BIZweek n°382 18 fév 2022
BIZweek n°382 18 fév 2022
  • Prix facial : gratuit

  • Parution : n°382 de 18 fév 2022

  • Périodicité : hebdomadaire

  • Editeur : Capital Publications Ltd

  • Format : (260 x 370) mm

  • Nombre de pages : 10

  • Taille du fichier PDF : 2,3 Mo

  • Dans ce numéro : lois sur la protection des données en Afrique.

  • Prix de vente (PDF) : gratuit

Dans ce numéro...
< Pages précédentes
Pages : 6 - 7  |  Aller à la page   OK
Pages suivantes >
6 7
VENDREDI 18 FÉVRIER 2022 BIZWEEK ÉDITION 382 the data. Other notable changes include, amongst others, definitions of terms that were undefined or unused in the 2004 Act, such as «consent», «sensitive data», «health data» or «data processor». In addition, the definition of «data controller» was modified from «the individual or legal entity, private or stateowned, that has the power to order the creation of personal data» to persons «that, alone or jointly with other persons, decide to collect and process personal data and determine the purposes and means of processing». The definition of «processing» was broadened so as to include «organising, retaining, adapting, modifying, saving» personal data and «encrypting» personal data. South Africa After the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (PO- PIA) of 19 November 2013 was passed and Proclamation No. R21 of 2020 on the Commencement of Certain Sections of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) was adopted on 1 July 2020, the majority of the operative provisions of POPIA came into effect. As a result, the Information Regulator issued a number of guidance notes in 2021 on different subjects such as the processing of special personal information (28 June 2021), the processing of personal information of children (28 June 2021), exemptions from the conditions for the unlawful processing of personal information, information officers and deputy information officers (1 April 2021), applications for prior authorisation (11 March 2021). Uganda Two years after passing the Data Protection and Privacy Act, the Ugandan Government adopted the Data Protection and Privacy Regulations, 2021 published in the Gazette on 12 March 2021. The Regulations provide for, in further detail, the establishment of the Personal Data Protection Office (PDPO) and describes its functions, powers and internal organisation and management. The Regulations also set out the obligation for data collectors, controllers and processors to register with PDPO as wellas the registration process. They detail the data breach notification requirements, the obligation to appoint a data protection officer and the data subject rights, namely the rights to information, access, objection, rectification, blocking and erasure. PDPO is now operational and it has issued guidance notes on designating a data protection officer, on lodging complaints, on registration classification and on renewal of registration. Senegal On 30 December 2021, the Senegalese Data Protection Commission issued a regulation setting out retention periods applicable to the following categories of data : employee data, video surveillance, logs of entry into and exit from the workplace and private homes, access magnetic passes, vehicle geolocation, commercial and marketing, customer data of banks and insurance companies. The retention periods vary from 6 months to 10 years. After the promulgation of Kenya’s first Data Protection Act in November 2019, the Office of the Data Protection Commissioner published guidance notes, including on consent, on data protection impact assessment and on the processing of personal data for electoral purposes. Then, in December 2021, the Data Protection (General) Regulations, 2021 were adopted and published. The Regulations provide further details on the many areas covered by the Act, including, data subject rights, use of data for commercial purposes and direct marketing, data retention, data protection policies, contracts between controllers and processors, data localisation, data protection by design or by default, data breach notification, cross-border transfers of data and data protection impact assessments. This Regulation significantly complements the Data Protection Act. Supervisory authorities In some jurisdictions data protection authorities became operational in the past 12 months. Other jurisdictions with new data protection laws elected not to create a standalone data protection authority, but to grant supervisory powers to an existing authority, which was the choice made by the Ivory Coast and Nigeria Chad In Chad, pursuant to the Data Protection Act n°007/PR/2015 of 10 February 2015 the authority in charge of data protection is the cybersecurity regulator,i.e. the National Agency for Information Security and Electronic Certification (ANSICE). ANSICE was instituted by Law No. 006/PR/2015 enacted on 10 February 2015. After a few years of latency ANSICE became fully operational in late 2020. The agency is now very active in cybersecurity and data protection and it has commenced its data controller registration operations as wellas enforcement actions. Niger The Data Protection Act No. 2017-28 of 3 May 2017 provides for the establishment of the High Data Protection Authority (HAP- DP). The board and management of the authority was appointed in late 2019 and, in 2021, HAPDP became fully operational. It is undertaking significant awareness-raising campaigns and capacity building. The authority has also commenced its data controller registration activities. Uganda LA TOUR