NEWSLETTER N° 30 // Thursday 25 November 2021
|
|
|
|
DIGITAL AFRICA: THE NEW ELDORADO FOR THE TECH GIANTS?
|
|
|
|
This month, the team responsible for the drafting of our newsletter “La Lettre du DPO” was honored to interview Mr Roger Félix Adom, (Minister for Digital Economy, Telecommunications and Innovation of the Republic of Côte d'Ivoire), as well as Mr Franck Kié (expert in cyber risk management, founder of the "CYBER AFRICA FORUM"). They share with us their experiences and feedback on the issues and challenges of the digital economy, data protection and cybersecurity in Africa.
The growth of e-commerce in Africa. According to a recent report of the International Finance Corporation (IFC), (i) the number of online shoppers in Africa has grown by 18% per year since 2014 (ii) in 2020, the African e-commerce market is estimated to be worth $20 billion and (iii) its value could grow by $15 billion between 2025 and 2030. A large majority of African States have realized that the economic development of the continent is closely linked to the digital world. However, in some countries, the acceleration of the development of the digital economy is hindered by an unsuitable regulatory context, as well as by embryonic network infrastructures and a lack of financing.
The Tech Giants are conquering Africa. The time when the Tech Giants (Google, Apple, Facebook, Amazon, Microsoft) affirm their presence in Europe, in an environment free of any rules, will soon be over. They are now looking for new markets where they can establish their digital power. Africa, a continent in which much remains to be built and which, for the moment, imposes few restrictions, appears to be a target market (Microsoft is equipping a large part of governments, Google is collaborating with more and more start-ups, is working to lower the cost of Internet access for underprivileged populations and has opened a centre of excellence for AI research in Accra, Ghana). While there is a political will to move towards a greater digital sovereignty, we are nevertheless observing the development of a whole foreign ecosystem based on the massive collection and processing of personal data. Africa could, therefore, become a laboratory for technologies produced elsewhere, with no real visibility on their possible effects on the continent’s future.
Towards a new regional legal and regulatory framework for the digital economy in West Africa. Given that the current European texts are no longer adopted to regulate the digital economy and in consideration of current technological developments in West Africa, the commissions of the West African Economic and Monetary Union (WAEMU) and the Economic Community of West African States (ECOWAS) have decided to jointly conduct a study on the drafting of a new legal and regulatory framework for the digital economy sector in West Africa. This new framework will make it possible to update existing European texts and to take into account technological advances, as well as the new behaviors and needs of users. Therefore, the decisions taken today will determine the place that Africa will occupy in the global digital economy in which the control of data is a key issue.
Enjoy your read!
Matthieu Bourgeois and Laurent Badiane, partners in charge of the Intellectual Property and Digital Law Team.
To subscribe, click here
|
|
|
|
INTERVIEW WITH THE MINISTER FOR DIGITAL ECONOMY, TELECOMMUNICATIONS AND INNOVATION OF THE REPUBLIC OF CÔTE D’IVOIRE TO OUR NEWSLETTER “LA LETTRE DU DPO”
|
|
|
|
Roger Félix ADOM, current Minister for Digital Economy, Telecommunications and Innovation of the Republic of Côte d'Ivoire, accepted to enlighten the readers of our newsletter “La Lettre du DPO” on the process of accelerated digital transformation in the Republic of Côte d'Ivoire and the measures taken to ensure the protection of personal data. Please find below the main extracts of this interview, which you can read in full by clicking HERE.
|
|
|
|
“In the Republic of Côte d'Ivoire (…), the government plans to make the digital economy a new driver for the structural transformation of its economy.”
|
|
|
|
1/- Could you outline your background and the key steps that led you to become interested in digital economy and data protection?
"After a training as specialist in Management of Organizations (notably in the field of telecommunications and new information and communication technologies), I started my career in 1990 in Paris, within the Cap Gemini group, first as Consultant and then as Project Director. In 1997, I joined Ernst & Young in Paris and then the firm in Abidjan, as Director of French-speaking Africa in charge of the development of the consulting business. In 2003, I was recruited by the multinational company Orange as Director of Information Systems before being promoted to Deputy CEO of Orange Côte d'Ivoire. In 2010, I was transferred to the Orange Group's headquarters based in Paris, as Director of Information Systems for the Africa, Middle East and Asia zone. In 2017, I joined the African Development Bank (AfDB) in Abidjan, as Director of Information Technologies. In March 2020, I was appointed CEO of Vivendi Africa. And the same year, in May 2020, His Excellency Mr. Alassane OUATTARA honored me by appointing me Minister for the Modernization of Administration and Innovation of Public Service. Finally, in 2021, the President of the Republic has renewed his confidence in me by entrusting me with the leadership of the Ministry for Digital Economy, Telecommunications and Innovation with the main mission of developing and managing the digital strategy of the Republic of Côte d’Ivoire."
