Michael Mudd

Michael Mudd, managing partner at Asia Policy Partners, discusses his research into the changing attitudes to cybersecurity and privacy in Africa…

I recently travelled to Africa for a Microsoft sponsored public sector cloud event. It was clear that the efficiency and scale enabled by cloud technologies are having a huge impact in lowering public sector IT costs, driving social inclusion, and delivering greater digital services for African citizens.

In this context of cloud proliferation, and of particular note, was the significant movement toward enacting or enforcing data privacy laws. This was especially evident in Ghana which now has a robust law under its privacy commissioner.

Other countries are considering implementing new laws, such as South Africa which has a draft data privacy law going through the system. Nigeria has already enacted a data content law which specifies that data created in Nigeria must be stored and processed within Nigeria. However, in reality, this is an overly restrictive legislation and is not practical in today’s connected world.

The majority of countries in Africa have some form of consumer privacy protection in place. But relatively few have data protection laws that would have any equivalence to laws in Europe or Australia, such as the European Union’s General Data Protection Regulation (GDPR) which comes into force next May.

Countries which are less developed have not necessarily invested as much in data security as more wealthy economies

While there is considerable awareness around data security and privacy as a policy in both the public and private sector, governments in Africa are still overly restrictive in the sharing of data, establishing data classification policies that over-classify data in terms of confidentiality.

In addition, there is a clear lack of data managers that have the relevant skills, both within the public and private sectors…