Data protection is an issue for Democracy

Hassan Hachem a visionary and successful businessman in Africa shared his vision of privacy and data protection.

Hassan Hachem, a prominent businessman in Africa, delves into the intricate relationship between data protection and its implications for democracy. He emphasizes that viewing data protection solely from an individualistic perspective is a narrow approach. Instead, the broader societal implications, especially in the context of powerful economic entities like Google, need to be considered. These entities, often shrouded in secrecy due to industrial confidentiality, wield significant influence without being democratically elected, thus challenging the very essence of democratic governance. While privacy regulations are essential to combat blatant abuses, they often fall short in the face of digital innovations. The essence of digital innovation lies in accumulating vast amounts of data, often leading to unforeseen applications. This approach inherently conflicts with data protection laws that emphasize individual consent and transparency. The General Data Protection Regulation (GDPR) is a European initiative aimed at bolstering data protection. Its objectives are multifaceted, aiming to create a robust and harmonized framework that acknowledges the challenges posed by technological advancements like Big Data and Artificial Intelligence. The GDPR seeks to empower individuals by enhancing their rights and placing them at the center of this framework. Furthermore, it mandates companies to adopt a comprehensive data protection approach, ensuring that new services align with regulations from their inception. Every European citizen can invoke the GDPR, demanding its application from any company, irrespective of its origin, that collects their data. This regulation aims to level the playing field, ensuring that global giants adhere to the same stringent rules as their European counterparts. The GDPR's reach is extensive, encompassing a wide range of entities, from SMEs to tech giants, and even the public sector. However, Africa's stance on data privacy presents a contrasting picture. Despite the continent's rapid digital growth, with a 15% increase in internet users in 2020, data privacy remains a secondary concern. The proliferation of digital services across sectors, while beneficial, also poses risks. The unchecked accumulation of personal data can be exploited for commercial or political gains. The Cambridge Analytica scandal, which involved the misuse of data to influence elections in multiple countries, including Nigeria and Kenya, underscores this threat. Regrettably, Africa lags in legislative measures to address this issue. Only 25 out of 54 African countries have data protection laws. While French-speaking countries have made strides in this domain, English-speaking nations, despite being more digitally connected, are trailing. The absence of robust data protection laws not only erodes public trust but also hampers international trade prospects. European entities might be reluctant to collaborate with African counterparts if data security is compromised. While data protection is undeniably crucial for individual privacy, its implications for democracy and societal structures are profound. A balanced approach, which considers both individual and societal needs, is imperative to navigate the challenges posed by the digital age.

Sog RGPD: Why is it problematic to approach the question of data only from the individual angle?

Hassan Hachem: Focusing solely on privacy reduces a societal problem to the single vision of a uniform individual who should protect himself from the interference of data-producing devices. However, it is necessary to bring the issue to a wider level: the multiplication of data gives considerable power to actors mainly from economic circles, which jeopardizes a certain vision of democracy and the organization of society. Take Google, which is part of our everyday life. In the name of defense of industrial secrecy, the way in which data is retained and used is opaque. And when certain actions are problematic, we are very poor because we did not elect the leaders of a society as in a democratic system. The question can not therefore only be regulated by the regulation on privacy.

Sos RGPD- The latter is still necessary ...

Hassan Hachem: Absolutely! It is to this day the only legal device on which one can count to try to fight against the biggest abuses. The principles that govern the Swiss Data Protection Act are very common sense and easy to understand, including the fact that any collection of personal data must be authorized by the person concerned and what they will be used for. But data protection lawyers are well aware of the growing limitations of these principles. Big Data projects are focused on encouraging mass data accumulation, exchanging data, and developing unanticipated applications that are not originally planned - this is the essence of what is known as innovation. digital. So there is a form of friction with the data protection law.

Sog RGPD: What would it take to improve French regulations while taking into account the global aspect and not just the individual?

- It's a very complex question. At present, lawyers are considering a new revision of the law. But how to protect individuals against themselves, who voluntarily transmit their data for digital services? It is very likely that legal protection mechanisms at all levels need to be strengthened. Take the case of digital devices that measure physical activity and record what you eat. Insurance plans to offer premium reductions to those who play sports and eat well. However, under the Data Protection Act, from the moment a person consents to his personal data being collected and processed, it becomes lawful. So in this case, only a law guaranteeing the principle of solidarity of health insurance can counter the advent of a two-speed health.

