Ethiopia’s legislative landscape experienced a significant development with the recent approval of the Personal Data Protection Proclamation (PDPP) by the House of Peoples’ Representatives.

17 April 24

Whilst it is true that the data-driven digital world has brought highly beneficial uses, it also carries very significant risks for potential breach of citizen’s rights unless sufficient legal protections are put in place. Cognisant of these challenges, many countries have adopted comprehensive data protection laws that establish the required safeguarding measures and ensure protection of applicable legal standards.

Ethiopia did not have a comprehensive data protection law. The data protection rules were scattered in various legislations. The primary legislation that lays the foundation for data protection rules is the Constitution of the Federal Democratic Republic of Ethiopia. The Constitution recognises the right to privacy and inviolability of the correspondences of individuals. The Ethiopian Civil Code also provides certain privacy rights none of which specifically addresses data protection. Both laws offer overarching protections for the right to privacy. Additionally, certain specific legislations in various domains, such as the Computer Crimes Proclamation No. 958/2016, Freedom of Mass Media and Access to Information Proclamation No. 590/2008, Financial Consumers Protection Directive FCP-01-2020, and Telecommunications Consumer Rights Directive No. 3-2020, provide rules on data protection within their respective scopes.

As technology evolves and the use of personal information by third parties increases, the right to privacy should be expanded to include the types of data to be collected from citizens, the data collection process, data processing requirements, data transfer procedures, and data erasure obligations. This requires a comprehensive personal data protection law. The establishment of the national digital identification system introduced as part of the implementation of the recent Ethiopia Digital Identification Proclamation also necessitates a robust data protection system to safeguard personal data and foster trust in data owners. Aligning Ethiopian standards with international best practices is also one of the main objectives of having a comprehensive law dealing with the protection of personal data. The European General Data Protection Regulation (GDPR) had provided a standard for over a hundred jurisdictions across the globe to use it as a resource to regulate the sector. Ethiopia is no exception in this respect.

Discover the key elements of the approved PDPP and its impacts on business organisations. Click here to download and read the full article.