![Sample our Humanities journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5939/TOC-Subject-Sample-2021-Humanities.jpg"})
ABSTRACT
It is now widely recognised that the unregulated processing of personal information has had a significant impact on key human rights like privacy, dignity, integrity, personality and autonomy. However, while other regions of the world have taken concerted action to protect the personal rights of individuals by adopting data protection instruments, Africa has generally lagged behind. This is so in spite of the steady growth in access to and usage of ICT and the internet which has facilitated the exploitation of individuals’ personal information with the attendant risk of infringement of their rights. An important step to change this situation was taken when African leaders in June 2014, agreed to a landmark Convention on data protection. This Convention has provoked mixed reactions from stakeholders and privacy advocates. While some are sceptical as to the effectiveness of this Convention, others have welcomed it as a cause for celebration of human rights on the continent. This paper assesses the potential impact this Convention will have on the protection of individual's personal data.
Acknowledgements
This article was originally presented at the 7th International Conference on Information Law and Ethics (ICIL) that was held at the University of Pretoria, South Africa on 22–23 February 2016. We thank the conference organisers and participants. We also thank the reviewers for the insightful comments. All errors, however, remain ours.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes on contributors
Lukman Adebisi Abdulrauf is an academic associate in the Centre for Human Rights, University of Pretoria, South Africa where he recently completed his doctorate (LL.D). He is also a lecturer at the Department of Public Law, University of Ilorin, Nigeria. Dr Abdulrauf's research and teaching interests are privacy and data protection law, human rights issues in advances in ICT and criminal law.
Charles Manga Fombad is a professor of law and heads the constitutional law unit at the Institute for International and Comparative Law in Africa (ICLA) of the Faculty of Law, University of Pretoria. His research interests are in comparative African constitutional law, media law, the African Union and legal history, especially issues of legal harmonisation.
Notes
1 David Sloss, ‘Non-self-executing Treaties: Exposing A Constitutional Fallacy’ (2002) 36(1) UC Davis Law Review 1, 3.
2 Anneliese Roos, ‘Data Protection’ in D Van der Merwe and others, Information and Communications Technology Law (The African Union 2008) 313, 1–39; J Neethling and others, Law of Personality (LexisNexis 2005) 267.
3 African Union Convention on Cyber Security and Personal Data Protection EX.CL/846(XXV) <http://pages.au.int/sites/default/files/en_AU%20Convention%20on%20CyberSecurity%20Pers%20Data%20Protec%20AUCyC%20adopted%20Malabo.pdf>
4 Especially in Europe. See generally GG Fuster, The Emergence of Personal Data As A Fundamental Right of the EU (Springer 2014). See also Orla Lynskey, ‘Deconstructing Data Protection: The “Added Value” of a Right to Data Protection in the EU Legal Order’ (2014) 63(3) International and Comparative Law Quarterly 569.
5 For example, Monika Zalnieriute, ‘An International Constitutional Moment For Data Privacy in the Times of Mass-Surveillance’ (2015) 23(2) International Journal of Law and Information Technology 99.
6 Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, ETS No 108 <http://conventions.coe.int/Treaty/en/Treaties/html/108.htm>
7 The Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals With Regard To the Processing of Personal Data and on the Free Movement of Such Data <http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:31995L0046> (hereafter ‘the EU Directive’).
8 Paul De Hert and Vagelis Papakonstantinou, ‘Three Scenarios for International Governance of Data Privacy: Towards an International Data Privacy Organization, Preferably a UN Agency?’ (2013) 9(2) I/S: A Journal of Law and Policy 271, 278.
9 Indeed, this is so because the CoE Convention has allowed non-member states to accede to it. See Christopher Kuner, ‘An International Legal Framework for Data Protection: Issues and Prospects' (2009) 25 Computer Law & Security Review 307, 313.
10 The concept of ‘information society’ is an elusive concept without a precise meaning or definition. According to Hamelink, the concept of information society ‘refers to the growing significance of information products (such as news, advertising, entertainment and scientific data) and information services (such as provided by the World Wide Web); the increasing volumes of information generated, collected, stored and made available; the essential role of information technology as the backbone of many social services and as the engine of economic productivity; and the input of information processing into transactions in trading and finance’: CJ Hamelink, ‘Human Rights For The Information Society’ in Bruce Girard and Seán Ó Siochrú, Communicating in the Information Society (United Nations Research Institute for Social Development 2003) 122.
