The importance of strong data protection policies cannot be understated. In the absence of strong, proactive legislation, internet users around the world remain vulnerable to intentional attacks on their privacy and unintentional breaches that put them at risk.
Internews’ Advocating for Data Accountability, Protection, and Transparency (ADAPT) project is building a coordinated advocacy effort to promote rights-respecting privacy policies and help internet users understand what protections currently exist to keep their data, and themselves, safe online.
Even in countries that have recently passed data protection legislation, it is important that individuals, private companies, and government have a strong understanding of how the law will be enforced, who will provide oversight, and how it will impact everyday internet users. ADAPT will regularly publish blog posts, podcasts, and other content that simplifies and highlights each stage of the legislative lifecycle.
Data protection laws and regulations are complex and evolving. ADAPT equips traditional internet rights advocates with the legal resources and expertise to conduct informed and effective campaigns promoting rights-respecting privacy policies in their respective countries.
ADAPT’s consortium partners are working on privacy advocacy and data protection legislation in six countries in Africa and Latin America. Data protection regulations vary widely across these countries, with some only just beginning to advocate around data rights while other countries have drafted or passed legislation. As a result, ADAPT is identifying and building strategies for each stage of the advocacy lifecycle, and working with consortium partners to engage in collaboration and information sharing across countries and regions. Learn more about the state of data protection in the six target countries here.
Bolivia does not have a personal data protection law, but its constitution does recognize the right to privacy. The laws that currently exist governing issues of privacy and data constitute a scattered and incomplete regulatory framework. A summary of the state of privacy and personal data legislation in the country can be found here [Spanish]. Draft data protection legislation has been introduced to the Bolivian lower chamber and is awaiting further review and consultation.
The Brazilian General Data Protection Legislation (LGPD), drafted in 2018 and effective as of February of 2020, is in its early stages of implementation. To oversee enforcement, Brazil’s former president established the Data Protection Authority (DPA), tasked with operationalizing the nascent legislation. In these early stages, advocacy efforts in the country are focused on ensuring the DPA maintains consultation with civil society and human rights groups in developing good guidelines and regulations, staffs its ranks with respected experts, and establishes independence from the federal government as it begins enforcing sanctions this year.
Ecuador enacted the Ley Orgánica de Protección de Datos Personales de Ecuador (Law for the Protection of Personal Data in Ecuador) or the LOPD in May of 2021. The scope of the Law includes both the public and private sectors. It has a broad scope and guarantees a framework for natural persons, reaching economic sectors and authorities, with certain exceptions. In addition, it safeguards the protection of fundamental data by establishing obligations that regulate the adequate treatment of data, including tools such as the notification of data breaches and the appointment of data protection delegates.
Ethiopia has no specific legislation on data protection, and the issue is relatively new to public discourse in the country. Civil society efforts are currently focused on promoting greater awareness around personal data protection issues and getting in at the ground level to ultimately propose draft legislation.
In 2019 Kenyan lawmakers passed the Kenya Data Protection Act, a robust legal framework that sought to modernize the countries legislation around the use of personal data. Other related laws include the Data Protection Policy (2019), ICT Policy (2019) and a handful of older legislation governing information, communications, and cybercrimes. Despite the country’s relative success in passing data protection legislation, oversight and enforcement remain weak, and a lack of funding and awareness have hindered implementation.
The Nigerian Data Protection Regulations (NDPR) was passed in 2019. Two additional bills (the Data Protection Bill and the Digital Rights and Freedoms Bill) are currently being debated, however, that would add to the landmark legislation. The concept of data protection is still relatively new to Nigeria, though, and civil society efforts aim now to educate policymakers and the public to help guide enforcement and implementation.
Officially founded in 2018, Internet Bolivia brought together an existing community of individuals that had for years been working to advance human rights on and offline with the goal of specifically addressing the issue of digital rights in Bolivia. Internet Bolivia is currently the only NGO in Bolivia working on digital rights and data protection and pursuing reforms at the local, regional, and national level. Their work on data protection includes an initiative under Internews’ iREV project to develop websites and infographics focused on data protection as part of their awareness raising campaign aimed at civil society. They have also worked directly with the government to provide their inputs to the data protection law and have worked with AccessNow on a data protection report.