African approaches to Cross-border Data Flows (GIZ)

5 Dec 2023 10:00h - 11:30h UTC

official event page

Table of contents

Disclaimer: This is not an official record of the UNCTAD eWeek session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the UNCTAD website.

Full session report

Kholofelo Kugler

Africa’s digital economy is projected to be worth $300 billion by 2025, highlighting its immense potential. To fully harness this transformation, data flows are essential, especially for micro, small, and medium enterprises. Companies that connect online have a higher likelihood of exporting, and access to e-payments and credit insurance services through the internet can assist businesses that struggle to obtain these services. However, the current data governance in Africa is inadequate, with only 61 percent of African countries having data protection laws. Existing regulations like the GDPR may not be suitable for Africa’s unique circumstances, emphasizing the need for a tailored data governance framework. The management of data in Africa is complex, requiring the merging of different legislation and models. Furthermore, privacy and consent models need to consider the variations in African contexts, including different levels of education across the continent. Data stewardship and a multi-stakeholder approach to data governance are potential solutions to address these challenges. Other obstacles to Africa’s digital landscape include the preference of African startups to set up in other locations due to better treatment and the lack of compliance and inter-regional cooperation. Additionally, data centers in Africa are owned by foreign companies, highlighting the importance of African countries having their own data privacy legislation. In conclusion, Africa’s digital economy has immense growth potential, but addressing the gaps in data governance is crucial. A tailored data governance framework, collaboration between stakeholders, and control over data centers will ensure economic development while respecting local contexts and protecting citizen’s privacy and rights.

Linda Bonyo

The discussions on cross-border data flows within the African context have been emphasised as important, as African perspectives on data flows are often overlooked in global discussions. The relevance and application of the Malabo Convention, a policy reform around data protection in Africa, are being questioned. Different countries in Africa have varied approaches to data transfers, which creates challenges for businesses, particularly in e-commerce. For example, Kenya, Nigeria, and South Africa have a conditional transfer approach, while Rwanda has taken a limited transfer approach. The lack of harmonisation in regulations on data transfers within the African continent creates further challenges for businesses, making trading within the African continent difficult due to divergent regulations in different countries. In contrast, the European Union (EU) has harmonised legislation that aids easy compliance for businesses within its 27 member countries.

Concerns have been raised about borrowed data being processed outside of the local ecosystem. Data collected in Kenya, for instance, is processed in Silicon Valley, creating a disconnect with local ecosystem insights. This has led to calls for better understanding, transparency, and accountability in cross-border data flows. Advocates argue that it is important to acknowledge who is using the data and for what benefits. Furthermore, they emphasise the need to know how indebted persons are and how to model financial mechanisms.

The difference in perspectives of data privacy between Africa and the West has been highlighted. In Africa, the idea of privacy is influenced by cultural differences, such as communal living, which makes adopting the General Data Protection Regulation (GDPR) perspectives in Africa challenging. Additionally, the current implementation of data privacy in Africa is seen as impractical due to limitations faced by the data commissioner, such as budget and political influences. The current formula of GDPR may not work effectively in Africa.

Various challenges are faced by different African countries in implementing digital technologies and regulations. Some African countries, such as Somalia, are facing challenges in implementing digital ID systems due to the need to establish foundational documents before implementation. Additionally, Africa is not a homogeneous continent, with different countries at different stages of privacy and data protection conversations.

The Africa Free Trade market presents an opportunity to harmonise regulations and benefit Africa. Harmonising regulations could facilitate business expansion and allow African countries to not only copy the GDPR but also create their own regulations. However, the visa regime within Africa continues to hinder the free movement of people and business opportunities. The requirement for visas to travel within African countries is a barrier that prevents Africans from taking advantage of opportunities in different countries. This has led to a call for fixing the visa regime.

Advocates argue that data governance needs to be addressed in development cooperation agreements. The ecosystem approach is considered the best way to solve problems, emphasising the importance of collaboration and considering different perspectives. Furthermore, the issues of infrastructure in Africa have been highlighted, hindering street localisation and compliance. Limited resources, such as electricity or expensive generators, make it challenging to meet compliance standards.