11 See initiatives like the African Information Society Initiative (AISI) and the Regional Action Plan on the Knowledge Economy (ARAPKE) both specifically mentioned in the AU Convention
12 United Nations Economic Commission for Africa (UNECA), Africa's Information Society Initiative: An Action Framework to Build Africa's Information and communication Infrastructure <www.uneca.org/cfm1996/pages/africas-information-society-initiative-action-framework-build-africas-information-and> (accessed 26 January 2016).
13 For example, Nsongurua J. Udombana, ‘The Information Society, Poverty and Development: An African Perspective’ (2005) 18(1) Revue québécoise de droit international 75, 77. Unfortunately, the digital divide, which is ‘the unequal access to ICTs by various communities', is a major obstacle to a credible information society in Africa. See also UNECA (n 12).
14 Nick Moore ‘The Information Society’ in Y Courrier (ed) World Information (1997) 271 UNESCO Publications (although she referred to three characteristic of an information society).
15 Eric Tamarkin ‘The AU's Cybercrime Response: A Positive Start, But Substantial Challenges Ahead’ (2015) 73 Policy Brief 1 <www.issafrica.org/uploads/PolBrief73_cybercrime.pdf>
16 Internet World Stats, ‘Internet Users in the World by Regions November 2015’ <www.internetworldstats.com/stats.htm>
17 Ibid.
18 See generally Andrew Harris and others, ‘Privacy and Security Concerns Associated With Mobile Money Application in Africa’ (2013) 8 Washington Journal of Law, Technology & Arts 245.
19 Tamarkin (n 15).
20 AU, ‘INFOSOC: Division of Information Society’, <http://pages.au.int/infosoc/cybersecurity>
21 David Banisar, ‘Linking ICTs, the Right To Privacy, Freedom Of Expression and Access To Information’ (2010) 16(1) East African Journal of Peace & Human Rights 124, 126.
22 Ibid.
23 Jesse Oguntimehin, ‘Implications of Nigeria's National ID card’, iAfrikan <www.iafrikan.com/2014/09/30/nigeria-national-id-card/#sthash.aDBRkrnA.dpuf> (accessed 30 September 2014).
24 Alex Boniface Makulilo ‘Privacy and Data Protection in Africa: A State Of The Art’ (2012) 2(3) International Data Privacy Law 163, 173–74.
25 Ibid.
26 See Banisar (n 21) 129.
27 Ogala Emmanuel, ‘EXCLUSIVE: Jonathan Awards $40 Million Contract to Israeli Company to Monitor Computer, Internet Communication by Nigerians' Premium Times, 25 April 2013, http://www.premiumtimesng.com/news/131249-exclusive-jonathan-awards-40million-contract-to-israeli-company-to-monitor-computer-internet-communication-by-nigerians.html
28 See AU Convention, preamble.
29 Frans Viljoen, International Human Rights Law in Africa (Oxford University Press, 2nd edn 2012) 482.
30 As Viljoen argues, ‘there is an obvious link between one of the main objectives of regional integration-improving the welfare of the people in the participating countries and the realization of socio-economic rights’: ibid.
31 Although, the AU currently recognises only eight RECs.
32 Alex Boniface Makulilo, ‘Myth and Reality of Harmonisation of Data Privacy Policies in Africa’ (2015) 31 Computer Law & Security Review 78, 82.
33 Adopted 16 february 2010. ECOWAS Supplementary Act <www.ecowas.int/publications/en/actes_add_telecoms/SIGNED-Personal_Data.pdf>
34 Lee A. Bygrave, Data Privacy Law: An International Perspective (Oxford University Press 2014) 80.
35 Graham Greenleaf, ‘Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories' (2014) 23(1) Journal of Law, Information and Science 8, 22.
36 See ECOWAS Supplementary Act, art 48.
37 Makulilo, ‘Myth and Reality’ (n 32) 83.
38 Graham Greenleaf and Marie Georges, ‘African Regional Privacy Instruments: Their Effects on Harmonization’ (2014) 132 Privacy Laws and Business International Report 19.
