In the developed regions of the world, data privacy has been a topic of public discourse for some time. From the European Union’s adoption of the General Data Protection Regulation (GDPR) to smaller laws that have passed in many U.S. states, the developed world has recognized that data privacy laws are important to modern digital society. Now, as the burgeoning tech industries in many developing countries push them into fast-paced versions of the West’s digital revolution, many developing countries are also beginning to put similar laws into effect. In particular, data privacy in Africa has become a major concern as the region steps into the digital age.
Data Privacy in Africa
In June of 2019, leaders from across Africa gathered in Ghana for the groundbreaking Africa International Data Protection and Privacy Conference. At this conference, African leaders such as Ghanaian Vice President Dr. Mahamudu Bawumia, U.N. Special Rapporteur on Right to Privacy Joe Cannataci, and Chairperson of the Information Regulator of South Africa Pansy Tlakula spoke about ways to advance data privacy in Africa. Topics ranged from convincing African nations to fall in step with international laws about data privacy to integrating data privacy laws with religious groups in Africa.
This conference came at a crucial time in the development of data privacy in Africa. Sub-Saharan Africa alone is expected to add more than 250 million internet users by 2025, and the Sub-Saharan mobile industry is expected to add $185 billion to GDP by 2023. Despite this growth in internet use, the continent is currently behind on data privacy laws. Only 17 out of 54 countries in Africa have passed data privacy laws, and 15 African countries have yet to ratify the African Union’s Convention on Cybersecurity and Data Protection. The leaders assembled at the conference hoped to change this. “Data protection in Africa is a prerequisite” to joining the Fourth Industrial Revolution, said Hon. Vincent Sowah Odotei, Ghana’s deputy minister of communications, in his final remarks of the conference.
Improved data privacy in Africa has several benefits. According to the Global System for Mobile Communications Association, improving data privacy, “allows countries to trust each other and enforcement bodies to cooperate. In turn, this can boost the economy by allowing data to flow within the region and it is more attractive for external investors who prefer not to be confined to keeping data in one place.”
How a Lack of Data Privacy Harms Poor Communities
Beyond large-scale economic benefits, improved access to data privacy will have specific benefits for low-income Africans. A 2017 study from Washington University in St. Louis found that poor people are more vulnerabilities when it comes to data privacy, facing vulnerabilities such as a greater likelihood of having their personal data used against them and more devastating consequences from identity theft. Poorer people are also much less likely to have basic digital literacy skills, thus increasing their vulnerability to digital threats, with 64 percent of poor Americans reporting that they do not have a good understanding of how the privacy policies of websites they visit apply to them.
Michele Gilman, one of the authors of the study, said in an interview with The Borgen Project that data privacy is tantamount to improving the lives of those in poverty. Gilman said, “Technology can be a tremendous resource for people living in poverty to access services and opportunities as a ladder out of poverty—but without controls or regulation, it can also further entrench poverty.”
Gilman pointed out that identity theft can wreak particular havoc for people living in poverty. When people living in poverty are victims of identity theft, according to Gilman, their lack of a social safety net coupled with the sudden loss of most of their financial assets can lead to dire consequences. Because poor people tend to lack the resources to undo the consequences of identity theft, the American Bar Association reports that they are more likely to be wrongfully arrested and hounded by collection agencies for crimes they didn’t commit and loans they didn’t take out. This is all in addition to the usual consequences of identity theft, which can take months to resolve. The Bureau of Justice Statistics found that in the U.S., 43 percent of households that were victims of identity theft made less than $75,000 per year. In South Africa almost half the consumer population either has been, or knows someone who has been, the victim of identity theft.
Gilman also illuminated the broader threat that a lack of data privacy can pose for those in poverty. Big data coupled with societal discrimination can lead to low-income people systematically being denied access to resources and they are more often targeted by government surveillance. For instance, 40 percent of colleges and universities use applicants’ social media profiles to make decisions through a process known as social analytics, where algorithms go over applicants’ social media behavior as well as who they are friends with in order to determine their qualifications to enter.
Up to 27 percent of poor social media users don’t use any settings at all to make social media profiles private, and because poorer students tend to rely more on financial aid, there is a concern that social media analysis will allow universities to selectively avoid recruiting low-income students. In a similar vein, police departments have begun to use a process known as threat scoring, where they analyze crime statistics to determine how likely a given individual is to commit a crime using data from social media and other sources, essentially creating guilt by association.
Effectiveness of Data Privacy Laws
In places where data privacy laws have already taken effect, the results have been significant. Since the passing of the GDPR, record numbers of data breaches that otherwise would have gone unreported, have been reported to the relevant authorities, with 36,000 breaches reported in 2018 compared to between 18,000 and 20,000 in 2017. Countries around the world, from Brazil to Hong Kong, have passed GDPR-like bills, and many other countries are looking to follow suit. The implementation of these laws has not been without hiccups—many businesses in the EU have struggled with the implementation of new regulations, and the EU has been slow to actually enact fines for companies that break GDPR rules—but in the end, these laws will help to dismantle the structures that keep people in poverty.
Data privacy laws protect low-income people from negative consequences such as identity theft and algorithmic discrimination. The creation of laws to increase data privacy in Africa, therefore, will increase protection for Africans who are being kept in poverty by lenient data privacy regulations. As the region’s tech develops, its laws are also developing to ensure that increased access to technology also means increased possibility to alleviate poverty.
– Kelton Holsen