Watch the full panel discussion here!
North Africa has seen an unprecedented increase in data protection regulations since the introduction of the General Data Protection Regulation (GDPR) in the EU in 2016. In cooperation with the Rule of Law Programme for the Middle East and North Africa of the KAS, Prof. Dr. Moritz Hennemann and Dr. Patricia Boshe of the University of Passau have prepared a detailed comparative overview of the current status and development of data protection regulations in seven North African countries. The study "Data Protection Laws in Northern Africa" was presented in Tunis in October 2022, and was now also presented it at the Headquarters of the Konrad-Adenauer-Stiftung in Berlin in April 2023.
The expert panel brought together members of academia, government and practice with expertise in EU, (North) African and global data protection legislation and policy.
After welcoming remarks by Dr. Peter Fischer-Bollin, Head of the KAS Department Analysis and Consulting, and Mr. Philipp Bremer, Director of the KAS Rule of Law Programme MENA, the study was presented by Dr. Patricia Boshe. The presentation outlined where and to what extent the “Brussels Effect” can be observed in North Africa; how it aligns with the EU Framework, but also how it diverges from it. For example, five of the seven data protection laws that were studied include certain notification and authorization requirements not stipulated in the GDPR, while the laws omit the principle of transparency (one of the seven fundamental data protection principles in the EU framework).
The expert discussion that followed highlighted that the harmonization of laws can be useful for e-commerce, trade, data interation, among others; the more similar the rules are, the easier it is to implement compliance measures. This also applies to public authorities: the security of data sharing often is the main challenge with regards to international crime investigations and cybersecurity. Diverging rules increase the risk of misapplication of the laws and can prove to be very difficult from a practical perspective.
However, digital policies cannot be applied in the same way everywhere; regional bodies of law such as the GDPR cannot (and should not) be simply "transplanted" to other regions. Regional (constitutional) values and contexts (economies) which underlie these laws will always have to be taken into consideration in the legislative process.
The expert panel featured
Philipp Schulte, Policy Advisor for Digital Development at the GIZ,
Prof. Dr. Moritz Hennemann, Co-author, Chair holder for European and International Information and Data Law at the University of Passau,
Tamar Kaldani, Data protection expert and advisor to the 'GLACY+' project of the
EU and the Council of Europe ('Global Action on Cybercrime Extended'); advised on data protection legislation in Kenya, Gambia and Sudan, among others;
Dr. Tobias Born, Senior Associate Baker McKenzie, formerly Head of Data Protection for the EMEA region for eBay.