Cambridge Analytica fiasco exposes Africa's vulnerabilities on data protection
Cambridge Analytica fiasco exposes Africa's vulnerabilities on data protection
Experts have called on African countries to review and implement data protection regulation in the wake of the Cambridge Analytica exposé on the manipulation of social media data.
Cambridge Analytica is associated with the Donald Trump campaigns in 2017, the Brexit vote and the Kenyan elections in 2013 and 2017. Facebook has been under fire for not suspending Cambridge Analytica after it emerged that user's profiles were harvested illegally in 2015 for the US Election campaigns.
In Kenya, the company has been associated with propaganda videos prior to August General Elections, spread on social media.
Experts now say that a lack of data protection laws and knowledge across Africa requires urgent attention.
Tom Makau, a telecommunication analyst in Nairobi, states that most African countries have no power to call international social media companies to account, in terms of misuse of its citizen's data.
"Despite (Kenya) being a WTO member and a signatory of the General Agreement in Trade in Services (GATS), the new paradigm of cross border data and information movement requires that WTO starts a new round of negotiations to review GATS because market access commitments for online services are limited as these negotiations were done in the early 90's when the internet was in its infancy," Makau explained.
"The review will empower countries such as Kenya to take action and get support from other members when any of these companies break the law here," he added.
However, the lack of local data protection laws makes it difficult to implement any regulations in countries like Kenya.
The Data protection bill has been under review by the East African country's parliament for over three years with no indication of when it will be passed and implemented.
"Other than discussing and passing into law the Kenya Data protection bill, there is need to ensure compliance of the laws by first clearly stipulating the rights and obligations of companies that collect data from Kenyan citizens," Makau said.
He said that a proper legal and regulatory framework supported by international conventions and agreements is required to guide the operations of these companies in Kenya so as to make compliance easier.
Some of these could include a requirement of local shareholding and registration so that these companies' local entities are bound by local laws.
"Stiff penalties for breach of data protection laws and regulations should also be set because most of these companies' record considerable global revenues and low penalties and fines might not deter them from non-compliance," he added.