The African Continental Free Trade Area Agreement Vis-A-Vis Data Protection Concerns -By Oyetola Muyiwa Atoyebi & Efe Iseghohime

INTRODUCTION

Trade relationship is not alien to humans, as it has been ingrained into our daily activities over time. This ranges from petty trade in goods and services to grand-scale cross-border trade. Specifically, the success or failure of cross-border trade relies on the liberty allowed or barriers encountered in the course of conveying goods and services traded upon.

It is on this premise that experts have decried the low intercontinental trade activity obtainable in Africa in contrast to other continents. As a creative solution to remedy the problem of barriers, the Africa Continental Free Trade Agreement was introduced to provide a symbiotic relationship across African countries and reduce obstacles encountered in the course of trade.

Following the integration of digital technology in trade, there is a need to provide for Data Protection and Privacy for the parties involved. However, the provisions under the agreement remain insufficient and not clearly defined.

This article addresses the objectives of the African Continental Free Trade Area Agreement in relation to its data protection concerns. Additionally, this article aims to provide a venue for criticism on how insufficient the African Continental Free Trade Area Agreement’s data protection safeguards are and also suggests recommendations for improvement.

History and Objectiveof the African Continental Free Trade Area (AfCFTA)

The African Continental Free Trade Area (AfCFTA) agreement was signed by 44 African Union (AU) states on March 21, 2018, in Kigali, Rwanda. The trade agreement was brokered by the AU with the intention to “accelerate the political and socio-economic integration of the continent”. ^[1]

During the 2012 African Union Summit held in Addis Ababa, the AU members agreed to create a new continent free trade area by 2017.

In 2015, another AU summit was held in Johannesburg, South Africa. During this summit, an agreement was made to commence negotiations. This laid the foundation for ten negotiating sessions which took place over the period of three years, until the agreement was signed in 2018 during the negotiating summit held in Kigali, Rwanda.

However, the AfCFTA didn’t come into force until May 30, 2019, when it was ratified by 22 states. This brought to life, the largest free trade area in the world since the creation of the World Trade Organization in 1994. Nigeria signed the trade agreement in 2019, but legislative steps have not yet been made to domesticate the agreement.[2]

As captured under Article 3 of the Agreement, the main objective of the trade agreement is to create a free trade area in Africa and a continental market for business persons, goods and services. Its goal is to foster trade unity among member states leading to the overall growth of the African economy. It is expected to increase the competitiveness of the African economy and it requires member states to eliminate/reduce tariffs, liberalize trade in services and cooperate on investments, competition policies etc.^[3]

What is Data Protection?

According to European Union (EU), Data protection involves protecting any data relating to an identified or identifiable natural (living) person (“data subject”), including names, dates of birth, photographs, video footage, email addresses and telephone numbers; it aims to ensure the fair processing (collection, use, storage) of personal data by both the public and private sectors. In essence, Data protection is the process of safeguarding important data from corruption, compromise or loss and providing the capability to restore the data to a functional state should something happen to render the data inaccessible or unusable. [4]

Data protection spans three broad categories, namely, traditional data protection, data security, and data privacy.

Data protection principles help protect data and make it available under any circumstances. These principles include lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability[5].

Data Protection under the AFCFTA

McKinsey in its report on Africa business growth, noted that Africa has over 400 million internet users with Nigeria being the second largest behind China. The implication of this is that there are a vast amount of e-commercial activities occurring in the continent. For every trade possibility AfCFTA brings, there are lots of considerations to be given to what would happen to the data submitted by customers to international trading counterparts.

In the first quarter of 2017, Forbes predicted that the data market will surpass USD 200 billion by the end of 2020. This implies that the economy especially the digital economy, relies heavily on data flow as it relates to communication and financial services. It is germane to consider that no country wants to give another country unfettered/unregulated access to its data. Invariably, data issues have become a matter of dispute for sovereign states.

Significantly, a large number of African countries are yet to develop data protection laws that align with international best practices. This legislative gap is reflected in the bigger stage, which is in the AfCFTA. Thus, although the AfCFTA promises free flow of services and information possible, questions are raised as to how information is protected.

For member states to benefit fully from the digital economy aspect of international trade, they must recognize the fact that data is power and create effective regimes for data protection.

One major effort made by Africa in creating a regional data protection  regime is the  African Union Convention on Cyber Security and Personal  Data.

Compared to the data protection regimes contained in the free trade agreements of other regions, this provision is constructed in loose and ambiguous language which does not do enough for data protection. It merely allows state parties to adopt measures necessary to comply with their national data laws.

On the other hand, The African Union Convention on Cyber Security and Personal Data Protection (also The Malabo Convention) 2014 provides a comprehensive document covering electronic transactions, privacy and cybersecurity.  Unfortunately, till date, the Malabo Convention has been signed by only 14 states and ratified by five countries out of 55 member states. This further emphasizes the fact that the data protection needs of the AfCFTA must be enshrined in the Agreement or annexed with it, to function effectively.^[6]

Data Protection Concerns Under the AfCFTA

One of the projected implications of the growth in intra-African trade spurred by the AfCFTA is increased data transfers across member countries^[7].  Yet, the agreement fails to establish a robust data protection regime, to protect personal data in the exchange of goods and services in the emerging African digital economy.

