Processing Personal Data in Relation to the COVID-19 Pandemic: A Quick Look Across the African Continent

Processing Personal Data in Relation to the COVID-19 Pandemic: A Quick Look Across the African Continent

Processing Personal Data in Relation to the COVID-19 Pandemic: A Quick Look Across the African Continent
1.                  Introduction

The outbreak of the COVID-19 pandemic has had (and continues to have) varying impacts on  sectors of the global economy and the practice of law falls squarely within this space. Various fields of law pertaining to contractual relationships,[1] employment,[2] trade,[3] data protection, etc. have been expressly impacted by the COVID-19 pandemic. This article focuses on the impact of the COVID-19 pandemic from a data protection perspective. Personal data processing is a very powerful tool in the prevention and control of the COVID-19 pandemic. This is because activities such as the collection of travel data,[4] measurement of body temperatures,[5] identification and tracking of infected persons, etc. which are necessary for the control of the pandemic all amount to personal data processing activities. In fact, sensitive personal data[6] particularly health data is processed in a lot of cases.

The aim of the article is to examine the legal requirements which ought to be complied with in processing personal data for purposes relating to the COVID-19 pandemic across the African continent. To achieve this purpose, specific references will be made to the data protection laws of Nigeria, Kenya and the African Union (AU). The Nigerian Data Protection Regulation (NDPR) is the most comprehensive legal instrument regulating data protection law in Nigeria and will be the base Nigerian data protection legislation to be considered in this article.[7] In Kenya, the Kenyan data protection Act (KDPA)[8] came into force in 2019 and is the extant law on data protection in Kenya. The KDPA will also be referenced in this article as may be appropriate. The African Union Convention on Cybersecurity and Personal Data Protection (AUCCPDP)[9] will also be referenced as the relevant AU law for the purpose of this article. Using the NDPR, the KDPA and the AUCCPDP as legislative references, this article seeks to highlight the specific requirements of data protection law which ought to be complied with as well as instances of specific applicability in a COVID-19 personal data processing scenario.

Read the full article here: Processing Personal Data in Relation to the COVID-19 Pandemic – A Quick Look Across the African Continent