The State of Data Privacy in 2025
Digital technology experts have decried the invasion of people’s privacy by emerging technologies such as AI, blockchain, and cloud computing. They note that most of the national laws in Africa are not robust enough to cover this pervasive intrusion. According to them, the regulations need to be strengthened across countries on the continent.
They also called on regional economic blocs like the AU, the East African Community and ECOWAS to push for harmonization of data policies across their regions to facilitate cross-border data flow. These formed part of the observations and resolutions at the webinar organised by Digital Jewels Africa on: “The state of data privacy in 2025: Trends, challenges and best practices”.
While highlighting the need for transparency in AI decision-making mechanisms, one of the panelists, Dr. Tolulope Pius-Fadipe, the Head of Research and Development Nigeria Data Protection Commission, said “Anywhere you turn to you will see AI be it Facebook, X, TikTok or WhatsApp.
“If you have a phone conversation with a friend and you discuss shoes, shoes and clothing ads start popping up on your phone. At times when you pick up your phone to carry out a function, AI starts intruding on your privacy, making suggestions for you.
“This happens because there are no strict rules governing emerging technologies like AI. If there are no regulations for AI, it will keep being abused like we are currently seeing. There needs to be guidelines for the use of AI, which is not being given much attention in African countries.”
Another panelist, Francis N. B. Appiah, the COO of expressPay Ghana, pointed out that while customers hold the key to the success or failure of any financial inclusion effort and should be carried along in terms of data security measures, a balancing act is required.
His words, “We can shut all the doors, shut all the windows, close all the gates and kill financial inclusion but have a lot of privacy and security or we can cautiously open gates and windows and put in measures that will inform, educate and empower all these unbanked data subjects who are now beginning to interact with financial services.
“I think hand in hand with the regulator’s concerted efforts that are specifically geared at data subjects and empowering them to what data is private, what data they need to share and can consent to share and how to interact with these platforms in a safe and secure manner, I think that is an important way to balance the equation of data security on one side and innovation on another side.
“If you don’t do this as an operator in the market, you run the risk of over-regulation from agencies in a bid to protect consumers,” Appiah concluded.
On his part, the Deputy Data Commissioner in Kenya, Oscar Otieno observed that there is a lack of harmonization of data protection laws across the various jurisdictions in Africa despite all the talk around the issue. He pointed out that harmonizing data protection laws won’t happen across Africa until the laws are harmonised within the regions.
According to him, “We should look at harmonizing the laws at ECOWAS, at SADC and at the East Africa level. It is from that point that we can now start the conversation about harmonizing the Africa laws to enable those cross-border transfers of data.
“There are also a lot of other things that come to play for example the political landscape of other jurisdictions which maybe in Kenya, we find minors’ data to be such a big issue whereas in other jurisdictions that is not so much of a big issue.
“If we are to attract the big techs and other international investors to make ourselves competitive and show the world that there is ease of doing business within our jurisdictions, we cannot run away from this cross-border data transfer conversations.”
Earlier in an opening address, the Chief Executive Officer of Digital Jewels Africa, Adedoyin Odunfa said, “We are told that 55 African countries now have data protection laws. This is up from 35 in January 2024. So we have seen quite a huge acceleration and shift. We’ve seen also that the enforcement of these laws has been very much on the rise.
“We have seen huge penalties meted out in Kenya, Nigeria, Ghana and Rwanda. The enforcement comes in the form of imposing fines on companies that fail to comply with the various national data protection laws,” she said.