Legal regulation of IT by the AU
In 2014, the AU approved its own Convention on Cyber Security and Personal Data Protection similar to the CE document. The AU was certainly based on the European experience but it also took into consideration its own record and African realities. This explains why the African Convention includes 38 articles grouped into four large chapters, whereas the European Convention has only 27 articles and seven smaller chapters.
Unlike the European Convention, the African Convention focuses on cyber security and data protection terminology. While the European Convention defines only such notions as “personal data,” “automated data base,” “automated processing,” and “database controller,” the African Convention expands the list of terms by including additional notions, such as “critical cyber infrastructure,” “cryptology,” “e-commerce,” “electronic signature,” and others.
An important distinction of the African Convention is that it attempts to regulate e-commerce. There is an entire chapter dedicated to this subject (Chapter I. Electronic Transactions), which regulates electronic commerce (Section I), contractual obligations in electronic form (Section II), and security of electronic transactions (Section III).
Moreover, while the European Convention authorizes national legislators to devise personal data protection principles (Chapter 2), the African Convention establishes generally recognized principles (articles 13 and 14) as applied to all Parties on the continent (six basic principles and specific principles):
1) the principle of consent and legitimacy;
2) the principle of lawfulness and fairness;
3) the principle of purpose, relevance and storage;
4) the principle of accuracy;
5) the principle of transparency;
6) the principle of confidentiality and security.
The specific principles (specific principles for the processing of sensitive data) prohibit any data collection and processing revealing racial, ethnic and regional origin, parental filiation, political opinions, religious or philosophical beliefs, trade union membership, sex life and genetic information or, more generally, data on the state of health of the data subject. This convention-driven revolution in Africa can be explained by the fact that it is long since the approval of the European Convention and the world has seen many drastic changes in the realm of IT. For example, the UN estimates that the global e-commerce is worth over $26.7 trillion and its cost will only grow, given the rapid advances in IT. Therefore, we think that the African Convention is right to focus on regulating e-commerce.
Thus, the African Convention boasts many achievements with regard to IT regulation in Africa as a whole.
The evolution of national IT laws in Africa
The African Convention was a factor in African countries’ effort to devise domestic IT laws. Morocco, for one, adopted a national law relative to the protection of physical persons with regard to personal data treatment as early as in 2009. South Africa also passed the Protection of Personal Information Act (POPI Act) in 2013. With time, it was modified and amended. Today, the POPI Act also takes into account a number of recommendations arising from the African Convention. As of now, many African countries have their national IT regulation acts and national surveillance commissions in this area.
So, despite their lagging behind Europe in terms of technology, African countries are undertaking efforts to minimize the negative consequences of IT development and to consolidate their achievements in the area of legislative regulation mechanisms.
AI development and the need to regulate it in Africa
The rapid progress in information technologies facilitates advances in AI. The latter is certainly a follow-up on IT development and is determined by it. This course of events makes African countries adjust to the new realities and therefore it is not accidental that some countries already urge to regulate AI by legislative means across the continent.
In Morocco, for example, the Justice Ministry’s Department is drafting laws to regulate AI. Moroccan Minister of Justice Abdellatif Ouahbi believes that AI, in spite of its advantages, may become a threat to man and society as a whole.
In 2023, the South African Department of Communications and Digital Technologies issued a roadmap to regulate AI . The document consists of three parts. Part One is dedicated to the general international discourse and advances in AI regulation. Part Two considers AI’s impact on South African society. Part Three analyzes the priorities and actors in the AI area in South Africa.
Therefore, African countries are also trying to minimize as far as possible the AI impacts and consolidate conditions with a potential for benefit. Nevertheless, both the international community and individual countries are just beginning to focus on the AI regulation issue. The current international leaders in this regard are again the European countries and the European Union, which adopted, on March 15, 2024, the Convention on Artificial Intelligence, Human Rights, Democracy, and the Rule of Law. This Convention, like the 1981 Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, can also become a model for African countries with regard to AI regulation, albeit with account taken of their own interests and realities.
Conclusion
In conclusion, we can say that IT and AI development requires that governments display a responsible attitude by adopting laws to regulate these areas. The purpose is not only to protect national interests and derive benefits but also to safeguard national morality and ethics and guarantee individual, state, and societal security.
There is no doubt that African countries remain vulnerable and inferior to other participants of the race for higher legal protection in the IT and AI areas. They lack the technological wherewithal for reaching their objectives. Besides, the majority of companies operating in this domain are Western or Asian conglomerates, for which reason African countries are just consumers of their IT and AI services. They are highly unlikely to have political and technological leverage to make them comply with local laws or withdraw their license. Unlike them, the European Commission fined a number of US companies (Google, Amazon, Apple, and others) in recent years for their activities in EU countries . Neither are the Africans able to influence the companies in other ways, including by controlling data in their cloud storages, etc.
The Valdai Discussion Club was established in 2004. It is named after Lake Valdai, which is located close to Veliky Novgorod, where the Club’s first meeting took place.
