Strengthening Data Protection Across East Africa: A Knowledge Exchange Between Data Protection Authorities

In a world driven by data, the very foundation of East Africa's prosperity, innovation, and progress hinges on one critical pillar: data protection. By linking data protection to trade and economic development, we explore the importance of safeguarding data in propelling the region towards greater prosperity, fostering innovation, and driving progress..

In an era where data is often referred to as the new oil, safeguarding individuals’ privacy and security has become paramount. At its core, data protection revolves around ensuring the well-being of people.

As East African governments strive to balance harnessing the power of data and innovation, a significant collaborative effort is underway. Stakeholders from Kenya, Uganda, Rwanda, and Tanzania, together with regional actors and international partners, joined hands at Strathmore University to discuss and enhance data protection in the region.

A Convergence of Minds

The African Union-European Union Digital for Development Hub (AU-EU D4D Hub) project is at the forefront of this endeavor, spearheading activities to strengthen the implementation of data protection laws and frameworks across Africa. Initiatives take the form of training sessions, study visits, knowledge sharing, and comprehensive documentation. Given the dynamic nature of data protection, including issues such as cross-border data flows, regional cooperation becomes ever more pertinent. Data protection authorities in East Africa are at various stages of development and operationalization, encountering similar stages and challenges. The importance of exchanging knowledge cannot be overstated, and all participating institutions welcomed this timely initiative.

The AU-EU D4D Hub project entrusted the implementation of these regional exchanges to Strathmore University in Kenya to support the activity. Strathmore University has been at the forefront of carrying out research in the fields of technology, intellectual property rights, data protection and data governance. The University has recently been involved in the development of the strategic plan of the Office of the Data Protection Commissioner (ODPC) in Kenya, and has developed several training courses on the topics. The collaborative effort brings together stakeholders from across the region and beyond for a series of in-person meetings between September 2023 and March 2024, aptly titled the “East African Data Protection Initiative”.

Empowering Data Protection Authorities

The initiative seeks to achieve the following goals:

1. Capacity Building: Increase the capacities of data protection authorities to enhance compliance and service delivery through peer-to-peer learning and experience sharing.
2. Peer-to-Peer Connections: Foster peer-to-peer connections between staff of new data protection authorities to boost motivation, knowledge sharing, and cross-border cooperation.
3. Engaging Stakeholder Groups: Facilitate exchanges with other stakeholder groups such as civil society, academia, the private sector, and other digital economy stakeholders.
4. Sharing Resources: Encourage the sharing of existing resources, toolkits, and guidelines to avoid duplication of efforts.
5. Support Programs: Showcase support programs by development partners and improves coordination among them.
6. Leveraging Networks: Leverage the existing structures and networks in Africa to drive follow up activities.
   

A Glimpse into the Program

The program for the meetings was developed in consultation with data protection authorities and implementation experts. It kept the focus on technical topics and knowledge exchange. No specific policy recommendations were agreed upon to encourage free sharing of ideas and build trust and collaboration.

Outcomes

The true value of these meetings lies in the experiences, knowledge, lessons, and information gained by the participants. These outcomes support the process of setting up effective data protection authorities in the region, and to improve their collaboration. Some of the key outcomes include:

• DPAs could learn from other DPAs on how they handle different challenges. Issues mentioned covered topics like; human resources, recruitment, resource mobilization, how to work with the private sector, how to deal with the media, among others.
• DPAs forged connections with members of other DPAs, which was made possible through a physical meeting.
• The private sector was able to present its challenges and engage in a discussion with the DPAs in the region about cross border data flows and compliance.
• Regional actors gained insights from the DPAs, and learnt how to best support the DPAs.
• DPAs learned about different support programmes offered by donors and how to benefit from them.
• The different levels of maturity of the data protection regimes in East Africa were discussed, and how best to support the countries that do not yet have a legislation or an authority.
• Ideas on how data protection authorities can enhance collaboration and communication in the short term (like MoUs) were shared.
• Discussions centered on different approaches to facilitate cross-border data flows and at the same time ensuring a high level of protection of personal data in the long term took place. These approaches included: standard contractual clauses, adequacy decisions, a regional framework spearheaded by the EAC, harmonization of laws, and a certification framework by a third party.

Next steps

Based on the outcomes of the first physical event, the mapping of relevant resources and knowledge products will now continue. The project will follow up with participants to get their feedback and discuss key goals for the second physical meeting happening early 2024. You can follow the ongoing activities of the AU-EU D4D Hub project via the website and X (Twitter) channel!