The use of data for societal improvement, such as cancer research, is advocated for. Data can be utilised for purposes other than politics, and there is a preference for using data to cure cancer rather than for political gain. However, the unfavourable local business environment in Africa has led to African businesses setting up outside of Africa. Harsh business environments force companies to set up outside, and they only use African markets for trading purposes. This calls for treating African companies better and creating a more conducive business environment.

In conclusion, discussions on cross-border data flows within the African context are of utmost importance, as African perspectives are often overlooked in global discussions. The challenges and variations in data transfers and regulations within Africa create obstacles for businesses, particularly in e-commerce. Concerns about borrowed data being processed outside of the local ecosystem, as well as the impracticality of current data privacy implementations in Africa, indicate the need for better understanding, transparency, and accountability in cross-border data flows. The visa regime, infrastructure issues, and unfavourable local business environment are additional barriers that need to be addressed to foster economic growth and development within Africa. Harmonising regulations and utilising data for societal improvement are potential solutions to promote a thriving business environment and economic opportunities in Africa.

Auidence

The discussions during the event focused on various key topics related to data infrastructure, ownership, regulation, and privacy in Africa. One major point of discussion was the role and potential challenges posed by big tech players in Africa. The audience expressed skepticism about the ownership of data infrastructure by these players, raising concerns about data control and regulation in the region.

Another area of concern was the impact of the e-commerce joint statement initiative on Africa’s data privacy efforts and cross-border regional data flows. It was highlighted that the latest draft of the initiative could potentially ban any restrictions on data flows, potentially hindering Africa’s efforts to protect data privacy. Furthermore, the draft had conditions regarding privacy exceptions that might negatively impact Africa’s data privacy initiatives. It was also mentioned that the United States was reconsidering its position on data flows, further adding to the complexity of the situation.

The discussions also emphasized the importance of data compliance literacy and the prevention of mobile money fraud in Ghana. A speaker from a tech startup in Ghana shared their experiences of facing challenges with fraud in mobile money transactions. They highlighted how scammers access people’s phone numbers from physical transaction records and use the information to commit fraud. This undermines trust in digital payment systems and hampers the company’s efforts to digitize their business.

Regarding data governance, the need for creating data agreements in Africa was discussed. The speaker was curious about the potential complexities and challenges that might arise from establishing similar data agreements within Africa. Notably, the discussions also raised questions about the potential political policies or processes that could accompany data agreements in Africa.

The need for developing interoperable data flow mechanisms and advocating for equal opportunities in the digital economy and data governance in Africa was highlighted. The Digital Cooperation Organization, which conducted a study on cross-border data flows, was mentioned as a platform to explore mechanisms for member states or African countries to effectively communicate with each other. The organization currently has 15 member states, half of which are from Africa.

Additionally, concerns were raised regarding the disparity in control over the digital economy and data governance in Africa. It was noted that ten countries control 94% of all online businesses in Africa, and five countries hold almost 78% of e-commerce. This concentration of control raises questions about equal opportunities and reducing inequalities in the region.

Furthermore, regulatory agencies, such as the Nigeria Customs Service, highlighted the need for data sharing across borders for clearance of e-commerce goods and agency operations. They emphasized the importance of sharing data for regulatory practices and acknowledged the potential benefits of boosting intra-Africa trade in aiding regulatory and security purposes.

Overall, the discussions shed light on the various challenges and opportunities regarding data infrastructure, ownership, regulation, and privacy in Africa. The participants raised thought-provoking arguments and provided evidence to support their claims. The need for collaboration, data compliance literacy, and equal opportunities emerged as key themes throughout the discussions. The varying perspectives presented during the event showcased both the concerns and potential solutions for addressing these complex issues in Africa’s evolving digital landscape.

Bitange Ndemo

The analysis covers a range of topics related to data and economic development in Africa, highlighting the positive impact that data can have in sectors such as healthcare, e-commerce, finance, and agriculture. It notes that data analysis can enhance agricultural productivity and that e-commerce solutions are beneficial to small enterprises. Additionally, inclusive financial solutions can be built using data.

