EU and EAC build bridges for data protection in East Africa: second knowledge exchange on data protection


Region or country
Project or initiative
AU-EU D4D Hub project

Data protection is increasingly important, especially to ensure privacy and protect sensitive data, as well as consumer and human rights. In addition, sound data protection frameworks encourage trade, investment and ease regional integration. For these reasons, countries in the East African Community are increasingly setting up data protection frameworks and data protection authorities to enforce these frameworks.

However, the countries are at very different stages in the development and operationalization of these frameworks. While some countries have active data protection authorities, other countries have no legal framework. Several countries are in the very initial stages of setting up their data protection authority. There is, therefore, a great potential for the new authorities and countries with no legislation to learn from other countries with more experience.

It is against this background that the European Commission, through two initiatives (the Data Governance in Africa Initiative and the African Union European Union (AU-EU) Digital for Development (D4D) Hub Project), and in collaboration with the East African Community (EAC), is supporting the implementation of data protection frameworks in East Africa. Through a series of workshops, research initiatives, and study visits, the project is paving the way for knowledge exchange and peer-to-peer learning among countries at varying stages of data protection law development. The first knowledge exchange took place on September 13th -14th 2023, as stakeholders convened in Nairobi, Kenya with the participation of key regional stakeholders, including representatives from the data protection sector, local private enterprises, and civil society organizations. The exchange emphasized the importance of regional cooperation in establishing common data protection standards under the leadership of the EAC. Consequently, this sequel event that will be held in Kampala, Uganda from 6th and 7th March, 2024 will focus on advancing discussions towards this shared objective. The event will be hosted by Uganda’s Data Protection Authority, the Personal Data Protection Office (PDPO).

Objectives of the exchange

To enhance knowledge and experience sharing in data protection law enforcement at the East African regional level, fostering peer-to-peer connections and learning opportunities is essential. This will facilitate the exchange of best practices and insights among member states, strengthening enforcement capabilities and promoting consistency in data protection efforts. Additionally, the participants will discuss how best support could be provided to countries lacking adequate laws or authorities in this domain, ensuring they are brought up to par with established standards.

The event also aims to improve coordination and flow of information between national and regional level, between development partners and other interested stakeholders, as well as within the national ecosystem in Uganda. This helps avoid duplication of efforts in sharing of knowledge and experiences.

Two research projects will be presented at the event prepared by Strathmore University (Kenya), a legal gap analysis covering the existing data protection frameworks in the EAC highlighting their similarities and differences, as well as a collection of relevant resources for the data protection authorities.

Finally, participants will work together to agree on a shared vision for the East African Community, as well as immediate steps that can be taken to ease cross-border data flows, trade and regional integration.


The event will include participants from the EAC region and beyond. All the data protection authorities in the EAC (Kenya, Uganda, Rwanda, Tanzania and Somalia) will be present. Representatives from the Ministries of ICT and agencies responsible for the development of data protection laws from all EAC countries will also attend, especially for those that do not have an authority in place (Burundi, South Sudan and DRC). Other participants include Representatives from the Ministries for East African Community Affairs, regional actors including EAC Secretariat, East Africa Business Council (EABC), Africa Union Commission (AUC), Network of African Data Protection Authorities (NADPA), Smart Africa Secretariat, the Nigeria Data Protection (NDPC), the Africa Continental Free Trade Area (AfCFTA) Secretariat, AUDA-NEPAD, private sector, civil society, development partners and more.

Stakeholder Remarks

For the East African Community (EAC) - Annette Ssemuwemba EAC Deputy Secretary General in charge of Customs, Trade and Monetary Affairs

“In East Africa, safeguarding data is not just a necessity but a cornerstone for progress. Establishing robust data protection agencies and harmonizing regulations is imperative for fostering trust, enabling seamless collaboration, and driving regional integration. As we unite our efforts to protect data, we forge a path towards a digitally secure and interconnected East Africa," Ms. Annette Ssemuwemba, EAC Deputy Secretary General in charge of Customs, Trade and Monetary Affairs.

