Africa will have to draft and enforce effective data privacy legislation – but not at the expense of innovation.
This was one of the key takeaways from the 2018 edition of the GSMA Mobile 360 Series Africa, held recently in Kigali.
Patrick Nyirishema, Director General at Rwanda Utilities Regulatory Authority (RURA) said: "I think that as a regulator we need to move away from the hard and fast rules that we normally employ to think more like innovators and entrepreneurs in order to avoid missing out on the digital revolution. I think we are at a turning point and nobody really has a good handle to be honest, because on the one hand if we put very hard and fast rules around data protection we risk stifling innovation."
Nyirishema added that dedicated data protection legislation is now overdue that in Rwanda.
"I think more broadly we need a law that can elaborate on all these issues and provide legal basis on how to do things. The industry and technology are evolving and there is a lot of value that can be created around data... there is a risk that if we overregulate we will lose the value and if we do not effectively regulate then there will be paths through which we can be exploited - whether by criminals or those who want economic gain or organisations like Cambridge Analytica."
Pansy Tlakula, Chairperson of South Africa's newly established Information Regulator believes a well-designed data law cannot stifle innovation.
"I get worried when I hear that data protection and regulation can stifle innovation. That is not true. I think if the law is properly crafted it creates a whole lot of exceptions to the way the data is processed. The exceptions are there. There is no law that says data protection stifles innovation or takes people out of business. It is not like that. I think we need a paradigm shift to say there are inbuilt exceptions in a properly crafted law. If you look at the GDPR for instance, those exceptions exist. We just need to interpret those exceptions properly."
Boris Wojtan, Director for Privacy at the GSMA said discussions with regulators and other stakeholders revealed some ambivalence about the effect of data on innovation.
"We are of the view that there is precisely not a trade-off between data protection and business innovation or sustainability. Implementing good data privacy laws and implementing good data privacy practices is an opportunity to make products and services better because you have happier consumers that trust you more. By integrating data privacy into systems in the beginning you make them more robust and better. From a business point of view it makes sense not to see it as a compliance headache or a burden, but as an opportunity to make your product better."
Wojtan says a good data protection law is one that is not too prescriptive and avoids being technology or sector focused.
"It should be based on principles and yes, that is then based on interpretation but that is where you need data protection authorities to give guidance. That flexibility that you have with a principle puts the responsibility on organisations to see how they protect their consumers or citizens if it is a government organisation. It is introducing that sort of risk-based approach that gives you a much smarter privacy environment that enables trust and innovation."
The GSMA hosted an Africa Policy Day on the eve of GSMA Mobile 360 Series – Africa, bringing together more than twelve delegations of ICT policymakers and regulators, data protection authorities and mobile industry representatives for discussions mainly focused on data privacy as a key enabler for the further growth of the digital economy on the continent.