All too often, countries in the so-called ‘Global South’ are left on the back-foot when it comes to digital transformation and the data revolution. Governments are left at the mercy of contract terms that are dictated to them by multinational corporations whose annual revenues sometimes exceed national GDPs. African countries are left behind as ‘standards takers’ in data policy, in the process often being forced to comply with the legal, economic, cultural and social norms of the countries, continents and international institutions that do the ‘standards-setting’. More recently, African countries and people find themselves caught in the middle of renewed great power rivalries, in which the transnational data flows and digital infrastructure that fuel knowledge societies are becoming increasingly contested areas. As it stands, while there is ongoing work to build an African Continental Free Trade Area (ACFTA), the “data protection regime across Africa is fragmented.”
There is growing general sentiment that Africans should set their own standards in data policy, taking into account their unique circumstances. To this end, what would an African General Data Protection Regulation (GDPR) look like? What elements would remain the same as those found in the European standard and what changes would be needed to make an African GDPR work for the unique development challenges that Africa faces? Would Africa need to have sub-regional standards that work individually for West, East, Central and Southern Africa or would it be possible to produce a continent-wide standard?