Safeguarding North Africa’s Digital Future: A Focus on Data Governance

By Alia Shaddad, Ms. Shaimaa Solaiman, Chérif El Kadhi & Rachel Magege |||

North Africa is a region that is historically rich in cultural exchange and technological innovation. With a blend of traditional societal values, rapid modernization, and increasing digitalization, the region presents a unique context for examining data governance in its entirety. This article delves into the evolving landscape of data governance in North Africa, exploring the interplay of cultural, political, and economic factors that shape its practices and policies.

Courtesy of Pollicy and Niyel, the African Data Governance Knowledge Hub was designed to foster and support collaboration amongst data governance actors and the sharing of data governance resources in Africa. In this respect, a virtual discussion was held on Wednesday, 28th August 2024 to create awareness of the work being done in data governance by different actors in North Africa.

Data Transfer Structures: 

In today’s digital age, the protection of personal data has become a critical issue for individuals, businesses, and governments alike. With the increasing globalization of commerce and communication, data is frequently transferred across borders, raising concerns about privacy and security. – Shaimaa Solaiman, Managing Partner at Challenge Law Firm 

Egypt’s Personal Data Protection Law (PDPL), enacted in 2020, establishes comprehensive standards for safeguarding personal data. This law aligns closely with global best practices, such as the EU’s General Data Protection Regulation (GDPR).

Key Provisions of the above-mentioned Law:

Sensitive Data Protection: The PDPL stipulates higher protection for sensitive data, including information related to religion, political opinions, gender, sex, and health. The transfer of such data requires the explicit consent of the data subject. Additionally, the receiving country must have adequate data protection measures in place.

The law also conditioned that the data transferred must be accurate, true, and collected for legitimate purposes. It should not be retained longer than necessary to fulfill the purpose for which it was gathered. 

Data Subject Rights:

• Consent: Data subjects must provide explicit, written consent for data processing and transfer.
• Amendment and Deletion: Data subjects have the right to amend, correct, or delete their data at any time.

Protection of Children’s Data: Collecting data related to children requires parental approval. It is also forbidden to ask children to disclose personal data while gaming online.

Further, one of the key points highlighted was the most efficient strategies that we can adopt to make data privacy laws more efficient across African countries to balance challenges and opportunities related to data transfer such as:

• Strengthening punishment for cybercrimes related to data through implementing stricter penalties to deter data breaches and cybercrimes.
• Raising awareness by educating the public about data privacy and the legal conditions for data transfer.
• Conducting regular audits to identify and address weaknesses in data protection systems.
• Training data handlers to ensure individuals who manage data are well trained and equipped with the latest knowledge.
• Enhancing data protection through utilizing encryption and other advanced technologies to safeguard data.
• Harmonizing local laws with international and global standards like GDPR.
• Policymakers should cooperate and advocate for an international treaty to unify data protection laws, facilitating safer and easier data transfer.

By adopting these measures, we believe that we can create a robust framework for data governance that not only protects privacy but also fosters innovation and growth across the continent.

Ethical Research & Overview of MENA Observatory on Responsible AI:

We have found that policy research in the field of responsible AI and data is essential for ensuring that technological advancements are aligned with societal values and ethical standards. – Alia Shaddad, Senior Researcher, The Access to Knowledge for Development Center (A2K4D) at The American University in Cairo, Egypt

The Access to Knowledge for Development Center (A2K4D) – School of Business at The American University of Cairo (AUC), has been working on research on the use of responsible data and AI in the MENA region under two research tracks; Health and Food Security. This research was conducted as part of the Governing Responsible AI & Data in the MENA Region project, in partnership with the Center for Continuing Education (CCE) at Birzeit University (BZU), and supported by the International Development Research Centre (IDRC). For the health care sector research track, we had partners from Lebanon, Morocco, Palestine, and Tunisia. For the food security research track, we had partners from Jordan, Lebanon, Palestine, and Tunisia. Research outputs from these two tracks will be available on the MENA Observatory on Responsible AI’s Knowledge Hub. The MENA Observatory on Responsible AI was also launched in 2024 as part of the project to respond to a need for policy dialogue and engagement from MENA stakeholders in the area of responsible data and AI. The MENA Observatory,  a locally-driven platform aiming to make key contributions to global narratives on responsible data and AI.Through the course of research on these two tracks and the development of the MENA Observatory, we have found that policy research in the field of responsible AI and data is essential for ensuring that technological advancements are aligned with societal values and ethical standards. Some of the common issues we found across the two different sectors in our research were:

• Issues in data quality and collection:
  • Data gaps and inconsistencies: Limited availability and quality of relevant data, hindering AI development and application.
  • Lack of responsible data practices: Insufficient adherence to ethical guidelines and legal frameworks, leading to potential biases and harms.
• Technological and infrastructure limitations:
  • Resource constraints: Insufficient funding and technological resources to support AI initiatives.
  • Infrastructure challenges: Limited access to high-quality computing power, storage, and connectivity.
• Awareness, and skills and capacity shortages:
  • Healthcare professionals & farmers’ training: Inadequate training and education for frontline healthcare workers and farmers on AI applications and ethical considerations.
  • Talent gap: Shortage of AI specialists and experts within the different sectors.
  • Trust & awareness: Lack of awareness and trust by workers of AI technologies.
• Coordination and planning challenges:

Challenges with synergies: Insufficient collaboration and coordination among stakeholders, thus hindering effective AI implementation.