However, the analysis also underlines the need for mechanisms to ensure that everyone benefits from the data revolution. It points out that citizens may not be aware or benefit from the use of their data. It mentions that Europe is using data for various advancements and expresses a positive sentiment towards this issue.

The importance of understanding cross-border data flow for the growth of micro and small enterprises in East Africa is emphasised. The analysis highlights that data transfer across borders facilitates cross-border trade and that data analysis can help the growth of these enterprises. The sentiment regarding this topic is positive.

On the other hand, the analysis recognises the risks associated with data usage and benefit distribution. It states that although telcos are selling solutions for financial inclusion, citizens may not derive benefits from them. Additionally, the cost of borrowing remains high despite data usage. The sentiment towards this issue is negative.

The analysis suggests the need to determine who uses data and for what benefits. It notes that data is often in the possession of different people who may not address how the providers of data would benefit. The sentiment towards this issue is neutral.

Furthermore, the analysis emphasises the importance of Africa unifying and viewing itself as a single digital market. It underscores the need to consolidate capacity for security measures and improve intra-African trade. The sentiment towards this topic is positive.

The analysis mentions that the EU is making investments in Africa, which is seen as beneficial. It suggests that a healthy relationship between Africa and the EU is important. The sentiment towards this issue is positive.

Regarding legislation and innovation, the analysis mentions that the General Data Protection Regulation (GDPR) implemented by the EU may stifle innovation. It advises Africa to take cues from the EU and India regarding legislation but not blindly adopt their rules. The sentiment towards this topic is neutral.

In terms of research and innovation, the analysis highlights the importance of collaboration between African and European universities. It suggests that this collaboration is crucial for furthering research and innovation. The sentiment towards this issue is positive.

The analysis acknowledges the need for Africa to build its own capacity, particularly in cybersecurity. It notes that the EU has institutions that Africa can work with to develop this capacity. The sentiment towards this topic is positive.

The analysis suggests Africa needs to reform and establish a single digital market to have a stronger influence on big tech. It mentions that such a market would enable Africa to have a louder voice in the digital space. The sentiment towards this issue is positive.

Other topics discussed include the importance of protecting intellectual property for micro-enterprises and the role of market size in regulating the behavior of big tech. The analysis points out that examples of intellectual property theft can be found on platforms like Pinterest, affecting micro-enterprises such as Masai women making artifacts. It also highlights that interference from big tech can create entrepreneurial opportunities. The sentiment towards these topics is generally positive.

Finally, the analysis mentions the importance of visa-free movement within Africa. It notes that Kenya’s approach of not requiring visas for any African country is successful, and other African countries are adopting this approach. The sentiment towards this issue is positive.

In summary, the analysis provides a comprehensive overview of various topics related to data and economic development in Africa. It highlights the potential benefits and risks associated with data usage and underscores the need for fair benefit distribution. Moreover, it emphasizes the importance of Africa’s unity, establishment of a single digital market, and collaboration with the EU for research, innovation, and capacity building. Ultimately, the analysis suggests that strategic initiatives in these areas can contribute to the economic growth and development of the continent.

Abdesslam Benzitouni

Jumia, a multinational company that primarily operates in Africa, heavily relies on data for various aspects of its business. Data is used to enhance customer user experience, improve market accessibility, and drive innovation and growth. The company collaborates with partners and service providers worldwide to effectively gather and utilize data.

Ensuring the security and protection of data is a top priority for Jumia, which invests significantly in cybersecurity measures. They work with different platforms, clouds, and data centers in various countries to safeguard their data from cyber threats.

However, Jumia faces challenges due to regulatory conflicts between different countries. Each country has its own set of regulations, creating complications for international business operations. For example, conflicts between Indian and African regulations led to issues while working with an Indian company. Adapting to different regulations becomes necessary for operating in various countries.

To address conflicting regulations, Jumia follows the General Data Protection Regulation (GDPR) as a guideline for data protection. However, GDPR may not always be suitable for every country, as adopting it may not address specific issues related to mobile money customers or similar scenarios.