"Data protection in East Africa is not just about safeguarding information; it's the cornerstone of regional integration, fostering trust among nations and empowering individuals to participate confidently in a united digital economy," Ms. Annette Ssemuwemba, EAC Deputy Secretary General in charge of Customs, Trade and Monetary Affairs

The Deputy Ambassador of the EU Delegation to Uganda, Mr Guillaume Chartrain said:

“Data protection is not merely a technical or legal issue but a fundamental prerequisite for upholding democracy, fostering economic growth, and safeguarding individual rights. This is a lesson we have learnt in Europe and we stand ready to support the East African region, and the African continent as a whole, on its journey towards a responsible and citizen-centred approach to personal data protection."

For the Personal Data Protection Office (PDPO) – Ms Director Stella Alibateese, National Personal Data Protection Director said

“We must recognize the diverse stages of development and implementation of data protection and privacy laws across the East African Community partner states. Within this diversity lies our strength—the unparalleled opportunity for knowledge exchange, peer learning, and collective growth. Our resolve to address cross-border challenges and embrace a future of shared regulation has neverbeen stronger.”

For the Data Governance for Africa Initiative – Head of Programme, Franz von Weizsäecker said

“We are happy to support the African Union, its Regional Economic Communities such as EAC, and its member states in their efforts to develop and implement state of the art data policies. I am looking forward to understanding the priorities of Eastern African data protection authorities, so that we can design suitable support mechanisms for regional initiatives."

For the AU-EU D4D hub - Project Coordinator - Cristina de Lorenzo said

“For the AU-EU D4D Hub Project, fostering collaboration and knowledge exchange in data protection across East Africa is a vital step towards building a resilient digital future for Africa. Through our initiatives, we support African institutions to create an enabling environment for an inclusive and sustainable digital transformation. This event in Kampala marks another significant milestone in our shared journey towards harmonizing standards and facilitating cross-border cooperation."

About PDPO

The Personal Data Protection Office is Uganda’s independent data protection authority with the mandate of overseeing the implementation of and enforcement of the Data Protection and Privacy Act No. 9 of 2019. Established in 2021, PDPO’s mission is to uphold privacy rights and safeguard personal data in Uganda, by all through effective regulation and monitoring of those responsible for data management.

About EAC

The East African Community (EAC) is a regional intergovernmental organization of eight (8) Partner States, comprising Burundi, Democratic Republic of Congo, Kenya, Rwanda, South Sudan, Tanzania, Somalia and Uganda, with its headquarters in Arusha, Tanzania. The mission of the Community is to widen and deepen economic, political, social and cultural integration in order to improve the quality of life of the people of East Africa through increased competitiveness, value added production, trade and investments.

About Data Governance for Africa Initiative

The Data Governance in Africa Initiative supports African Union (AU) and its member states to form development-oriented and human-centric data regulation, data use and data infrastructure at continental, regional and member states levels. The Initiative provides concrete support for a single digital market in Africa by harmonising regulations on data, creating cross-border data flow and promoting investments in secure and sustainable data infrastructure facilities. Funded by the European Union and its five Members States (Belgium, Estonia, Finland, France and Germany), under the Global Gateway strategy, the project is implemented from 1st January 2023 to 31st July 2026. This activity is implemented by GIZ, one of the six European implementing agencies.

About the AU-EU D4D Hub Project

The AU-EU D4D Hub is a Team Europe project, co-funded by the European Union and jointly implemented by Enabel, GIZ, Estonia Development Cooperation, AFD, Expertise France and LuxDev. It is part of the D4D Hub, an EU-led platform that creates and leverages partnerships to shape a sustainable digital future worldwide. This activity is implemented by GIZ. The project supports African institutions to create an enabling environment for an inclusive and sustainable digital transformation. It provides demand-driven technical assistance, promotes knowledge sharing, and facilitates multi-stakeholder dialogues.

For more information on the data protection exchange, kindly send an email to and