South Sudan is yet to enact the country’s national data protection law.
But according to the East African Community, among the eight EAC Partner States, only five countries, Kenya, Rwanda, Somalia, Uganda and Tanzania had established dedicated data protection authorities.
DR Congo, Somalia and South Sudan are yet to form their own similar authorities.
On the other hand the East African Community is taking a significant step towards harmonising data governance frameworks across all the community member States.
Cross-border data flow serves as a cornerstone for unlocking the vast potential of the EAC’s digital economy, driving seamless trade, and catalysing innovation across the region.
The EAC Secretariat convened a Regional Workshop for Data Experts on Cross-Border Data Flows.
This initiative forms part of the Eastern Africa Regional Digital Integration Project (EARDIP) Data Market Development and Integration objective to establish a seamless and secure environment for cross-border data flows across the region.
“This workshop reaffirms our steadfast dedication to positioning the EAC as a leader in digital transformation and regional integration,” stated EAC Deputy Secretary General in charge of Customs, Trade and Monetary Affairs, Annette Ssemuwemba.
The workshop provided a platform for regional policymakers to deliberate and reach consensus on the modalities for developing a region cross-border data exchange mechanism to establish a unified approach to data governance, enabling secure, ethical and responsible data sharing across borders.
World Bank Senior Digital Development Specialist, Cecilia Paradi-Guilford, emphasized the critical role of data sharing in fostering trust and boosting the digital economy.
“EARDIP seeks to create an integrated digital market across Eastern Africa, boosting connectivity, data flows and digital trade, this is thus a vital step in aligning Partner States around key principles and mechanisms that will guide the establishment of a regional framework for cross-border data flow,” Paradi-Guilford maintained.
The workshop deliberated on the national data protection landscape in the region, revealing significant disparities in legislation and institutional capacities among the Partner States.
These gaps further underscored the urgency for a harmonised legal framework to address the inconsistencies and bolster regional data governance.
The regional experts called for harmonisation of the legal framework, noting it a critical enabler for fostering trust, personal data protection, and unlocking economic opportunities across the region.
In aligning with international best practices such as the European Union General Data Protection Regulation (GDPR) and the Asia-Pacific Economic Cooperation (APEC) mechanisms, the workshop noted the importance of aligning Partner States’ diverse data protection regimes with global standards while tailoring solutions to the region’s unique context.
As critical stakeholders in the development of a digital economy, private sector representatives highlighted the adverse effects of fragmented legal frameworks and data localisation requirements, which hinder investment and innovation.
However, the private sector also recognised the transformative potential of harmonised regulations, which would facilitate seamless cross-border operations, enhance data security, and attract greater investment in the region’s digital economy.
The workshop resolved to prioritise the establishment of a Technical Working Group (TWG) that will comprise representatives from Data Protection Authorities, Attorney Generals’ Chambers, Ministries responsible for ICT, ICT Authorities from each Partner State and the EAC Secretariat.
This multidisciplinary team will be tasked with drafting the principles for the cross-border data flow framework, guiding the development of a piloting program, and shaping the eventual EAC Data Protection and Privacy Act.
The TWG’s responsibilities are both comprehensive and strategic. They include creating a roadmap for the implementation of the cross-border data flow framework, which will incorporate key principles and lessons from a pilot program designed to inform the legislative process.
The group will also oversee the technological aspects necessary for the framework’s success, such as mechanisms for consent management.
With a mandate to conduct consultations, validations, and capacity-building sessions, the TWG will ensure that the framework is robust, adaptable, and reflective of the region’s needs and aspirations. This collaborative and consultative approach underscores the EAC’s commitment to inclusivity and technical excellence.
By aligning Partner States’ laws with global best practices while addressing local contexts, the TWG will help create a legal environment conducive to innovation, investment, and trust in digital markets.
The outcomes of the TWG’s work are expected to not only streamline data governance within the EAC but also set a precedent for other regional economic communities, while making the EAC a model for regional data governance on the continent.
Establishing harmonised data protection laws will not only foster trust among stakeholders but also attract significant investments by creating a secure and predictable regulatory environment.
The Eastern Africa Regional Digital Integration Project (EARDIP) is a flagship initiative supported by the World Bank aimed at fostering a robust and interconnected digital economy across the region.