1. Insights
  2. Blogs
  3. Data Dive

Coalition of African Nations to Coordinate Data Protection Framework

Oct 26, 2020

Reading Time : 1 min

By: Rebecca Kocsis (Legal Project Analyst)

The data protection framework, focused on data transfers, is based on the legal agreement established with the African Union Convention on Cyber Security and Personal Data Protection, also referred to as the Malabo Convention for Cyber Security and Data Protection. Adopted on June 27, 2014, the Malabo Convention sets essential rules, setting a credible and legal digital environment. The Malabo Convention also addresses gaps in previous legislation regarding customer protections, intellectual property, personal privacy and digital privacy. The goal of this new guidance builds off the Malabo Convention by ensuring that the transfer of data between African nations is seamless and protected. The framework will also help simplify companies’ compliance efforts when transferring their data across borders due to the presence of one, centralized data protection regulation, rather than multiple regulations by country. This framework is also seen as a way to entice businesses to host their data in Africa by providing clear guidance.

Olufemi Daniel of the National Information Technology Development Agency (NITDA) has been pushing for a unified cross border data transfer policy for Africa, saying “The implication is that any data centre could be hosted in any African country. It also enables multinationals to choose a country in Africa they can invest in and any transfer of data would be linked to Africa. With 1.3 billion Africans, you have a stronger argument rather than going ahead individually. This will give investors more confidence to do business in Africa.”

A single data privacy standard for Africa is seen as a positive step forward, providing efficient and effective options for businesses looking to ensure that their data and their customer’s data stays safe. The test of the new framework is still ongoing; however, participating countries and companies are positive about the potential for a robust, collaborative data protection framework across the continent going forward.

We will continue to update this space with any advancements to Africa’s data protection collaboration.

Share This Insight

Categories

International PrivacyCybersecurity & Information Security
Subscribe to the Data Dive Blog Series >

Previous Entries

Data Dive

October 10, 2025

The Department of Defense (DoD) has introduced the Cybersecurity Risk Management Construct (CSRMC), a new framework that replaces the legacy Risk Management Framework. CSRMC emphasizes automation, continuous monitoring, and real-time visibility, marking a significant shift away from static, checklist-driven processes.

...

Read More

Data Dive

September 11,2025

The Department of Defense (DoD) recently published in the Federal Register its long-awaited final rule (the Rule) amending the Defense Federal Acquisition Regulation Supplement (DFARS) to formally implement the Cybersecurity Maturity Model Certification (CMMC) program. The Rule, effective November 10, 2025, will move CMMC from a policy framework into binding contractual obligations for most defense contractors.

...

Read More

Data Dive

September 3, 2025

AI policy for the health and life sciences sector has continued to take shape. Building on recent activity, on July 23, 2025, the White House released its highly-anticipated AI Action Plan, setting forth the Trump Administration’s recommended policy actions to accelerate AI innovation and build American AI infrastructure. This Plan recommends policies that would promote AI adoption, the creation of “AI-ready” scientific datasets and the establishment of real-world AI evaluation systems by and for the health care and life sciences industries.

...

Read More

Data Dive

July 29, 2025

The U.S. Court of Appeals for the Sixth Circuit has upheld a 2024 Federal Communications Commission (FCC) Order that significantly broadens telecommunications carriers’ breach notification obligations. This decision, issued on August 14, 2025, in Ohio Telecom Association v. FCC, mandates that carriers disclose breaches of any customer personally identifiable information (PII), not just customer proprietary network information (CPNI), and applies to both inadvertent and intentional breaches.2

...

Read More

Recommended Blogs

© 2025 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.