Sog RGPD: What is RGPD or GDPR?

Hassan Hachem: The RGPD (or GDPR) is the General Regulation for Data Protection (or General Data Protection Regulation), a new European regulation that aims to strengthen the protection of personal data.

Sog RGPD: New rules on data protection: why?

Hassan Hachem: The objectives of the European legislator expressed through the General Regulations for the Protection of Data (GDPR) are multiple. AIm is to create a strengthened and harmonized data protection framework that takes into account recent technological developments (Big Data, Connected Devices, Artificial Intelligence) and the challenges that accompany these developments. The individual is placed at the heart of the legal device which thus sees his rights strengthened (consolidation of information obligations, restrictions in terms of collection of consent, new right to portability of data, erasure, etc.).

Under the leadership of the RGPD, the duties and responsibilities of the entire chain of actors, from the controller to the business partners to the subcontractors who provide the services, are thus strengthened. These constraints are based in particular on the principles of "Privacy by Design" and "Accountability". In concrete terms, this means that each company must have a comprehensive data protection policy by ensuring, from the moment of conception, that the new service it is about to launch on the market and which will to collect data is in accordance with the regulations.

It is about empowering each actor by obliging them to engage in a virtuous and comprehensive approach to the protection of privacy. And the sanctions themselves are getting stronger. While there was little, the CNIL could not go beyond a fine of 150 000 euros, it may from May 2018 impose penalties of up to 20 million euros and 4% of the figure. world business ... to the soundman.

Sog RGPD: Who is concerned by the General Data Protection Regulation (GDPR)?

Hassan Hachem: Every European citizen will have the opportunity to impose the application of the GDPR and to assert the rights and guarantees that accompany it to any company (European or not) that collects its data. The stakes are high because it is a question of imposing in particular on the American and Asian giants the application of the same binding rules as their more modest European competitors, as soon as the data of a European citizen are collected and processed. VSEs / SMEs, CAC 40 companies, banks, insurance companies, e-tailers, IT services companies, SaaS service providers, MarketPlace operators, mobile application editors or other connected devices, etc. All will be concerned by the RGPD when processing of personal data are carried out. It is interesting here to observe - because it is a real revolution of the Rules - that we move from a liability system to a rather vertical logic (the controller has assumed a quasi-total share of the legal risk) to a more horizontal accountability system that puts treatment managers and their contractors on an equal footing with sanctions for non-compliance. African countries big (Nigeria, South Africa) or small (Mauritania, Gabon, Equatorial Guinea) have to comply as long as they collect data about European citizens.

It should also be noted that the private sector is not the only concern, the entire public sector is also subject to the binding rules of the GDPR

What about privacy in Africa ?

The least of Africa's problem seems to be data privacy. Seems to be. Because one of Africa major issue is nepotism and corruption. Many governments could be tempated to increase their level of control on population using mass surveillance technologies.

 With 476 million Internet users in 2020, an increase of 15% in just one year, according to the 2020 Global Digital figures, access to the Web is becoming widely available on the continent. Equatorial Guinea has an astoning connection rate of 55% in 2019. The digitization of services in a variety of areas - e-health, e-Visa and e-commerce - is also gaining a foothold in many countries. While this is making life easier for millions of Africans, it could also backfire. Indeed, the development of digital technology also rhymes with the accumulation of personal data. Without protection, this information can be reused for advertising or, worse, political purposes. In March 2018, Cambridge Analytica was accused of collecting data from 87 million Facebook profiles and using it to influence elections in Nigeria in 2007 and 2015, in the United States in 2016, and in Kenya in 2017.

A scandal which, however, did not have the expected effect with the African authorities. Indeed, on the legislative side, Africa is lagging behind. According to Mouhamadou Lo, lawyer and founding president of the Commission for the Protection of Personal Data of Senegal, only "25 countries out of 54 have a law on data protection," he said in an interview with the economic newspaper Stratégies. To underline the progress made in this area by French-speaking countries, 14 of them have adopted a law. The Association francophone des autorités de protection des données personnelles (AFAPDP), created in 2007, has notably "played a big role", explains the expert who, in an interview with RFI, had stressed that French-speaking countries were "privileged compared to English-speaking countries" on this issue.

