African Union: African Union adopted Data Policy Framework including a guidance on data protection regulation

On 3 February 2022, the African Union adopted a declaration establishing a continental framework for data protection regulation. The objective of this framework is to achieve harmonisation of data governance across the member states of the African Union. The framework delineates principles for data classification, protection, and the empowerment of Data Protection Authorities (DPAs) to enforce compliance. In particular, the declaration encourages data controllers and processors to obtain informed consent, implement privacy-by-design measures, and limit data collection to what is necessary. The framework recommends that individuals should have the right to access, correct, delete, and transfer their data, while data processors should follow lawful processing and security measures. The establishment of independent Data Protection Authorities (DPAs) to oversee compliance is recommended, although the implementation of such authorities remains at the discretion of AU Member States.