China has affirmed its intention to actively support Africa in the development of its digital infrastructure and connectivity. This was confirmed by Chinese Assistant Foreign Minister Deng Li on 24 August when speaking about the China-Africa Partnership Plan on Digital Innovation at the China-Africa Internet Development and Cooperation Forum. Indeed, China is looking to promote technologies such as cloud computing, AI, and e-payments (with a specific focus on areas where Chinese products are more competitive) and services related to digital education, smart cities, and e-government.
In December 2018, the EU also signaled its possible involvement in Africa, launching a “Digital Economy Task Force” together with African leaders.
In recent years, Africa has significantly progressed in passing and updating various pieces of legislation on privacy and data protection – typically based on the GDPR and international data protection principles. Examples which immediately come to mind include the new Nigerian, Kenyan, South African, Ugandan and Ghanaian regulations. However, aside from the formalities set forth in the various legislations, boosting digital infrastructure, connectivity, and online services requires particular attention to data security. This is necessary to prevent possible breaches, including unlawful interference by law enforcement agencies.
While the attractiveness of the continent for foreign governments wishing to support its digitalization is good news for Africa, an entire data security ecosystem needs to be created, in terms of adequate technical and organizational measures to be effectively established.
In this respect, the concept of data protection and data security by design will be the key factor to enable digitalization and at the same time protect African citizens. It is not an exaggeration to say that global cybersecurity and data protection is at stake as the information of citizens of any country may be processed though digital services/products offered in/by African organizations.
Interestingly, security by design, incorporating security into the design and production of hardware and software from the inception of the technology (rather than tacking it on as an afterthought) has also been strongly endorsed by the by the Biden administration in recent weeks.
Fundamental for this concept to be effectively implemented, companies must design and create connected products and services by directly implementing data protection and data security by design into them. Indeed, companies must consider data protection and data security by design as a corporate social responsibility to ensure effective global cybersecurity. To this end, please see Principle 1 of the Maastricht University Data Protection as a Corporate Social Responsibility Framework – “Embed data protection and security in the design of processes”, specified in Rule 1, “Implement Data Security by Design. The Organization shall implement data security by design into its data processing activities”.