The data economy has mostly existed in the shadows and companies have considered data to be their property and a proprietary secret even though the data didn’t originate from them. Now, the digital economy is growing and with it, data and digital tools are taking an even larger role in all aspects of our lives. This means that more diverse actors have access to and can use our personal information, which could leave us vulnerable to phishing scams and identity theft.
Let’s take a step back and ask ourselves, in this digital era, what does data privacy mean? Data privacy focuses on your rights as an individual; your right to decide the purpose of the collection of your personal information, its processing, how it is shared, archived and when/if you want your information deleted. Data is the pulse of the digital era, making data privacy incredibly important.
In the old data economy, data could be harvested from our personal devices, along with our trail of electronic transactions and data from other sources and this caused significant consumer mistrust, competition for consumers and catalysed government action. The new rules in the data economy have now brought us to a world of data privacy and protection legislatures derived from the basic principle that personal information is an asset held by the people who generate it.
Why does data privacy and protection matter? Well designed and effectively enforced data privacy and protection laws and regulations are the foundations to building trust in digital tools and systems by formally establishing rights that protect consumers against the exploitation of their personal information and responsibilities that entail institutions to use consumer information in a fair, transparent and accountable manner. Theoretically, one can postulate that with greater trust, consumers will be more accepting of services that rely on information/data sharing and use, which is a necessary condition to fuel a country’s digital transformation.
What is the relationship between data privacy, protection and security? Data privacy has already been defined, now let’s look at the definitions of the latter; data protection is a “set of procedures aimed at safeguarding personal information/data stored within a system. Data protection addresses data management, availability, and unauthorised access prevention.” Data security refers to measures taken to protect the integrity of the personal information/data itself against any form of malware, manipulation and cyber threats. Data security provides defence from internal and external risks.
Two key specific objectives of The Digital Transformation Strategy for Africa (2020 – 2030)’s are:
- “Entry into force of the African Union convention on Cyber Security and Personal Data Protection by 2020 and for all Members States to adopt a complete set of legislation covering eTransactions, Personal Data Protection and Privacy, Cybercrime and Consumer Protection;
- Create awareness and counterbalance issues of Cyber Security and Personal Data Protection and Privacy;”
So, let’s take a look at the landscape of the data privacy and protection legislature in Africa as shown in Figure 1; 61% of African states have adopted Data Protection and Privacy legislation. However, to meet the theoretical postulation towards digital transformation as mapped out in The Digital Transformation Strategy for Africa, data protection and privacy laws need to be context specific and effectively and consistently enforced. Poorly designed or inadequately enforced data protection and privacy laws can be a barrier to economic development through the following three channels: under-regulation, over-regulation, regulating the wrong things the wrong way.
Additionally, Figure 1 illustrates that almost 75% of African states have adopted Cybercrime legislation, which is great progress considering the in The Digital Transformation Strategy for Africa. So, why am I discussing three different terms that have different purposes? Data privacy, data protection and data security legislation functioning in harmony are an ecosystem that is essential to digital transformation for economic development.
How can low-to-middle income economies develop future-proof data regulations? Some considerations for inclusive future-proof data regulations include:
- Promoting a common, transparent and flexible approach to establish trust with consumers;
- Incorporation of the 7 foundational principles of privacy by design in regulations development;
- Devote more resources to build the required skills and capacity that is significantly lacking in the field in low-to-middle income economies. Recently, the World Bank launched a Trust Fund on Cybersecurity and one of its aims is to offer comprehensive capacity development.
As we enjoy the exponential technological innovations that are moving us towards a digital world, let’s not forget that we are humans and that privacy is our right, but with transparency we can work together towards not protecting each other and not just seeing each other as information to be used as that will be our downfall.