39 Makulilo, ‘Myth and Reality’ (n 32) 87.
40 Draft EAC Legal framework for Cyberlaws (2008) <www.eac.int/index.php?option=com_docman&task=doc_view&gid=632&Itemid=148>; Framework for Cyberlaws, Phase II (UNCTAD, 2011) <http://r0.unctad.org/ecommerce/docs/EAC_Framework_PhaseII.pdf>
41 Draft EAC Legal framework for Cyberlaws (n 40) 3.
42 Ibid.
43 Ibid, 17.
44 Makulilo, ‘Myth and Reality’ (n 32) 84.
45 Data Protection: Southern African Development Community (SADC) Model law <www.itu.int/en/ITU-D/Projects/ITU-EC-ACP/HIPSSA/Documents/FINAL%20DOCUMENTS/FINAL%20DOCS%20ENGLISH/sadc_model_law_data_protection.pdf>
46 Ibid, 3.
47 See Greenleaf and Georges, ‘African Regional Privacy Instruments' (n 38).
48 Bygrave, Data Privacy Law (n 34) 80.
49 Graham Greenleaf and Marie Georges ‘The African Union's Data Protection Convention: A Major Step Toward Global Consistency?’ (2014) 131 Privacy Laws & Business International Report 18–21 also available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2546652
50 See generally Kuner, ‘An International Legal Framework’ (n 9) 307. Christopher Kuner, ‘The European Union and the Search For an International Data Protection Framework’ (2014) 2(1) Groningen Journal of International Law 55.
51 Viljoen (n 29) 152.
52 Ibid, 165.
53 Graham Greenleaf and Marie Georges ‘The African Union's Data Protection Convention: A Major Step Toward Global Consistency?’ (2014) 131 Privacy Laws & Business International Report 18–21.
54 See AU, ‘Draft African Union Convention on the Establishment of a Credible Legal Framework for Cyber Security in Africa’ <http://au.int/en/cyberlegislation> (accessed 27 January 2016).
55 Ibid.
56 EP Kenyanito, ‘Africa Moves Towards A Common Cyber Security Legal Framework’, Access now < www.accessnow.org/africa-moves-towards-a-common-cyber-security-legal-framework/> (accessed 2 June 2014).
57 Ibid.
58 ‘Mixed Feedback on the “African Union Convention on Cyber Security and Personal Data Protection”’, NATO Cooperative Cyber Defence Centre of Excellence CCDCOE <https://ccdcoe.org/mixed-feedback-african-union-convention-cyber-security-and-personal-data-protection.html> (accessed 20 February 2015).
59 AU Convention, art 8(1).
60 AU Convention, art 8(2).
61 CoE Convention, art 1. See also Consultative Committee (T-PD), ‘Modernisation of Convention 108: Final Document T-PD (2012)’ <www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/T-PD(2012)04Rev4_E_Convention%20108%20modernised%20version.pdf>
62 Commentary on the Provisions of the Convention in ‘Data Protection: Compilation of Council of Europe Texts' <www.coe.int/t/dghl/standardsetting/dataprotection/dataprotcompil_en.pdf>, 22
63 Ibid.
64 Indeed, the Constitution of the Federal Republic of Nigeria, for example, has been described as being discriminatory as its Bill of Rights is only applicable to Nigeria citizens: Ayo Kusamotu, ‘Privacy Law and Technology in Nigeria: The Legal Framework Will Not Meet the Test of Adequacy as Mandated by Article 25 of European Union Directive 95/46’ (2007) 16(2) Information & Communications Technology Law 149, 154.
65 Bygrave, Data Privacy Law (n 34) 119. In fact, Bygrave notes that ‘in some respects, data privacy canvasses more than what are typically regarded as privacy concerns’.
