Over the past twenty years, privacy legislation in Africa has been gaining momentum, with half the countries in the continent now having some form of data protection laws either already on the books or about to be enacted. Additionally, the three main regional organizations—the African Union, the Economic Community of West African States (ECOWAS), and the Southern African Development Community (SADC)—have all published or adopted privacy and cybersecurity acts. They are strongly influenced by—you guessed it—the European General Data Protection Regulation.

As with other regions that we examined, so with Africa we will look at the top three African economies by GDP: Nigeria, South Africa, and Egypt. We will also look at the Economic Community of West African States (ECOWAS) privacy framework, since its member states combined are responsible for over $668 billion in GDP.

Economic Community of West African States

The Economic Community of West African States (ECOWAS) has 15 member states: Benin, Burkina Faso, Cabo Verde, Cote d'Ivoire, Gambia, Ghana, Guinea, Guinea-Bissau, Liberia, Mali, Niger, Nigeria, Senegal, Sierra Leone, and Togo. In 2010 ECOWAS passed the Supplementary Act A/SA.1/01/10 on Personal Data Protection.