Emerging markets don’t need to emulate data protection laws from the West. They are creating their own.
By Joseph Dana | July 5, 2018
We live our lives on the internet, and concerns around data protection will continue to intensify around the world. In the United States, major technology companies such as Facebook and Google have come under fire for their data collection practices, specifically the way they share user data with third parties. Facebook CEO Mark Zuckerberg recently testified before Congress and the European Commission to outline his plans to establish strong data protections on his platforms. Whether the US government will take any significant action remains to be seen.
While the data protection debate is focused on large technology giants, the discussion could have an enormous impact in emerging markets. In Africa, many countries lack any form of data protection legislation or government regulation, as the development media platform Devex highlighted this week.
The few African countries to address the issue have focused legislation on cybercrime and, in cases such as Uganda, controlling political dissent on social media and taxing those platforms. Few, if any, have addressed individual data rights and protection. Africa is one of the world’s fastest-growing markets for internet communication and technology. Cheap smartphones and infrastructure improvements are allowing millions of Africans to get online for the first time. This is having an enormous impact on how Africans save, spend, and remit money, while facilitating myriad opportunities in healthcare, insurance, and government services.
Adopted in 2014, the African Union’s Convention on Cybersecurity and Personal Data Protection aims to protect citizens’ information and examine how data policies overlap with national security concerns. The document is unique for a regional bloc and reveals that the African Union understands the gravity of the data protection issue. That said, few member states have adopted it. Only 10 of the 55 African countries have signed on to the convention, three more have ratified it, and others have used it to write their own legislation.
Before moving to innovative solutions in emerging markets beyond Africa, it should be noted that the European Union’s (EU) recently passed General Data Protection Regulation (GDPR) for EU residents does wield influence in Africa. Not only has the GDPR demonstrated how governments can forcefully take action on data protection, it also “applies to any institution that collects data from EU citizens including many in Africa”. Given the economic ties between the continent and Europe, especially in North Africa, businesses will have to adapt to the GDPR regulations in some form or another.
As such, emerging markets should look to the discussion in India around the Aadhar identification system as an early test case for clues on path forward on data protection. Considering the gravity of the data protection problem, governments have an important role to play in facilitating an equitable solution.
What began as a measure to streamline the delivery of state benefits and services, Aadhar has transformed into a biometric database for all Indians. The Indian government has forcefully argued that an electronic identity system will reduce corruption. Despite the stated benefits of the Aahdar system, it was never meant to be compulsory. Since Aadhar has been incorporated into government services, however, it has become de facto mandatory.
As Samanth Subramanian noted in a report about Aadhar for emerge85, “… the Supreme Court [began] hearing a collection of civil society petitions about the Aadhaar initiative, whether it endangers Indian citizens’ right to privacy and if its mandatory nature is justified. The verdict will have widespread repercussions for the Aadhaar scheme and for data protection in India more broadly. It will also hold familiar parallels for other countries around the world that face dilemmas involving data security, institutional efficiency, and citizen welfare.”
Whatever the Indian Supreme Court rules on Aadhar will arguably have more bearing on how other emerging market countries develop data protection laws than developments coming from the US Congress or European Commission. While the largest technology companies are mostly located in the West, emerging markets are forging their own unique relationship with data. China’s looming influence is another model that African countries such as Uganda could seek to emulate.
One thing is for sure, emerging markets shouldn’t be singled out for lacking data protection standards while the West faces similar problems and has an equally difficult time finding lasting solutions. Data protection is a global problem, and the way emerging markets choose to handle it has just as much weight as US or European responses.