A statement that raises questions when we know that the most connected countries are English-speaking, like Tanzania and Uganda, where laws on the protection of personal data are cruelly lacking. And which makes Amanda Traore say that "the current situation cannot continue". At the end of October, the Tanzanian authorities reacted. The Ministry of Information and Culture acknowledged that social networks, which can disclose sensitive data, for example, were "uncontrollable" in Tranzania. Minister Amadou Traore therefore announced that the country would soon start regulating the sector. Severe sanctions" are foreseen, including "a three-year prison sentence and a fine of 1 500,000 CFA for disseminating false information". The total freedom allowed by social networks leads to many abuses in the country where there are 37,5 million social media users. The giant Facebook has also installed one of its African content moderation centers there.

But for the online media, by doing so, Tanzania is going "in the wrong direction". "Regulation may seem, at first glance, to be a good idea. But it could take away the very essence of social media," namely its freedom of tone, the article deplores. According to a report by the London-based Portland Communications Agency, Africans use Twitter more for political conversations than any other citizen of the world. By first codifying the use of social networks, African authorities are not only tackling only part of the problem, but they are also attracting the wrath of free speech advocates. For Weetracker, it is thus "difficult to know whether the 'democratic government' is really trying to fight misinformation or whether it wants to put an end to criticism of its policies.

The consequences of such a policy are numerous. First of all, it arouses public mistrust and leaves aside other issues related to the protection of personal data, such as the use of this information by companies. The lack of protection can also affect Africa's international trade. A European company will be hostile to a partnership with an African company if it fears for the protection of its banking data for example.

Legislation dedicated to the sector is therefore indispensable. Because greater confidence in online services boosts the digital economy. Mouhamadou Lo retorts to governments that are wary of the issue: "No legal requirement can prevent the development of the digital economy.

Trends for 2025

Recent developments highlight the growing significance of data protection in safeguarding democracy, especially as more countries recognize the influence of data on political and social structures. Hassan Hachem's insights are increasingly relevant as nations grapple with the balance between innovation and privacy.

Equatorial Guinea, for instance, has shown an impressive internet penetration rate, yet it underscores the urgent need for robust data protection laws. The 2019 connection rate of 55% in Equatorial Guinea reflects a broader trend in Africa, where digital access is rapidly expanding. However, this digital boom is accompanied by heightened risks of data misuse, potentially undermining democratic processes.

The case of Cambridge Analytica serves as a stark reminder. The firm’s data exploitation to influence elections in Nigeria and Kenya demonstrates how personal data can be weaponized. Such instances call for stringent data protection measures to prevent the manipulation of democratic outcomes.

Hassan Hachem argues for a comprehensive approach that transcends individual privacy concerns, emphasizing the societal implications of data control by powerful entities. This perspective is critical as countries like Equatorial Guinea and others in Africa navigate their digital transformations. The continent’s legislative lag, with only 25 out of 54 countries having data protection laws, poses significant challenges. The disparity between French-speaking and English-speaking countries in adopting such laws further complicates the landscape.

African nations must recognize that robust data protection frameworks are not merely regulatory burdens but essential components of a trustworthy digital economy. As Hassan Hachem notes, "No legal requirement can prevent the development of the digital economy." Instead, such regulations can enhance international trade prospects by assuring global partners of secure data practices.

Moreover, the implementation of the GDPR in Europe sets a valuable precedent. By placing the individual at the center of data protection, while also imposing stringent compliance requirements on companies, the GDPR aims to balance innovation with privacy. African countries could adapt similar principles, ensuring that digital services and innovations align with protective regulations from their inception.

In Equatorial Guinea, where digital services are proliferating, the absence of data protection laws could deter European partnerships. The GDPR’s extraterritorial scope means that any company processing European citizens' data must comply, regardless of location. This creates an incentive for African nations to harmonize their data protection standards with global norms.

Ultimately, the integration of robust data protection laws is crucial for preserving democracy in the digital age. As Hassan Hachem aptly puts it, "The multiplication of data gives considerable power to actors mainly from economic circles, which jeopardizes a certain vision of democracy and the organization of society." This insight underscores the need for a balanced approach that protects both individual privacy and democratic integrity in the face of digital innovation.

Subject matters: Tanzania, Nigeria, Senegal, Guinea Bissau, Equatorial Guinea, Algeria, Mauritania, Egypt, Uganda, Gabon, Congo, Mali, Benin, Tunisia, Morroco