Law: There is no general data protection law.

Regulator: There is no general data protection authority.

Summary: On April 4, 2024, the Ethiopian House of Peoples Representatives announced via Facebook that the Parliament of Ethiopia had approved Proclamation No. 1321/2016 on the Personal Data Protection Bill (the Bill). If enacted, the Bill will provide for data subject rights, principles of data processing, and establish an independent supervisory authority. Furthermore, the Bill places restrictions on data transfers to a third-party jurisdiction, as well as requirements to appoint a data protection officer, report data breaches, and perform a data protection impact assessment (DPIA).

Several existing laws and regulations address aspects of data privacy. These include the Constitution of the Federal Democratic Republic of Ethiopia 1995 which establishes a right to privacy, laws regulating the financial sector, and sanctions for violations of certain privacy-related provisions. These laws and regulations have mandated powers to various authorities for the protection of privacy such as the Communication Services Proclamation No. 1072/2018 which establishes the Ethiopian Communication Authority to promote data privacy.