- Chris Bosire (Tech Policy Fellow- Lawyers Hub)
- April 19, 2022
- Use of Artificial Intelligence in Data Protection Regimes in Africa
Data is increasingly receiving legislative attention in Africa, due to increased use of digital technologies involved in the processing of large volumes of both sensitive data and personal data. This calls for a level of innovation in seeking compliance with national legislation in order to comply with internationally accepted standards of data protection.
Data protection legislation in Kenya (the 2019 Data Protection Act and the 2021 Data Protection (General) Regulations), Uganda, Rwanda and other African countries adopts data protection by design and default as a fundamental principle of data protection (See the Data Protection in Africa: A Look at OGP Member Progress). This is an indication that in product design and data processing activities, data controllers and data processors must take into consideration prior factors to ensure enhanced safeguards for the right to privacy (See Section 41 of the 2019 Data Protection Act, Kenya).
However, the adopted laws do not make specific reference to devices or mechanisms to be adopted by controllers and processors to implement data protection by default and design. Nevertheless, States have enacted specific Regulations aimed at providing practical measures to enforce the right to privacy. For instance in 2021, Kenya enacted the Data Protection Regulations.
Moreover, to achieve compliance, Organizations have been responsive to the developments in law, hence start-ups, founders and techno-creatives have explored the use of modern technologies in eliminating the human factor in data processing. This is especially for both bulk and sensitive data processing activities. In doing so, the use of Artificial Intelligence (AI) is gaining momentum.
Generally, there is a need to leverage on developments in technology and digital products to achieve optimal results. If so, how then can African Countries proliferate the use of Artificial Intelligence (AI) as a tool for data protection? This blog article seeks to explore this significantly critical question.
A number of countries, however, have included provisions in their Data Protection legislations that recognize AI as a tool for data protection. It is now common ground that technology has a role to play in compliance with data protection standards in Africa. Section 35 of Kenya’s Data Protection Act 2019, for instance, has express provisions requiring dual factor authentication, as a safeguard against automated individual decision making in relation to data subjects. This is due to the need to subject decisions to human intervention, in the provision of services to persons. The European Union (EU) General Data Protection Regulation (GDPR) also reiterates AI-based decisions on individuals, particularly those related to automated decision making and profiling (See Article 22 of GDPR).
In light of this restriction against use of technology solely as a primary factor in processing personal data, there is a need to consider the effect of AI on data protection regimes in Africa. This is so, especially because most of the resources required in deploying AI systems are uniquely designed to operate in other jurisdictions and fair to say as a continent, we are fast playing catch up, and at an impressive speed (See this publication Artificial Intelligence for Africa: An Opportunity for Growth, Development, and Democratisation). In this blog post, therefore, I focus on how AI can be employed in data protection efforts in Africa.
Why Artificial Intelligence?
AI refers to systems that display intelligent behaviour by analysing their environment and taking actions, with some degree of autonomy, to achieve specific goals (See Communication: Artificial Intelligence for Europe). Briefly, according to HLEG Report on Ethics Guidelines for Trustworthy AI, AI is associated with computer or digital systems capable of learning and executing human functions, including visual perception, speech recognition, and other forms of decision-making.
AI is predominantly used in the financial sector, and is growing into other sectors, such as in the creative industry. In the legal sector, organizations have adopted AI in execution of routine tasks such as drafting of agreements; offering non-complex legal opinions; automated disclaimers and such other day to day interactions (See Artificial Intelligence in the Legal Field and the Indispensable Human Element Legal Ethics Demands). This carries the effect of making practice of the law flexible and digitized. The implications have been that lawyers have had to change the conventional way of practice to adapt with developments in technology as a result of AI applications and software.
It follows that in designing compliance programs for data processors and controllers, developers should put into account the requirement for data protection by design and default, leading to adoption of AI as a preferred model of executing the principle.
Subsequently, organizations can adopt AI technology as a tool for enhancing security of information through aspects such as internal data privacy, cybersecurity programmes, endpoint security for information systems and detection and protection against malware attacks.
Generally, cybersecurity is an aspect of organizations susceptible to unauthorized access of personal data. Use of technology to identify and prevent such access is a way to ensure start-ups in Africa guarantee data protection by design and default.
Moreover, Use of AI tools can solve challenges such as spamming and infrastructure compromise through hacks. This in turn helps the organization focus on other areas of vulnerability (See Artificial Intelligence and the GDPR: Inevitable Nemeses?
This blog article recommends the adoption of AI systems in African states, especially for organizations engaging in bulk data processing to enhance data protection practices. The right to privacy as a digital right in the digital era requires enforcement through use of digital technologies such as AI. There are benefits to be harnessed from the use of AI as stated above. African states should therefore develop laws sensitive to developments in technology, such as laws on the use of AI systems in different sectors.