The advancement of digital technologies and the increased adoption of internet-based platforms have given rise to dynamism in the way and manner governments, businesses and individuals operate. Regardless of its advantages, there is a need to recognize the risks and challenges in preserving the integrity of information systems and data resources, as anyone with a digital device has the ability to gather and share information across borders. To add salt to injury, most African countries have no data protection laws as a considerable number of African countries are yet to have any substantial form of legislation on data protection, and as a result, Africa has the least data governance rules. Without any doubt, this will make the exchange of personal data between these countries susceptible to abuse, handled unprofessionally, pose a security risk, and even a challenge to the reduction of trade barriers under the AfCFTA.

Conversely, the Heads of State and Government of the African Union in their decisions Assembly/AU/4(XXXIII)of 10 February 2020 and Ext/Assembly/AU/Decl.1(XII) of 5 January 2021, mandated negotiations for an E-commerce Protocol to the African Continental Free Trade Area^[8].  E-commerce activities have their flow tied to personal data exchange between the different contracting parties across the given territories. It then becomes imperative for countries to take active steps in protecting the integrity of their national data and security, and preserving citizens’ rights to retain control over their personal information and national competitive advantage.

The absence of a data protection regulation can be generally disadvantageous to market activities and outcomes, defeating the purpose of a free trade agreement. Hence, the need to address data governance issues when negotiating trade agreements to ensure fairness and non-discriminatory treatment.

In light of these realities, it, therefore, becomes imperative for the AfCFTA to provide a guiding framework for the governance of data flows. The AfCFTA has the potential to expand e-commerce as internet and mobile phone penetration across Africa has been tremendous. With E-commerce, boosting Intra African trade and achieving the main objective of the AfCFTA will be made easier.

Recommendation/Conclusion

It is highly recommended at this point that the Agreement should include data protection provisions or guidelines that would automatically bind all the signatories to it.  While incorporating data protection provisions in AfCFTA, a thorough consideration should be given to the following in addressing data governance issues under the agreement[9]:

1. Definition, scope and the continental stance on data governance.
2. Guidelines for promoting secure, smooth operation of transnational data flows.
3. Minimum requirements for the ethical use of data.
4. Synchronized laws against cybercrime, report evaluation, and intelligence sharing.
5. Online consumer protection guidelines.
6. Guidelines for data security, protection and privacy.
7. Rules governing access to publicly available government information.
8. Handling digital identity management.
9. Sanction or fine for a breach or default.

AUTHOR: Oyetola Muyiwa Atoyebi, SAN, FCIArb. (UK).

Mr. Oyetola Muyiwa Atoyebi, SAN is the Managing Partner of O. M. Atoyebi, S.A.N & Partners (OMAPLEX Law Firm) where he also doubles as the Team Lead of the Firm’s Emerging Areas of Law Practice.

Mr. Atoyebi has expertise in and a vast knowledge of Data Protection and Data Privacy Lawand this has seen him advise and represent his vast clientele in a myriad of high level transactions.  He holds the honour of being the youngest lawyer in Nigeria’s history to be conferred with the rank of a Senior Advocate of Nigeria.

He can be reached at atoyebi@omaplex.com.ng

CONTRIBUTOR: Efe Iseghohime.

Efe is amember of the Corporate and Commercial Team at OMAPLEX Law Firm. She also holds commendable legal expertise in International Trade.

She can be reached at efe.iseghohime@omaplex.com.ng.

^[1] The Constitutive Act of the African Union 2001

[2]See Section 12 of the Constitution of the Federal Republic of Nigeria 1999 (as amended)

^[3]General Objectives, Article 3 of the Agreement Establishing the African Continental Free Trade Area

[4]Paul Crocetti, Stacey Peterston, Kim Hefner, “Data Protection and Why it is Important”<https://www.techtarget.com/searchdatabackup/definition/data-protection>Accessed on 20^th August 2022

[5]  Article 5 of UK General Data Protection Regulation

^[6]SolagbadeSogbetun and Ibrahim Moshood, ‘The Impact of Data Protection Rules on the Digital Economy Aspect of the Afrcan Continental Free Trade Agreement (AfCFTA)’ (2022) https://www.alp.company/resources/business-advisory/impact-data-protection-rules-digital-economy-aspect-african-continental Date Accessed: 21 August, 2022

^[7] Article 4 of the AfCFTA Agreement; Article 6 of the Protocol on Trade in Services.

^[8] SET “Digital Trade Provisions in the AfCFTA : what can we learn from he south-south agreement” available at <https://set.odi.org/digital-trade-provisions-in-the-afcfta-what-can-we-learn-from-south-south-trade-agreements/ Date Accessed 20 Aug., 2022

[9]Israel Olawunmi, ‘The African Continental Free Trade Area Agreement Vis-À-Vis Its Data Protection Concerns'(October, 2021) BNL Legal & Style, available at https://dnllegalandstyle.com/2021/the-african-continental-free-trade-area-agreement-vis-a-vis-its-data-protection-concerns/ Date Accessed: 20th August, 2022.