Experts Push for Unified Data Privacy Laws Across Africa

Data protection experts are urging African countries to harmonise their scattered data privacy regulations to address growing concerns over artificial intelligence (AI) and cross-border data exchanges. The call for unified policies was made during a webinar titled “The State of Data Privacy in 2025: Trends, Challenges, and Best Practices,” hosted by Digital Jewels Africa, a consultancy firm focused on IT Governance, Risk, and Compliance across the continent.

Speaking at the event, Oscar Otieno, Kenya’s Deputy Data Protection Commissioner, stressed that conflicting laws across Africa are stifling innovation. He shared his observations from a recent conference where a bank operating in various African regions struggled with differing data regulations. “You realise that there are different laws… there are still some messes here and there where there are differences. So, the number one thing I would say is there is a lack of harmonisation between these various data protection laws,” Otieno noted.

He further explained that regional harmonisation must come before a continent-wide framework. “Probably we harmonise the laws across the course. We look at it at SADC, we look at it at East Africa level. It is from that point that then we can now start having that conversation of harmonising the Africa laws.”

Innovation vs Privacy: Finding the Balance

Dr Tolulope Plus-Fadipe, Head of Research at the Nigeria Data Protection Commission (NDPC), revealed that the NDPC would soon host a gathering of 30 Data Protection Authorities from various African countries. The event aims to address AI-related privacy challenges and promote collaboration across borders.

Nigeria’s 2023 Data Protection Act requires all 500,000 data controllers to appoint certified Data Protection Officers (DPOs). However, only 5,000 were available initially. Plus-Fadipe disclosed that the first certification exam in March 2024 qualified 500 professionals. The NDPC has also planned free public-sector workshops to address the knowledge gap.

The discussion also touched on the risks associated with AI adoption. Francis Appiah, COO of Ghanaian fintech ExpressPay, raised concerns about the lack of transparency in automated credit-scoring systems. He highlighted how these algorithms can assess a user’s social media profiles, banking details, and other personal data without clear consent.

“At what point did I give consent to this automated credit scoring system to take all this information? Are data subjects aware of where all their data resides?” Appiah asked, criticising the current approach to data management.

He emphasised that the problem goes beyond institutions sharing data. It also involves ensuring that individuals — the actual data subjects — have control over their own information. Appiah proposed a framework focused on people, processes, and technology to address these issues.

“The weak link,” he explained, “boils down to people: those handling data in the enterprise and the data subjects themselves.”

With experts calling for unified laws and improved awareness around AI-related data privacy, the push for better-regulated digital environments across Africa continues to gather momentum.