Data Governance: The Central African Way

Central Africa is a significant player in the realm of data governance, particularly recognized for the adoption of the African Union Convention on Cybersecurity and Personal Data Protection in Malabo, Equatorial Guinea, in 2014. Commonly known as the Malabo Convention, this instrument, adopted by 55 African states, serves as a cornerstone of data protection legislation in Africa.

Recent years have witnessed a surge in data protection developments across the Central African region; with the Central African Republic introducing the use of cryptocurrency in 2022, Democratic Republic of Congo (DRC) launching the largest data center in Central Africa with the aim to improve data reliability and performance, and Angola harnessing the power of communication satellite to unlock new opportunities in technology, agriculture, mining, and climate monitoring (just to name a few). This therefore, raises the growing importance of robust cybersecurity measures. From high-profile data breaches compromising sensitive personal information to cyberattacks targeting critical infrastructure, relevant actors cannot ignore the urgent need for increased awareness, stronger regulations, and collaborative efforts to safeguard data governance and protection.

Pollicy in collaboration with NIYEL, has been spearheading regional conversations within Africa on data governance practices. By focusing on the unique contexts in which Africans use data to improve their communities, these conversations have led many to appreciate the value of personal information and how it is governed by different actors. The latest conversation centered on the Central African region and this article delves into the specific contributions of DRC and Cameroon to the African data landscape, examining how these nations are harnessing digital technologies while prioritizing individual rights.

Cybersecurity Regimes

DRC has embarked on an ambitious plan to promote digitalisation in 2019 with the adoption of the National Plan on Digitalisation which relies on 4 strategic pillars; Infrastructure, Content, Application Use, and Governance-Regulation.

This article will focus on Governance-Regulation, under which the country adopted its first cyberlaw, Ordinance-Law 23/010 of 13 March 2023 (Digital Code). The Digital Code devotes 87 Articles on personal data protection which also meet international standards. The main challenge remains the implementation, as to this day the Data Protection Authority, which has a mandate to ensure compliance with personal data protection provisions of the Digital Code, is yet to become operational.

It is worth noting that under the pillar of Governance-Regulation, DRC signed and ratified the Malabo Convention in 2023, and hence contributed to the coming into force of the Convention on 8 June 2023, nearly 10 years after its adoption in 2014. The Constitution of DRC references personal data protection. However, as the term "privacy," under which personal data protection is typically categorized, lacks a specific legal definition in the DRC, it might be beneficial to consider enshrining personal data protection as an independent fundamental right. The ruling party, Union for Democracy and Social Progress (UDPS) is advocating for a constitutional amendment or even a complete overhaul of the Constitution. This presents an opportunity to elevate the right to personal data protection to a constitutional level.

Public Health Data Governance

Public health data collection takes place in a variety of settings: academic, scientific and population-based surveys. Those in charge of the various projects must obtain ethical clearance or administrative authorization for research. Data is collected and processed for scientific research, routine monitoring of population health status and response to public health emergencies. In Cameroon, hospital and community data are collected on the national DHIS2 platform, or through physical forms and reports.

Cameroon's data governance framework for research projects is multifaceted, adapting to the sensitivity of the data involved. Law N°2022/008 of April 27, 2022, specifically addresses medical research involving human subjects. Articles 5, 9, 11, and 12 of this law outline key principles, including respect for human rights, participant consent, and privacy. Additionally, Law N°2020/010 of July 20, 2020, governs statistical activities in Cameroon, with articles 3, 4, 7, 9-13 specifically addressing health data protection and access. For research involving genetic resources, Law N°2021/014 of July 09, 2021, outlines regulations regarding access, associated traditional knowledge, and benefit sharing. Furthermore, Cameroon adheres to the Malabo Convention, with Articles 8-15 dedicated to personal data protection.

Public health actors face many challenges during the data collection and processing procedures. These include: proper means of aggregating hospital data produced in different departments; researchers not having access to online databases with sufficient information; duplication of data to be collected on different media (persistence of several physical secondary tools collecting the same information and digital forms containing the same information); insufficient feedback to those responsible for routine data collection on the evolution of the indicators for which the collected data are used to provide information; and poor security of databases.

Cameroon and several Central African countries are taking significant steps to address healthcare challenges, including data security. A key strategy involves the establishment and strengthening of National Public Health Institutes (NPHIs) where recent progress has shown the establishment of NPHIs in the DRC and Chad in 2023. Cameroon and the Central African Republic are currently working towards establishing their own NPHIs.

To further enhance data security, these countries are implementing a range of measures, for example regular data validation exercises at all levels of the healthcare system, data triangulation, database cleaning, improved database security, flexible data usage policies, harmonized data collection tools aligned with the One Health approach, and a strong emphasis on the importance of real-time, high-quality data. By adopting these strategies, these countries aim to strengthen their healthcare systems and improve public health outcomes.

Digital Security for Journalists

“Protecting journalists' data is a considerable challenge for freedom of expression, not only because it protects journalists, but also because it guarantees the integrity of their sources, who sometimes put their lives at risk to bring out the truth.” said data protection expert Philippe Gabillault.

Six of Cameroon's ten regions are currently experiencing conflict, posing significant digital security risks for journalists operating in these areas. Despite the widespread presence of media outlets across the nation, with almost 700 radio stations, over a hundred TV channels and several news websites, journalists continue to face cyber harassment, espionage and stalking. encounter threats from various sources. Political figures, especially during the upcoming 2025 presidential election, pose a significant risk to press freedom. To ensure the safety and security of journalists, robust digital security measures are imperative.

Globally, journalists and media organizations often face abuses. Cameroon is no exception. As the country grapples with terrorism and a secessionist war, sensitive topics that could potentially destabilize the nation require careful handling. To monitor media coverage of these issues, the Ministry of Territorial Administration (MINAT) and the National Communication Council (CNC) scrutinize news reports to ensure responsible journalism.

In conclusion, data governance is a crucial aspect of modern journalism, especially in a dynamic and complex media landscape like Cameroon. By implementing robust data protection measures, journalists can safeguard their digital security, protect sensitive information, and uphold ethical reporting standards. As the country navigates the challenges of the digital age, investing in data governance initiatives will not only empower journalists but also strengthen the credibility and integrity of the media industry.

The Central African Way:

Central Africa is a region of incredible diversity, with eleven (11) member states each offering its own unique culture and opportunities. Composed of Francophone, Lusophone and Hispanophone, Central Africa remains to be a region that has much to contribute in Africa’s data governance development. Its regional bloc, the Economic Community of Central African States (ECCAS), promotes cooperation and the strengthening of regional integration in Central Africa, specifically in the political, economic, social, cultural, and most importantly the scientific and technical sector.