66 See for example the Proposal for a Regulation of the European Parliament and of the Council on the Protection of individuals with regard to the processing of personal data and on the free movement of such data (‘draft EU Regulation’) which provides in art ((2) that ‘This Regulation protects the fundamental rights and freedoms of natural persons, and in particular their right to the protection of personal data’. Compare with EU Directive, art 1(1) & CoE Convention, art 1. The draft EU Regulation is available at <http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf>
67 AU Convention, art 8. See CoE Convention, art 1; Modernisation of the CoE Convention (n 61) art 1.
68 Because of the Adequacy requirement of Article 25 of the EU Directive. Alex Boniface Makulilo, ‘“One Size Fits All”: Does Europe Impose its Data Protection Regime on Africa?’(2013) 7 Datenschutz und Datensicherheit 450.
69 AU Convention, art 9(c).
70 It is based on this number that some commentators observe that ‘The AU Convention has more potential state parties than any other international data protection agreement currently has ratifications': see Greenleaf and Georges, ‘The African Union's Data Protection Convention’ (n 53).
71 Such as processing for household activities etc.
72 AU Convention, art 9.
73 Anneliese Roos, ‘Personal Data Protection in New Zealand: Lessons for South Africa’ (2008) 4 Potchefstroom Electronic Law Journal 62, 79.
74 Paul. M. Schwartz and Danie J. Solove ‘Reconciling Personal Information in the United States and European Union’ (2014) 102 California Law Review 877, 879
75 Both will be used interchangeably in this paper.
76 AU Convention, art 1.
77 See EU Directive, art 2(b) of the EU.
78 For example, South African Protection of Personal Information Act (2013), art 1; Ghanaian Data Protection Act (2012), sec 96.
79 AU Convention, art 1(b).
80 CoE Convention, art 3(1) of the Convention. The CoE explains the rational in its explanatory report that ‘Compared with manual files, automated files have a vastly superior storage capacity and offer possibilities for a much wider variety of transactions, which they can perform at high speed’: see para 1 of the explanatory report to the Convention in ‘Data Protection: Compilation of Council of Europe Texts’ <www.coe.int/t/dghl/standardsetting/dataprotection/dataprotcompil_en.pdf>19.
81 AU Convention, art 9(d).
82 The EU Directive in art 3(2) provides that it shall not apply to ‘processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law … ’
83 AU Convention, art 9(2).
84 AU Convention, art 9(2)(a).
85 AU Convention, art 9(2)(b).
86 AU Convention, art 14(3).
87 See generally EU Directive, art 9.
88 Lee A. Bygrave, Data Protection Law: Approaching its Rationale, Logic and Limits (MIT Press 2002) 57.
89 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) <www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm> (accessed 10 January 2016).
90 It is however noteworthy that the proposal for modernisation of the CoE Convention takes note of the important place of consent and a specific section is dedicated to it. See Modernisation of Convention 108 (n 61), art 5(2) which provides that ‘[e]ach Party shall provide that data processing can be carried out on the basis of the free, specific, informed and [explicit, unambiguous] consent of the data subject or of some legitimate basis laid down by law … ’.
91 AU Convention, art 13, principle 1.
92 See the draft EU Regulation (n 66), art 4 on the definition of ‘the data subject's consent’. See also Proposals for Modernising the CoE Convention, art 5.
93 EU Directive, art 7(f); Draft EU Regulation (n 66), art 6(1)(f). See also Proposals for Modernising the CoE Convention, art 5(2).
94 AU Convention, art 8(2), emphasis added.
95 CoE Convention, art 5(2).
96 AU Convention, art 13, principle 3.
97 Ibid.
98 CoE Convention, art 5(b).
99 This requirement is also a duplicate of the CoE Convention. See art 5(c).
100 AU Convention, art 13, principle 4.
101 CoE Convention, art 5(d).
102 Modernisation Convention 108 (n 61), art 7b, is on ‘transparency of processing’.
103 (Emphasis added). See draft EU Regulation (n 66), art 5(a). See also art 11.
104 AU Convention, art 13, principle 6.
105 CoE Convention, art 8.
106 See Modernisation of Convention 108 (n 61), art 7(b). This requirement is also contained in the draft EU Regulation but not among the FIPs. See draft EU Regulation (n 66), art 31.
107 Bart Van der Sloot, ‘Do Data Protection Rules Protect the Individual and Should They? An Assessment of the Proposed General Data Protection Regulation’ (2014) 4(4) International Data Privacy Law 307, 314.