The Ugandan Data Protection and Privacy Act of 2019 provided the data protection authority would be the Personal Data Protection Office. In 2021, as mentioned above, the Data Protection and Privacy Regulations, 2021 provided further detail about PDPO, including its functions, powers and internal organisation and management and now PDPO is fully operational. Rwanda The Rwandan Protection of Personal Data and Privacy Law did not create a separate data protection-dedicated authority. Instead it granted supervisory powers to the cybersecurity authority, the National Cybersecurity Authority (NCSA) with the possibility for sector-specific regulatory authorities (such as the Rwanda Utility Regulatory Authority in the ICT sector) to oversee sector-specific compliance and put in place sector-specific regulations governing the protection of personal data and privacy. NCSA was instituted pursuant to Law No. 26/2017 of 31/05/2017 Establishing the National Cyber Security Authority and Determining its Mission, Organisation and Functioning and it is now fully operational. Zimbabwe Although the Data Protection Act provides for the creation of a Cyber Security and Monitoring of Interceptions of Communications Centre, it does not create an autonomous stand-alone data protection authority. The supervisory authority in charge of personal data is the already operational Postal and Telecommunications Regulatory Authority (POTRAZ). Burkina Faso The new Data Protection Act of 30 March 2021 imposes that health data relating to identified or identifiable individuals be hosted in Burkina Faso unless an exception is made by the data protection authority. To date, no general exception to this principle has been issued. Zambia Pursuant to Section 70 of the Zambian Data Protection Act of 24 March 2021, data controllers must process and store personal data on a server or data centre located in Zambia except where the Minister prescribes categories of personal data that may be stored abroad. However, sensitive personal data may not be subject to ministerial exemptions. Further clarification as the existence of further exceptions and the criteria for cross-border transfer are likely to be provided by the Minister and supervisory authority. Zimbabwe There are currently no specific data localisation obligations. However, under the Data Protection Act 2021, the data protection authority, POTRAZ, is required to lay down the categories of processing operations for which and the circumstances in which international transfers is prohibited. It is thus expected to have further information on the data localisation requirement in the near future. Kenya Under the Data Protection Act, No. 24 of 2019 which entered into force on 25 November 2019, the Cabinet Secretary may prescribe, based on grounds of strategic interests of the state or protection of revenue, certain nature of processing that shall only be effected through a server or a data centre located in Kenya. The Data Protection (General) Regulations, 2021 published in December 2021, which complements the Data Protection Act sets out some localisation requirements. Under Section 26 of the Regulations, personal data processed for the purpose of strategic interest of the State must be processed through a server and data centre located in Kenya or at least one serving copy of the data must be stored in a data centre located in Kenya. The strategic interests referred to in Section 26 include (a) administering of the civil registration and legal identity management systems ; (b) facilitating the conduct of elections for the representation of the people under the Constitution ; (c) overseeing any system for administering public finances by any state organ ; (d) running any system designated as a protected computer ; (e) offering any formof early childhood education and basic education ; or (f) provision of primary or secondary health care for a data subject in the country. While the authorities of some jurisdictions focus on raising awareness, in other jurisdictions, the enforcement activities have significantly increased in the past year. Amongst the most active jurisdictions is Mauritius, of which data protection authority mainly responded to data subjects’claims against locally-based controllers. Nigeria and South Africa have been proactive in their investigations of foreign technology giants. The Nigerian authority issues fines on a regular basis. Enforcement has been identified as a priority in several countries. With regard to controllers who have no local presence and against which imposing fines is challenging, temporarily or permanently blocking the service via the internet service providers has emerged as a suitable solution. [Source : Hogan Lovells, an American-British law firmco-headquartered in London and Washington, D.C, 01 February 2022] 6
