Comparative analysis of data protection regulations in East African countries

What is it about?

Data protection is the cornerstone of the digital economy, ensuring trust and privacy as its fundamental pillars. The global attention toward data security and privacy of personal data in recent years has led to adopting regulatory measures, such as the General Data Protection Regulation (GDPR) in Europe. Building upon global efforts, the issue of data protection has regained attention internationally. However, the existing body of research on data protection in East African countries is limited. This study fills this gap by analysing data protection legislation enacted in four East African countries including Tanzania, Kenya, Uganda and Rwanda. This study uses a comparative exploratory case study by analysing legal instruments, official reports and scholarly articles. All these countries have embraced data protection acts; however, they differ in terms of scope, provisions and enforcement. The study findings reveal the map of data protection in East Africa, inform policy-making around areas that need improvement, and facilitate harmonization efforts. By empirically comparing the existing data protection legislation of these countries in four dimensions – (1) registration, (2) supervisory authority, (3) data subject rights, and (4) cross-border data transfer rules, the study made legal frameworks transparent, revealed the commonalities and distinctions and presented some implementation constraints. Future research needs to be directed towards assessing the implementation of those regulations and their role in developing privacy rights and the digital economy for informed policymaking and sustainable development in the region.

Featured Image