2/- Could you describe the legal framework for the protection of personal data in the Republic of Côte d’Ivoire?
"Protecting personal data means protecting the privacy, dignity and fundamental rights of a person, such as the right to privacy, the right to one's own image and the right to honor. Each State or institution has consequently the obligation to take the necessary measures. In the Republic of Côte d'Ivoire, the government has adopted the following texts for data security in order to create digital trust and protect the cyberspace: (i) ordinance No. 2012-293 of March 21st, 2012 on telecommunications and ICT (title IX, chapter 3), (ii) law No. 2013-450 of June 19th, 2013 relating to the protection of personal data, (iii) law No. 2013-546 of July 30th, 2013 on electronic transactions. My role is to ensure the strict application of these laws and to strengthen the digital skills of the persons involved in the management, processing and use of personal data, which will contribute to a protected cyberspace. This will create a cleaner business environment that will be a generator of digital trust and investment attractiveness."
3 /- What do you consider as the key issues in the field of data protection and digital economy in the Republic of Côte d’Ivoire and Africa?
“The Republic of Côte d'Ivoire and other African countries do not intend to be on the sidelines of this 4th industrial revolution. We want to accelerate the digital transformation. In the Republic of Côte d'Ivoire in particular, the government plans to make the digital economy a new driver for the structural transformation of its economy. This desire is clearly expressed through the 2030 strategic program named “Plan Stratégique Côte d’Ivoire 2030”. The digital economy will account for 12% of GDP in 2021. We hope to reach 18% by 2024. Based on the program “vision Côte d'Ivoire 2030”, the Ivorian government has built its digital strategy around several key factors which are: (i) digital infrastructure, (ii) digital services, (iii) digital financial services, (iv) digital skills, (v) business environment, (vi) cybersecurity, (vii) innovation. Recently, this digital strategy program was validated by all the players concerned with a focus on the cybersecurity and innovation strategy. I am convinced that the above-mentioned development issues, which are common to all African countries, will be the focus of attention and decisions for each State."
|
|
|
|
THE NEED TO PROMOTE A CYBERSECURITY ENVIRONMENT IN AFRICA: THE "CYBER AFRICA FORUM" INITIATIVE
|
|
|
|
After spending the first part of his professional career in Africa (Republic of Côte d’Ivoire and South Africa) as well as in the Middle East (Dubai), Franck Kié is currently an expert in cyber risk management within a major consulting firm in Paris. In November 2019, Franck Kié founded the association CIBEROBS (renamed "CIBEROBS-MAKE AFRICA SAFE"), whose aim is to raise awareness of cybersecurity issues in Africa and which launched the "CYBER AFRICA FORUM": a business event bringing together decision-makers in cybersecurity, that can be considered as the counterpart and representative in Africa of the FIC ("International Cybersecurity Forum" which takes place every year in Lille). This association arises from the conviction that the economic and technological development, in which many African states are involved, will only succeed if the fight against digital risks becomes one of their priorities. Frank Kié accepted to share his views and practical insights on this matter with our newsletter “La Lettre du DPO”.
• The current challenge for African states is to set up national infrastructures, train talent and acquire sovereign tools. "Being sovereign means being able to decide unconditionally on its destiny. This means firstly that a state must have a power, which until now was exercised only on the military, economic and cultural level, and which from now on is also applied to the digital (cyber) space. In this respect, African states lack national bodies for the security and defense of information systems and infrastructures, both hardware (networks, data centers, etc.) and software, since these infrastructures are still too often dependent on foreign operators who have to defend their own interests. Secondly, it also means that African states must be able to train and retain talent among their population and this requires the existence of leading training centers: recently, a cybersecurity institute was created in Kinshasa (Democratic Republic of Congo). There is a real opportunity to create jobs in Africa, at a time when the continent has only 10.000 professionals in the security industry and the needs are high and will continue to grow."
