Support Centre

African Bodies


Law: Supplementary Act A/SA. 1/01/10 on Personal Data Protection within ECOWAS ('the Act'), in relation to the Economic Community of West African States ('ECOWAS').

The African Union Convention on Cyber Security and Personal Data Protection ('the Convention'), in relation to the African Union ('AU').

Regulator: There is no general personal data protection regulator applicable across African Bodies, although both the Act and the Convention provide for the establishment of a data protection authority.

Summary: ECOWAS is a 15-member regional group aimed at promoting economic integration in several fields of activity among the constituent countries. In 2010, ECOWAS adopted the Act, with the purpose of tackling personal data protection by encouraging Member States to adopt harmonised data protection regulatory frameworks, which mirrored, to a degree, the European Union's former Data Protection Directive (Directive 95/46/EC). The Act further outlines the basic principles guiding the processing of personal data, and establishes consent as the primary legal basis.

The AU is a continental body consisting of the 55 Member States corresponding to the countries of the African continent, and it was established with the purpose of, among other things, enhancing the political and socio-economic integration. The Convention, adopted in 2014, aims at setting forth a normative framework including rules establishing that Member States must commit themselves to the creation of a legal framework protecting personal data, enabling at the same time the free flow of information. As yet, there are only 14 signatories to the Convention of which only 5 jurisdictions have ratified.


In this Insight article, Magda Cocco, Partner, Inês Antas de Barros, Partner, Isabel Ornelas, Managing Associate, and Maria de Lurdes Gonçalves, Managing Associate, from Vieira de Almeida & Associados, delve into the significance of the Malabo Convention on Cyber Security and Personal Data Protection (the Malabo Convention), exploring its impact on Africa's data protection and cybersecurity landscape and the challenges and opportunities it presents for member states and businesses.