The private sector must do its part on data governance in Africa

The last decade has seen an acceleration in the digitization of many aspects of our lives including financial services, commerce, education, and healthcare. Data gathering and exchange have accelerated alongside this swift uptake of digital engagement, and data has become the new essential commodity—with Africa as the next frontier. However, this rapid change brings along questions of data governance and privacy, especially as the implementation of the African Continental Free Trade Area (AfCFTA) moves forward. As the tech sector waits for regulators to catch up, individual companies can do more to protect consumers on their own.

The new oil

Observing the commoditization of data as well as its attendant opportunities and challenges in Africa, it is hard to ignore that the analogy of data as the “new oil” is a powerful and prescient one. The commercialization of this resource can unlock considerable value for the continent in sectors critical for the development of thriving and connected economies. However, commercialization must be approached responsibly, as we have seen in the case of oil: If the exploitation of a resource is not well planned, unintended consequences—typically burdening the most vulnerable in our societies—arise.

Opportunities for the private sector to step up

For robust data protection on the continent, policymakers and the private sector must work together to create and implement feasible regulations and best practices.

Technology businesses should not wait to be the recipients of policy. As subject matter experts in the complex value networks and core infrastructure (e.g., cloud computing) that underpin their business model, they need to act quickly.

For robust data protection on the continent, policymakers and the private sector must work together to create and implement feasible regulations and best practices. Given the private sector’s experience navigating the relevant technical issues in this complex space, tech companies’ role in data governance should be twofold: 1) inform proposed policies and 2) create and implement their own high standards. Such actions should include:

• Establish a self-regulating organization (SRO) to improve data policy relevance and enforcement: Bottom-up innovations from startups and civil society networks are building tools and forging a collective voice to address data inequality, constructing a new social contract between the tech industry and citizens. In Southeast Asia, for example, the Indonesia FinTech Association serves as an SRO that works in close collaboration with the Financial Authority to define and enforce good data governance practices.
• Implement proportional risk and accountability frameworks: The onus is on organizations to enforce data protection frameworks to build trust with all stakeholders. Importantly, requirements must be robust while also being within reach. The accountability-based approach towards data protection requires organizations to tailor policies that consider the business needs and the risk environment. This type of engagement across public, private, and even social sectors not only can lead to better data protections for customers but also the development of standardized frameworks and approaches to increase the efficiency of doing business.
• Invest in consumer education: As individuals, we make decisions on our data based on trade-offs: How much privacy do I give up in return for a service that is valuable to me? However, this data could be used for other purposes, often without the consent of consumers. Therefore, consumer education on the different ways that their data is being used is essential. While funding for such education is usually borne by government, multilaterals, and foundations for digital public good, we are seeing the private sector stepping up to join force.
• Build safeguards against digital harms: Data can improve the lives of the poor; however, it can also open back doors that can harm individuals, businesses, and societies. To address this tension between the helpful and harmful potential of data, the World Bank’s World Development Report 2021: Data for Better Lives calls for a new social contract that enables the use and reuse of data to create economic and social value, ensures equitable access to that value, and fosters trust that data will not be misused in harmful ways. Responsible artificial intelligence (AI) is a movement that ensure data-intensive AI systems are ethical and fair.
  

  Challenges from Disinformation and Digital Harm – The World Economic Forum paper, Pathway to Digital Justice, focuses on the victim’s perspective concerning digital harm. Digital harm can happen to anyone and is particularly challenging when the harm is online and across multiple jurisdictions. What is the redressability for the victim of digital harm? The harm goes beyond an individual victim; it could have a silencing effect on women and minority groups, shutting them out from participation in society.

• Break data silos and empowering consumer with choices: It is important that the interests of consumers are protected. Moreover, value must be shared fairly between businesses and consumers, which necessitates proactively addressing issues such as data silos or complex consent artefacts that unfairly disadvantage consumers or competitors. Big Tech (Apple, Facebook, Google, Microsoft and Twitter) formed the Data Transfer Project for an “open-source, service-to-service data portability platform such that consumers could easily move their data between online service providers whenever they want.”

The potent mix of digital technology and data can only offer an improved and sustainable future for the continent if there is a cohesive plan of action for infrastructure, governance, and regulation. Africa needs a growth-oriented governance approach; such an approach will nurture business innovation and ensure that benefits are distributed fairly, while also maximizing protections and minimizing harms for customers. The private sector should not wait for regulators to protect consumer data in Africa. It needs to start now.

The potent mix of digital technology and data can only offer an improved and sustainable future for the continent if there is a cohesive plan of action for infrastructure, governance, and regulation.