108 See OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data para 14 <www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm>. See also Asia Pacific Economic Cooperation (APEC) Privacy Framework, principle IX. Para 26.
109 According to Van der Sloot (n 107) 311, it is linked to the obligation of transparency in art 22 of the draft EU Regulation.
110 For example, see AU Convention, art 13, principle 6 para (b).
111 See for example Bygrave, Data Privacy Law (n 34) 165; Data Protection Law (n 88) 68.
112 AU Convention, art 14.
113 AU Convention, art 14(2).
114 Ignoring obviously modern-day sensitive information like information genetic data and biometric data.
115 Explanatory Report to the CoE Convention (n 80) para 48.
116 Paul De Hert and Vagelis Papakonstantinou, ‘The Proposed Data Protection Regulation Replacing Directive 95/46/EC: A Sound System for the Protection of Individuals' (2012) 28 Computer Law & Security Review 130, 133.
117 Explanatory Report to the CoE Convention (n 80) para 43.
118 Explanatory Report to the CoE Convention (n 80) para 43.
119 AU Convention, arts 16–19 respectively.
120 AU Convention, art 10. These rights seems to have been inspired by the EU Directive
121 Charles Coppens, A Brief Text-Book of Moral Philosophy (Literary Licensing 1985).
122 However, the convention provides for some of these rights in art 8 under ‘Additional safeguards for the data subject’.
123 See art 8 titled ‘Rights of a data subject’.
124 See EU Directive, arts 12 and 14. See draft EU Regulation (n 66), chap iii.
125 AU Convention, s V ‘Obligations of the Personal Data Controller’.
126 AU Convention, s VIII.
127 For example, the ‘confidentiality and security of processing’ in section VIII of the EU Directive, are contained in neither arts 6 nor 7 which contain the FIPs. In the AU Convention however, they are provided in principle 6 of art 13 and repeated again in arts 20 and 21.
128 AU Convention, art 23.
129 See AU Convention, preamble.
130 In support of this view, Bygrave's comment on ‘sustainability’ in data protection laws seems relevant where he points out that ‘[d]ata privacy law has much the same aim and function as that policies of “sustainable development” have in the field of environmental protection. Just as the latter policies seek to preserve the natural environment at the same time allow economic growth, data privacy law seeks to safeguard the privacy related interests of data subjects at the same time as it secures the legitimate interest of controllers in processing personal data’: Bygrave, Data Privacy Law (n 34) 122.
131 For more on the importance of TBDF and the need for data protection, see Lukman Adebisi Abdulrauf, ‘Regulation Transborder Data Flows for Development in the G-77+ China: The Role of Data Protection Law’ (2015) 31(1) UNISA Latin American Report I .
132 AU Convention, art 14(6)(2).
133 CoE Convention, art 12.
134 See Additional Protocol to the Convention for the Protection of individuals with Regard to Automatic Processing of Personal data (ETS No.108) Regarding Supervisory Authorities and Transborder Data Flow.
135 EU Directive, ch V
136 Greenleaf and Georges, ‘The African Union's Data Protection Convention’ (n 53).
137 Addition Protocol to the CoE Convention, art 2. But it is more logical to argue that the CoE will adopt the approach of the EU since they are both European institutions. ‘Adequacy’ as the criteria for transfer to non-state parties was replaced with ‘appropriate’ in the modernised convention. Greenleaf seriously criticised this replacement. According to him, there is a danger in replacing adequate with appropriate without an explanation as ‘appropriate’ has little or no meaning in the history of data protection law’: Graham Greenleaf, ‘Modernising Data Protection Convention 108: A Safe Basis for a Global Privacy Treaty’ (2013) 29(4) Computer Law & Security Review 430, 434–435.
138 Greenleaf and Georges, ‘The African Union's Data Protection Convention’ (n 53) 3.
139 CoE Convention, art 2(2)(b).
140 EU Directive, art 26.
141 Makulilo, ‘Myth and Reality’ (n 32) 88.
142 Peter Hustinx, ‘The Role of Data Protection Authorities' in Serge Gutwirth and others (eds) Reinventing Data Protection? (Springer 2009) 133.