Counterfeit and copyright infringement products are significant concerns for Jumia. The company acknowledges the magnitude of this problem in many countries and emphasizes the importance of strict guidelines and consistent checking to identify and prevent the presence of counterfeit products on their platforms. Jumia implements strict guidelines with vendors and conducts thorough product checks to ensure authenticity and legality.

Education and regulatory support are essential in combating counterfeit and copyright issues. Despite efforts, challenges persist, as some vendors may still sell counterfeit products. Continuous education and regulatory support are necessary for effective management of these issues.

Fraud and cybersecurity are significant concerns for Jumia. The company faces daily cyber attacks and has made substantial investments in cybersecurity measures to protect its operations. Education plays a crucial role in preventing fraud, and Jumia prioritizes training and awareness programs to mitigate these risks. The Ukraine-Russia conflict led to a surge in attacks, highlighting the vulnerability and prevalence of cyber threats in the online business landscape.

Jumia’s decision to register in Germany is aimed at establishing investor confidence. Investors such as Goldman Sachs and Orange have suggested Germany as a suitable location for registration due to the protection it offers for large amounts of money.

Despite the challenges faced, Jumia remains committed to operating primarily in Africa. The company’s customer base is exclusively African, and it operates in 11 African countries. Jumia supports the local economy by partnering with local small and medium-sized enterprises (SMEs) as vendors and employing local talent, contributing to the growth and development of the African economy.

In summary, Jumia heavily relies on data for various aspects of its business and prioritizes data protection and cybersecurity. Regulatory conflicts pose challenges that require adaptability to different regulations across countries. Counterfeit and copyright issues are significant concerns that demand strict guidelines, consistent checks, education, and regulatory support. Fraud and cybersecurity risks necessitate continuous investment in cybersecurity measures and education. Jumia’s decision to register in Germany enhances investor confidence, while maintaining a strong focus on operating primarily in Africa and supporting the local economy.

Tevin Gitonga

The analysis explores the significance of data protection laws and guidelines, focusing on the impact of the General Data Protection Regulation (GDPR) in digital trade, data flows, and the African data market. One key finding is the positive influence of GDPR as a global standard for data protection laws, with many African countries adopting similar legislation. GDPR guidelines are also considered in data-driven industries, reinforcing its recognition as a benchmark for data protection. The analysis highlights the importance of data protection in digital trade, as neglecting it undermines operations. The U.S.-EU privacy shield is cited as an example of the impact of data protection laws on international agreements. The potential of the African data market is emphasized, as it offers vast opportunities for economic growth. Effective data policies are crucial for unlocking this market’s potential. The analysis argues for the coexistence of data protection laws and trade, stating that they can thrive together with proper implementation. The analysis also discusses a Pan-African approach to data flow and views existing data protection laws in Africa as an opportunity rather than a threat. Enforcement challenges in data control are addressed, with discussions on joint investigations as a means to tackle them. The analysis notes the recognition of Africa as a new data resource by big tech companies, highlighting the market’s value. The importance of data literacy in preventing breaches is emphasized, with a focus on training vendors handling sensitive data. Mutual legal recognitions are suggested as a solution to international data control issues, weighing politics and risks in granting adequacy. Overall, the analysis provides a comprehensive overview of the significance of data protection laws in various contexts, showcasing the positive impact of GDPR and the potential of the African data market.

AB

Abdesslam Benzitouni

Speech speed

184 words per minute

Speech length

1803 words

Speech time

587 secs

A

Auidence

Speech speed

183 words per minute

Speech length

1225 words

Speech time

402 secs

BN

Bitange Ndemo

Speech speed

139 words per minute

Speech length

1646 words

Speech time

709 secs

KK

Kholofelo Kugler

Speech speed

189 words per minute

Speech length

2409 words

Speech time

763 secs

LB

Linda Bonyo

Speech speed

189 words per minute

Speech length

5656 words

Speech time

1800 secs

TG

Tevin Gitonga

Speech speed

232 words per minute

Speech length

2961 words

Speech time

765 secs