VENDREDI 18 FÉVRIER 2022 BIZWEEK ÉDITION 382 Kristalina Georgieva Managing Director International Monetary Fund POST SCRIPTUM IMF BLOG Three Policy Priorities for a Robust Recovery When the Group of Twenty finance ministers and central bank governors gather in Jakarta, in person and virtually, this week, they can take inspiration from the Indonesian phrase, gotong royong, «working together to achievea common goal.» This spirit is more important than ever as countries are facing a tough obstacle course this year. The good news is that the global economic recovery continues, but its pace has moderated amid high uncertainty and rising risks Three weeks ago, we (the International Monetary Fund) cut our global forecast to a stillhealthy 4.4 percent for 2022, partly because of a reassessment of growth prospects in the United States and China. Since then, economic indicators have continued to point to weaker growth momentum, due to the Omicron variant and persistent supply chain disruptions. Inflation readings have been higher than expected in many economies ; financial markets remain volatile ; and geopolitical tensions have sharply increased. That is why we need strong international cooperation and extraordinary agility. For most countries, this means continuing to support growth and employment while keeping inflation under control and maintaining financial stability — all in the context of high debt levels. Our new report to the G20 shows just how complex this obstacle course is and what policymakers can do to get through it. Let me highlight three priorities : First, we need broader efforts to fight ‘economic long-Covid’We project cumulative global output losses from the pandemic of nearly $13.8 trillion through 2024. Omicron is the latest reminder that a durable and inclusive recovery is impossible while the pandemic continues. But considerable uncertainty remains about the path of the virus post-Omicron, including the durability of protection offered by vaccines or prior infections, and the risk of new variants. In this environment, our best defense is to move from a singular focus on vaccines to ensuring each country has equitable access to a comprehensive COVID-19 toolkit with vaccines, tests, and treatments. Keeping these toolsupdated as the virus evolves will require ongoing investments in medical research, disease surveillance, and health systems that reach the «last mile» into every community. Upfront financing of $23.4 billion to close the ACT-Accelerator funding gap will be an important down payment on distributing Ending the pandemic willalso help address the scars from economic long-COVID. Think of the profound disruptions in many businesses and labor markets. And think of the cost to students worldwide, estimated atup to $17 trillion over their lives due to learning losses, lower productivity, and employment disruptions. School closures have been especially acute for students in emerging economies where educational attainment was much lower to begin with—threatening to compound the dangerous divergence among countries. « » this dynamic toolkit everywhere. Going forward, enhanced coordination between G20 finance and health ministries is essential to increasing resilience—both to potential new SARS-CoV-2 variants, and future pandemics that could pose systemic risks. Ending the pandemic willalso help address the scars from economic long-COVID. Think of the profound disruptions in many businesses and labor markets. And think of the cost to students worldwide, estimated atup to $17 trillion over their lives due to learning losses, lower productivity, and employment disruptions. School closures have been especially acute for students in emerging economies where educational attainment was much lower to begin with— threatening to compound the dangerous divergence among countries. What can be done ? Strong policy action. Scalingup social spending, reskilling programs, remedial training for teachers and tutoring for students will help economies get back on track and build resilience to future health and economic challenges. Second, countries need to navigate the monetary tightening cycle While there is significant differentiation across economies and high uncertainty going forward, inflation pressures have been building in many countries, calling for a withdrawal of monetary accommodation where necessary. Going forward, it is important to calibrate policies to country circumstances. It means withdrawal of monetary accommodation in countries such as the U.S. and the United Kingdom, where labor markets are tight and inflation expectations are rising. Others, including the euro area, can afford to act more slowly, especially if the rise in inflation relates largely to energy prices. But they, too, should be ready to act if economic data warrants a faster policy pivot. Of course, clear communication of any shift remains essential to safeguard financial stability at home and abroad. Some emerging and developing economies have already been forced to combat inflation by raising interest rates. And the policy pivot in advanced economies may require additional tightening across a wider range of nations. This would sharpen the already difficult trade-off countries face in taming inflation while supporting growth and employment. So far, global financial conditions have remained relatively favorable, partly because of negative real interest rates in most G20 countries. But if these financial conditions tighten suddenly, emerging and developing countries must be ready for potential capital flow reversals. To prepare for this, borrowers should extend debt maturities where feasible now, while containing a further buildup of foreign currency debts. When shocks do come, flexible exchange rates are important for absorbing them, in most cases, but they are not the only tool available. In the event of high volatility, foreign exchange interventions may be appropriate, as Indonesia successfully did in 2020. Capital flow management measures may also be sensible in times of economic or 7 Cont’d on page 8

1 2-3 4-5 6-7 8-9 10

Autres parutions de ce magazine  voir tous les numéros

Liens vers cette page
Couverture seule :

Couverture avec texte parution au-dessus :

Couverture avec texte parution en dessous :