• The necessary condition: defining a strategy for an African cyber sovereignty. "African states have to define a cyber strategy, in other words they have to set goals and to obtain the means to achieve them, both on the defensive and offensive side, because the digital space is a place of conflict, where monitoring, information theft and destabilization operations are taking place. Africa is no exception: for several years, this continent has been subjected to increasingly sophisticated cyberattacks that cause serious damages and financial losses. It is therefore important to raise awareness among African companies and states, a necessary condition for their sovereignty over the networks. It is essential to educate decision-makers on this topic, and this is the reason why the CYBER AFRICA FORUM organizes many round tables, master classes and hacking challenges, which are a good opportunity to make them more aware of this need and to share best practices in this area."
|
|
|
|
Rwanda and Botswana's data protection laws come into force |
|
|
|
In 2021, 34 out of 54 African countries have already adopted a data protection law and 19 of them have a supervisory authority. Since October 2021, two new countries have joined the ranks! On the one hand, Rwanda with the Law No. 058/2021 relating to the protection of personal data and privacy came into force on October 15th, 2021. This law applies to data controllers, data processors or third parties (i) established or located in Rwanda and processing personal data in Rwanda or (ii) who are not established in Rwanda, but process data of data subjects located in Rwanda. This law, based on the GDPR model, includes the main principles relating to data processing: legal basis, rights of data subjects, data transfer, etc. On the other hand, Botswana whose Data Protection Act (Act No. 32 of 2018) also came into force on October 15th, 2021. This law applies to data controllers established in Botswana, or not established in Botswana, in case they use data processing facilities situated in Botswana. Although many provisions are similar to the GDPR, data subjects do not have the right to data portability.
|
|
|
|
Financial penalty against the RATP bus network operations
|
|
|
|
On October 29th, 2021, the CNIL’s (the French data protection authority) restricted committee – which is responsible for imposing sanctions - fined RATP Group 400,000 euros for having, among other things, entered the number of strike days exercised by its employees in its evaluation files, which were notably used as supporting documents for their career development process. The CNIL pointed out that only the data strictly necessary for the evaluation of these employees, i.e. the days of absence, should have been included in the files, in application of the principle of minimization. The CNIL also sanctioned the State-owned industrial and commercial public utility for having failed to comply with the principle of limitation of the retention period of these evaluation files, considering that a three years’ retention period from the date of the meeting of the career development board was excessive and preferring a period of no more than 18 months.
Finally, the CNIL reported a security violation and inefficient measures for protecting data confidentiality due to an insufficiently detailed staff empowerment policy, which allowed all line managers to access the data of all drivers in the bus center concerned.
|
|
|
|
Cross-border processing: Morocco and Burkina Faso strengthen their cooperation
|
|
|
|
Last summer, Morocco's Control Commission for the Protection of Personal Data (CNDP) and Burkina Faso's Commission on Information Technology and Civil Liberties (CIL) signed a cooperation agreement concerning the implementation of a bilateral collaboration plan. This agreement contains (i) provisions relating to the regular actions the two authorities carry out on the ground (information, awareness-raising actions and management of complaints from victims of cybercrime), as well as missions to control data controllers and applicable sanctions, if any, but also (ii) forward-looking clauses taking into account the fast developments in the field of data protection in these countries.
For more information, click here
|
|
|
|
PARIS LEGAL MAKERS AT THE PALAIS BRONGNIART
|
|
|
|
The Paris Legal Makers, in its first edition, will gather more than 1000 French and international participants from all backgrounds - legal, institutional, business, academic and civil - in order to discuss the topic of law as a driver of economic, technological, ecological and societal transformation. This event, which will take place on Monday, December 6th at the Palais Brongniart in Paris, is organized by the Paris Bar Association, in partnership with Le Point and under the high patronage of the President of the French Republic.
For more information, click here
|
|
|
|
The Intellectual Property and Digital Law Team at klein • wenner
Fortified by in-depth experience, klein • wenner's attorneys in the IT Law and Intellectual Property team, who are experts in the digital sector and in GDPR, have developed a transversal practice unique in the area of data law. We work with other experts (in cybersecurity, SI/data governance and other areas), and our team offers a global, cooperative approach to all the issues relating to data (privacy, intellectual property, cybersecurity and open data - *with klein • wenner's Public Law team).
|
|
|
|
La Lettre du DPO is a publication of KGA Avocats which processes your data in accordance with the regulation regarding personal data. To learn more, click here
|
|
|
|
|
|
|
|
