Authors: Isaiah Bozimo SAN, Dr. Nancy Adossi, Gnagna Kone, Soro Kolotioloma & Rachel Magege
Data Privacy Day
International Day of Data Privacy is a global campaign aimed at raising awareness and promoting best practices for protecting personal information. In 2025, individuals and organizations alike should expect a renewed focus on the evolving landscape of data privacy, particularly in the face of technological advancements and emerging technologies, such as Artificial Intelligence (AI), automation, biotechnology etc. This understanding will encourage critical examination of how AI technologies collect, use, and share personal data, and ensure all sectors implement responsible innovation and safeguard privacy rights.
Pollicy and Niyel co-organized and co-hosted a multi-stakeholder discussion under the theme Safeguarding Data in the Digital Age: Addressing Compliance and Ethical Challenges in Commemoration of the International Data Privacy Day, as the 2025 kick-off of a series of webinars of the Data Governance Dialogues. The objective of this inaugural webinar was to emphasize the importance of safeguarding principles in data governance and privacy, while examining emerging challenges and risks related to data protection in dispute resolution, community engagement, migration schemes, and national regulators, with a particular focus on West Africa.
The Basics of Digital Rights and Data Protection
The digital revolution has reshaped how we connect, work, and live, but with these advancements come challenges that demand attention. As explained by data analyst Soro Kolotioloma, in a world where cyber threats and data breaches are increasingly common, safeguarding digital rights has become a cornerstone of online autonomy and trust. Issues such as unauthorized surveillance, exploitation of personal data, and unclear ownership policies underscore the urgent need for robust measures to protect users in a connected world.
Data privacy is not just a technical issue, it is a fundamental right and by prioritizing user protection, we can ensure security, dignity, and freedom in the digital sphere. Governments and corporations must take proactive steps by implementing clear and transparent data policies, minimizing data collection to only what is necessary, and investing in secure systems to protect user information. On an individual level, staying informed, adopting secure practices, and advocating for stronger digital rights policies empower everyone to navigate the online world safely.
A. Data Governance in Dispute Resolution Mechanisms: Case of Arbitration
In his contribution to the discourse, Isaiah Bozimo, Senior Advocate of Nigeria (SAN) explained how arbitration clauses can greatly affect an individual’s ability to assert their privacy rights in the event of a data breach or privacy violation.
While arbitration is often seen as a cost-effective and efficient dispute resolution method, it also has its drawbacks. For instance, arbitration’s limited discovery rights can make it harder to gather evidence, and many clauses waive the right to class actions, forcing individuals to pursue claims individually. This can be particularly challenging in privacy disputes where collective action might be more effective.
On the flip side, arbitration offers advantages, especially in multi-jurisdictional disputes. It provides a single forum that is enforceable across borders under the New York Convention and allows parties to choose arbitrators with specialised expertise, which can lead to fairer, more informed outcomes. Ultimately, the impact of arbitration clauses on privacy rights depends on factors like bargaining power, the specific contract terms, and the applicable laws. It is crucial for individuals and businesses to understand these dynamics to protect their rights effectively.
B. Data Governance in Community Engagement
Sociocultural understanding and interpretations must be considered when it comes to local communities appropriating and exerting their privacy rights in the digital era, emphasized internet governance specialist, Gnagna Kone. The legal and regulatory frameworks in data governance, including regulatory bodies, civil society entities, different by-laws and bills are the pathways in ensuring privacy rights are upheld. However, users i.e. communities feed the locomotives that are built and provided by the (tech) companies.
Africa needs to take into account the language and literacy gaps in the digital divide and foster more inclusive techniques; this can be done by strengthening corporate responsibility regarding users’ rights as a constituent compliance element for businesses. An intentional and consumed rights-based perspective of digital rights literacy for communities, with clear and actionable multi-stakeholder roadmaps and tangible expected outcomes, is as instrumental as the efforts made to strengthen and update laws, codes and regulations. Currently, the laws focus more on content moderation and censorship than actually ensuring the terms of use remain readable and understandable to members of society on a continent that still grapples with double digit illiteracy rates.
C. Data Governance in Migration Systems
In migration, data governance cannot be avoided because it plays a key role in protecting the identities of migrants and also used as a tool to protect the sovereignty of a nation. With legal frameworks such as the African Union (AU) Malabo Convention of 2014 and regional frameworks such as the Economic Community of West African States (ECOWAS) Data Protection Act of 2010, Africa stands to gain from a web of guidelines to ensure the protection of data collected from migrants within the continent.
In her presentation, Dr. Nancy Adossi, a migration expert stated that the collection of data from migrants, itself, should be governed by ethical considerations for the protection of said migrants. This requires ensuring that this collection and the methods used are meant to protect the migrant from giving more information than is needed and adhering to the principle of data minimization. This principle is axed on four main tenets: collection, storage, sharing, and knowledge discovery. Moreover, in order to ensure this principle and to ensure that member states are further equipped with the right ecosystem for its enforcement, Africa, as a continent, still stands to gain from enhancing privacy-enhancing technologies, digitizing much of its migration systems, and moreover, ensuring that it is continuously building the capacities of its national immigration officers on these tools, frameworks, and principles.
D. Data Governance Regulators and Stakeholders
Lastly, there are several approaches and understandings of data protection, varying from country to country and influenced by culture, political will and unique national interests. In all of these aspects, data protection is regulated by data protection authorities, usually established under data protection legislation. These authorities operate to investigate data breaches and enforce compliance across individuals, businesses and countries that collect and process data.
In addition to data protection authorities, several key stakeholders play a crucial role in data governance at both the national and sub-regional levels. At the national level, these stakeholders include Information and Communication Technology (ICT) ministers, private sector actors, telecom companies, startups, and civil society organizations. Regionally, ECOWAS stands out as a vital economic zone influencing data protection in West Africa. Professor Mamadou Niane of the University of Gaston Berger shared recent case studies from Benin and Senegal, highlighting advancements in data handling and innovation. In Benin, the government is building a free data circulation network within the ECOWAS countries, facilitating international mobile network roaming across the region. Meanwhile, Senegal, which introduced one of Africa’s earliest data protection laws (Law №2008–12), is now developing new legislation to regulate AI.
At the continental level, key stakeholders include the Network of African Data Protection Authorities (NADPA), which unites data protection authorities across the region to harmonize data protection frameworks and implementation strategies. The AU is currently working on a memorandum of understanding (MOU) with NADPA to streamline data protection efforts throughout the region. It is also important to note that the AU, the African Continental Free Trade Area Agreement (AfCFTA), and legal instruments such as the Malabo Convention, the AU Data Policy Framework, and the AfCFTA Digital Trade Protocol, directly govern data protection initiatives. A significant milestone occurred during the 81st Ordinary Session in November 2024, when the African Union Commission on Human and Peoples’ Rights (AUCHPR) passed a resolution committing to promote and harness data access as a tool for harnessing human rights and sustainable development in the digital age.
In conclusion, Data Privacy Day serves as a reminder of the ongoing need for robust data protection practices in the African context. African nations are steadily moving towards stronger data protection regimes and as digital transformation accelerates, ensuring data privacy and governance will be key in fostering trust, protecting citizens and enabling suitable economic growth.
