Abidjan, the Cote d’Ivoire’s economic hub, will host the second edition of the Cyber Africa Forum on May 9 and 10, 2022, focusing on data protection, a key factor in the continental digital sovereignty.
Africa is gradually building a legal and technical arsenal of cybersecurity to ensure full control of the data produced, while avoiding any undue capture by a third party. Data protection is a key element of digital sovereignty.
Since the 2000s, the digital transformation on the continent has disrupted the daily lives of Africans. The Covid-19 pandemic will intensify this dynamic by developing telecommuting, health services or e-learning.
The more digital coverage extends on the African continent (between 30 and 40 percent in 2022), the more the surface of exposure to risks related to data security and confidentiality grows, according to official data.
Sub-Saharan Africa, for example, has an average of one new Internet user per second. Today, African Internet users generate data through financial transactions, use of social media platforms, wearable health monitors, smartphone applications and phone calls. How do we protect them?
Regulate to protect
On a continental scale, initiatives are emerging to build a secure cyber space that respects individual freedoms. For Mamadou Bamba, General Manager of Orange Cote d’Ivoire, “the good news is that Africa is not left lagging behind, governments helped by supranational organizations (AU, ECOWAS …) and national organizations participate in the creation of a regulatory and legislative framework, training of talent and building infrastructure necessary to position the continent in this technological concert.
The African Union, for example, adopted the Malabo Convention on Cybersecurity and Personal Data Protection in 2014. Only nine states have ratified this tool and it was not until 2021 that Togo followed Angola, Ghana, Guinea Conakry, Mozambique, Namibia, Rwanda, Senegal and Mauritius.
Of the 54 African countries, only 28 have a legal and regulatory framework on data protection and six are currently drafting legislation. A law on this subject was adopted in 2008 by the Moroccan Parliament.
A pioneering state, the principle of privacy protection was even added to its constitution in 2011. In West Africa, Nigeria enacted a data protection law in 2019 and created the National Information Technology Development Agency (NITDA).
However, even where such a rule of law exists, it is not always clear how to ensure its enforcement. This is the case in Kenya, which, as of 2019, does have a personal data protection law, but does not provide for an authority to enforce it.
Cooperation between actors in the cyber ecosystem, including states, public authorities, large companies and start-ups, seems essential to support legal systems.
Mamadou Bamba recalls that the State of Cote d’Ivoire has made a strong commitment with Law No. 2013-450 of June 19, 2013 on the protection of personal data and Law No. 2013-451 of June 19, 2013 on the fight against cybercrime.
In this context, Orange wants to support the Ivorian government in this dynamic by positioning itself as a trusted player that gives everyone the keys to a responsible and secure digital world.
Strategic management of infrastructures
In order to fully protect the data produced on their territories, it is essential that African countries have full governance. Today, the continent has only 1 percent of the world’s storage capacity.
What are the consequences? This inevitably leads to economic, technological and legal dependence on the states where the data is outsourced (Ireland or the Netherlands, for example).
Without sovereign data centers, Africa is faced with major risks concerning the confidentiality, integrity and availability of its data. This is why Orange Cote d’Ivoire has installed a “powerful and robust data center powered by clean energy in the Grand-Bassam free trade zone (Vitib), which offers cloud solutions that allow data to be hosted locally,” its CEO says.
Initially, the relocation of sovereign data should become a priority for countries on the continent. But this is not enough: the data and its exploitation would still be technically or even legally dependent on foreign countries.
The Cloud Act expands the geographic scope of potential U.S. government requests. It can access data stored on U.S. servers, regardless of their location, including in Africa.
The nations of the continent are gradually becoming aware of the vulnerability of their data in cyberspace. This is evidenced, for example, by the forum on digital identity and data governance that took place in early March 2022 in Dakar.
Senegal is putting in place a National Strategy for Digital Sovereignty. Efforts are being made through the acquisition of state-of-the-art infrastructure. Since February, the country has a supercomputer with a capacity of 537 teraflops, or 537,600 billion computing units per second.
In addition, pan-African initiatives are also notable. In March 2022, the 1st Lomé Cybersecurity Summit was held and the second edition of the Cyber Africa Forum will take place in Abidjan on May 9 and 10.
The digital transformation in Africa allows, among other things, to boost economic growth, industrialization and improve the lives of people. These prospects and opportunities cannot be achieved without a real consideration of digital sovereignty issues.
Governments, institutions, the private sector and citizens are all concerned by digital trust. The mobilization of society’s actors raises expectations to foster the socio-economic development of the continent.
AP/ls/te/fss/abj/APA