Research conducted in the region would hence need to include and reference frameworks and guidelines that govern the responsible use of AI technologies. As AI systems become increasingly integrated into various aspects of everyday life, addressing these concerns is critical to preventing misuse and ensuring equitable outcomes. This may include looking at issues related to data privacy, bias, fairness, transparency, and accountability. This entails utilizing a multi-stakeholder approach in research that is needed to address these challenges and harness the potential of AI for improved health outcomes and food security; emphasizing:

• Responsible data collection & management: Standardize data collection, digitize records, and promote data sharing.
• Technological infrastructure: Invest in efficient digital infrastructure and support for public health innovation.
• Human capacity: Provide training and capacity building for relevant professionals and staff.
• Ethical considerations: Ensure data privacy and security, and develop relevant legal frameworks.

AI adoption: Leverage AI for efficient data collection, fraud detection, and diagnostics.

The MENA Observatory on Responsible AI hence aims to serve as a key player in advancing ethical AI practices in the Middle East and North Africa (MENA) region. Established to address the region’s unique challenges and opportunities, the MENA Observatory serves as a hub for collaboration among researchers, policymakers, and industry leaders. Its mission is to continually voice and promote ethical guidelines and standards tailored to the MENA context while aligning with global best practices. The MENA Observatory engages in various activities, including organizing workshops, hosting webinars–such as our recent collaborative webinar series with the African Observatory on Responsible AI dedicated to exploring “Responsible AI in the Global South”–as well as publishing policy briefs and other relevant material, and facilitating discussions on responsible AI. By addressing regional-specific issues, the MENA Observatory helps to push for AI policies that support sustainable development. The MENA Observatory will continue to be developed as a regional hub through the curation of multimedia, academic and nonacademic, user-friendly and open-access resources on AI in the region targeting multiple user groups, and hence serving as the go-to home for any and all knowledge on responsible AI as it pertains to everyone’s lives. Through its efforts, the MENA Observatory on Responsible AI plays a crucial role in shaping a future where responsible AI technologies contribute positively to society.

Data Protection as a Human Right:

Personal data protection legislations are a necessary pillar for data governance. We cannot speak of data governance if they (legislations) are nonexistent, not enforced, or simply ignored. – Chérif El Kadhi, Tech Policy Analyst

Most North African countries have enacted personal data protection laws, with Tunisia leading in 2004, followed by Morocco in 2009, Mauritania in 2017, Algeria in 2018, and Egypt in 2020. Despite these frameworks, enforcement remains weak, and significant violations continue, undermining their effectiveness. Strong data protection legislation is essential for data governance, as meaningful governance cannot exist without well-enforced and respected frameworks. When these laws are ignored, the integrity of data systems falters, leaving individuals at risk.

Tunisia and Morocco have gone a step further by signing the Council of Europe’s Convention 108, which, among several important provisions, ensures the protection of personal data through independent Data Protection Authorities (DPAs). Independence is crucial for DPAs to enforce these laws impartially. Additionally, the European Union’s General Data Protection Regulation (GDPR), a globally recognized standard for data protection, offers a comprehensive, user-centered approach. Aligning with such standards not only enhances human rights protections but also opens economic opportunities by allowing local companies to process EU citizens data and access EU markets.

However, in most North African countries, DPAs are often tied to the executive branch, undermining their independence. For DPAs to fulfill their oversight role effectively, they must be autonomous from government interference. Moreover, these DPAs often face challenges in capacity, especially when dealing with powerful multinationals or government agencies. This struggle is exacerbated by the lack of awareness among key stakeholders, such as lawyers, judges, and officials, further weakening the enforcement of data protection laws. Meanwhile, governments frequently use foreign social media platforms to communicate with citizens, even though these platforms are not subject to local data protection laws, leaving citizens with no legal recourse to protect their personal data.

The broader human rights context in North Africa, marked by authoritarian regimes, further complicates data protection efforts. Existing laws are regularly violated through illegal surveillance of activists and journalists, doxxing of political opponents, and misuse of biometric data coupled with surveillance cameras. These actions are often justified under the guise of national security/defense, but most go unpunished due to a culture of impunity, eroding public trust and endangering privacy.

Improving personal data protection in North Africa requires several key steps. Governments must update legal frameworks to align with international standards, ensure the independence of DPAs, and strictly enforce existing laws. Academia should play a role by incorporating data protection topics into the curricula of law, ICT, and related fields to raise awareness. Civil society organizations and human rights defenders must build regional coalitions, advocate for data protection as a basic human right, and educate their communities.

In summary, while most North African countries have data protection laws, their enforcement remains inadequate. Raising awareness and forming cross-border coalitions are essential to elevating personal data protection as a key pillar of both data governance and human rights. Strengthening DPAs’ independence and improving legal understanding will bridge the gap between legislation and practice, reinforcing the connection between data protection, democracy, and the rule of law.

Data governance is crucial and beneficial for every sector be it – health, sports, investment, agriculture, elections and so on. The current practices and structures in North Africa showcase a growing recognition of the importance of data governance specifically on elements of data privacy and security. While challenges remain, such as limited resources and varying levels of appreciation, knowledge, and enforcement, the region’s efforts to establish robust data protection frameworks are a positive step towards safeguarding individual data rights and promoting digital trust. As technology continues to evolve, it is essential for North African countries to remain vigilant in their pursuit of effective data governance practices to ensure a secure and equitable digital future.