Ask Nigeria Header Logo

Data Privacy Policy adoption rises in Africa

Photo of author

By Abiodun Okunloye

As internet usage increases, many African nations now invest in data privacy.

Countries in Africa are realizing the need to implement data and privacy protection legislation and invest in it as a result of the continent’s massive internet user base of about 600 million people. According to estimates from the Internet Society, a non-profit advocacy organization, more than 17 African nations have implemented extensive personal data privacy legislation. Moreover, as of 2021, 33 countries had enacted legislation guaranteeing data and privacy protection, as reported by the United Nations Conference on Trade and Development.

Isa Pantami, the Minister of Communications and Digital Economy of Nigeria made his remarks during the 2023 Global Data Privacy Week in Abuja, stating that the Nigeria Data Protection Bureau (NDPB) had made significant investments in personnel in order to increase capacity. According to him, the NDPB has been responsible for the creation of a large number of jobs, the worth of which currently equals N5.5 billion ($12 million). Between 2019 and 2022, over ten African countries passed a bill reinforcing data protection and privacy protection.

Faster adoption of data protection policy as commenced.

Tanzania has become the most recent African country to approve the Personal Data Protection Legislation and form its Data Protection Commission in November 2022. Countries such as South Africa, Uganda, Kenya, Nigeria, Rwanda, Togo, Botswana, and Ghana have been at the forefront of privacy and data protection policy laws. In addition to measures taken on a national level, regional economies and blocs that have policies to protect privacy. In 2010, the Southern African Development Community (SADC) enacted the SADC Model Law on Data Protection that it had modelled.

Moreover, some regional bloc-level laws aimed at protecting data and privacy include the EAC Framework for Cyber legislation (2008) and the ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection (2010). On the other hand, Algeria Law No. 18-07, which provided the legal structure for the collection, processing, utilization, and disclosure of personal data in connection with data processing operations, was just recently enacted. In order to ensure safe online surfing, more regulations and policies are required, as some of the listed countries have relatively high vulnerability levels. To guarantee lasting security, Muller emphasizes the use of anti-malware solutions and the adoption of security procedures.

Cyberattacks surged on ICS computers globally by 40% in 2022.

Brandon Muller, a tech specialist and consultant for the African region at Kaspersky, discusses how African governments may improve, particularly in preventing industrial cybersecurity attacks, despite recent legislative changes. Kaspersky predicts that 47% of occurrences would occur in Africa, and Muller reports that in 2022, 40% of ICS computers worldwide were infected with malware. The foundation of economic growth is actualized in the use of industrial control systems for manufacturing, preparation, product handling, output, and distribution.

According to the Kaspersky report, Ethiopia (62%), Algeria (59%), and Burundi (57%) had the largest rate of cyber attacks on their industrial control systems in the past year. In addition to these, the countries of Rwanda (46%), Kenya (41%), Nigeria (40%), Zimbabwe (40%), Ghana (39%), Zambia (38%), South Africa (36%), and Uganda (36%) are also involved. However, these nations are making strides to strengthen their data protection infrastructure. Also, Ethiopia is getting closer to enacting the Data Protection Declaration, which will set up a Personal Data Protection Commission.

Human error also plays its part in infiltrating ICS systems.

Muller points out that all it required for cybercriminals to breach an isolated ICS network is a single infected USB drive or phishing email. Muller states human error still plays a major role in infiltrating ICS systems, even though some virus sources remain sophisticated, especially in advanced systems. The African Union Convention on Cyber Security and Personal Data Protection provides a general framework for this, and Africa is making efforts to stay within it. In their 2018 report titled “Personal Data Protection Guidelines for Africa,” the African Union and Internet Security advocate establishing confidence, anonymity, and appropriate use of personal data, government commitment and engagement, and multi-sectorial methods.

Related Link

NDPB: Website

The content on is given for general information only and does not constitute a professional opinion, and users should seek their own legal/professional advice. There is data available online that lists details, facts and further information not listed in this post, please complete your own investigation into these matters and reach your own conclusion. accepts no responsibility for losses from any person acting or refraining from acting as a result of content contained in this website and/or other websites which may be linked to this website.

Fact Checking Tool -