Ethiopia: Implemented ECA Telecommunications Consumer Rights and Protection (Directive No. 832/2021) including data protection regulation

On 26 August 2021, the Ethiopian Communications Authority (ECA) issued the Telecommunications Consumer Rights and Protection Directive No. 832/2021 which entered into force on the same date. The directive mandates measures for the protection of consumers' personal data. Licensees are required to develop and implement a comprehensive privacy policy outlining the collection, use, and protection of consumer data, ensuring transparency and consumer consent for any data processing activities. Personal data must not be processed for purposes other than those originally communicated to consumers, and it should not be retained for more than one year post-service termination. Licensees are prohibited from selling, sharing, or exposing consumer data without explicit consent and must notify consumers and the ECA within 72 hours in case of a data breach.