Developing an effective data governance framework to deliver African digital potentials

Cyber security concept with digital Africa map with locks and glowing lines on abstract dark background
Editor's note:

Below is a governance viewpoint from the Foresight Africa 2022 report, which explores top priorities for the region in the coming year. Read the full chapter on technological innovations.

Foresight Africa 2022Rapid digitalization has the potential to enhance structural transformation among African countries as well as galvanize progress on regional developments like the recent African Continental Free Trade Area. However, these benefits are not guaranteed given the multipronged threats in the digital space that can limit trust and curtail the adoption of such innovations. Indeed, the platform-based business model that dominates the digital economy raises fundamental issues about data protection and citizens’ privacy. Likewise, the monopoly market structure that characterizes the digital platforms implies a winner-takes-all paradigm, leaving less for developing economies. Rising cybercrime, ransomware, and digital identity theft pose significant threats: African economies lost over $3.5 billion through cyberattacks in 2017 alone. The more worrisome threat emanates from the rise in the number of African states with spyware, surveillance, censorship, and internet shutdowns. This trend is affecting trust in the digital space.

The intersections of these threats could significantly affect the transformational impacts of digitalization; hence, there is a need for a data governance framework that maximizes the potential gains (through enablers) and limits the threats (through safeguards).

State of data governance in Africa

  • Proliferation of laws and regulations on data protection. Between 2012 and 2021, the number of African countries with at least one form of data protection law tripled from 12 to 28. Though the current adoption rate is 52 percent for the African region, it is still the lowest relative to other regions. Notably, the data governance framework tends to show more emphasis on fostering safeguards (e.g., data protection, privacy), and less focus on enablers (e.g., data portability, localization)—but both efforts are crucial.
  • Implementation remains a challenge. Institutions charged with regulating data governance have not evolved with the dynamic needs and peculiarities of the digital space. Regulatory inertia and capacity challenges that characterize broader governance in Africa are manifesting in data governance implementation, given that this structure is embedded within the existing public institutional framework. The implementation gap is further worsened by the limitations in human and financial capacity of regulatory agencies, and power and knowledge asymmetry between platform firms and mostly small and resource-constrained African countries.
  • There is more progress at the national level than through regional and multilateral frameworks. Given the fragmented data policy environment and capacity gap in Africa’s digital space, scaling up regional efforts is crucial for addressing the inadequacies in the national efforts: Even developed countries like those in Europe have found a regional approach to be an effective means of addressing power and knowledge asymmetry. Currently, only eight African countries have ratified the Malabo Convention, the regional-led approach for data protection and cybercrime law. Similarly, only six African countries are participating in the World Trade Organization’s e-commerce plurilateral negotiations, which will set up new global trading rules for electronic commerce and trade.

Policymakers must build checks and balances into the data governance framework as a monopoly in data governance, either by government or the private sector, will hinder digital development.


  • Policymakers should scale up efforts on “enabler” laws, especially around e-commerce, for safe and secure financial settlements, improved and better enforcement without recourse to data protectionism, and enabling cross-border data flows. In general, enhancing the implementation capacity with investment in finance, manpower, and technical skills of data regulatory authorities is important to ensuring data governance supports development outcomes.
  • Policymakers must build checks and balances into the data governance framework as a monopoly in data governance, either by government or the private sector, will hinder digital development. Civil society accountability and regional cooperation are also needed to limit state abuses as well as platform companies’ abuse resulting from their dominance and gatekeeper roles in the digital space.
  • National and regional leaders must enhance collaboration and coordination around strengthening regional data governance, sharing mechanisms and experiences for best practices in regulating the digital space, and committing more to multilateral frameworks for data governance.