored
4. Right to Rectification or Erasure
To have inaccurate data corrected/ deleted
With the inaugural meeting of the AUCSEG complete — comprising an initial 10 members from across the continent — it is important to applaud the AU’s efforts to reaffirm its’ commitment to data privacy and protection. Eyes will now turn to the remaining 41 unsigned member states to see if the expert group can renew engagement in the Malabo Convention and the principles it represents.
About the author: Dathan Duplichen is a master’s student with FSI’s Ford Dorsey Master’s in International Policy program concentrating on Cyber Policy and Security. He is a career technology specialist for the United States Department of Defense focusing on international cooperation in cyberspace.