143 CoE Additional Protocol, preamble.
144 AU Convention, art 11(1).
145 AU Convention, art 11(1)(b).
146 AU Convention, art 12(2).
147 AU Convention, art 12 (2)m.
148 Addition Protocol to the CoE Convention, art 1(5). See also EU Directive, art 28(6).
149 AU Convention, art 4, ch 1.
150 Although, the Vienna Convention on the Law of Treaties (VCLT), in art 56(1) provides that a treaty without provision on withdrawal is not subject to withdrawal. Nevertheless, the right to withdrawal may be may be implied from the provisions of the AU Convention, art 38(4). Thus, this satisfies the provisions of article 56(2) of the VCLT.
151 See CoE Convention, art 25. However, international law scholars, like Viljoen (n 29) 26, argue that ‘a boundless discretion [to enter reservation] could result in the absurd situation where a state ratifies a treaty, but then enters reservations to just every important aspect thereof’.
152 Tamarkin (n 15).
153 De Hert and Papakonstantinou, ‘The Proposed Data Protection Regulation’ (n 116) 139.
154 AU Convention, the preamble.
155 AU Convention, art 8
156 AU Convention, art 1
157 See modernisation of the CoE Convention (n 61) art 7(2).
158 See draft EU Regulation (n 66), arts 31 and 32.
159 CoE Convention, art 18(2).
160 CoE Convention, art 18(3), in fact, the committee has been renamed as ‘convention committee’ and further strengthened in the proposals for modernisation of the CoE Convention (n 61) See art 19. See also Greenleaf (n 137) 433.
161 See EU Directive, art 29. It has also been replaced with a permanent European Data Protection Board and its powers has also been expanded in the draft EU Regulation (n 66). See arts 64–72. See also De Hert and Papakonstantinou, ‘The Proposed Data Protection Regulation’ (n 116) 141.
162 Comment made by Bygrave, Data Privacy Law (n 34) 40, with regard to the modernisation efforts of the CoE Convention.
163 AU Convention, art 12(1).
164 Explanatory report to the CoE Convention, para 61.
165 In fact, even the details of the Convention and its status list are yet to be uploaded on the AU website of treaties, conventions, and protocol: see <www.au.int/en/treaties>
166 Article 36 provides that ‘This Convention shall enter into force thirty (30) days after the date of the receipt by the Chairperson of the Commission of the African Union of the fifteenth (15th) instrument of ratification’. This is Unlike the CoE which merely requires ratification by five countries to take effect: see CoE Convention, art 22(2).
167 Indeed, history has shown attaining 15 ratifying state will be a huge challenge: see Viljoen (n 29) 156.
168 Viljoen (n 29) 9.
169 Especially common law countries, for example Nigeria, based on s 12 of the Constitution of the Federal Republic of Nigeria.
170 The treaty provides as an objective that ‘Each state party shall commit itself to establishing a legal framework aimed … ’: AU Convention, art 8. Note that a non-self- executing treaty according to Vázquez, is ‘a treaty that may not be enforced in the courts without prior legislative “implementation”’: see Carlos Manuel Vázquez, ‘The Four Doctrines of Self-Executing Treaties' (1995) 89 The American Journal of International Law 695. He relied on a host of US cases like Frolova v. Union of Soviet Socialist Republics, 761 F2d 370, 373 (7th Cir 1985); Tel-Oren v Libyan Arab Republic, 726 F2d 774, 808 (DC Cir. 1984).
171 Viljoen (n 29) 25.
172 Ibid, 165.
173 Makulilo, ‘Myth and Reality’ (n 32) 87.
174 Viljoen (n 29) 25.
175 See Lee A. Bygrave, ‘Privacy and Data Protection in an International Perspective’ (2010) 56 Scandinavian Studies in Law 165; S Gutwirth Privacy and the Information Age (Rowman & Littlefield, 2002).
176 Hanno N. Olinger and others, ‘Western Privacy and/or Ubuntu? Some Critical Comments on the Influences in the Forthcoming Data Privacy Bill in South Africa’ (2007) 39 The International Information & Library Review 31, 37.
177 Elizabeth Martha Bakibinga, ‘Managing Electronic Privacy in the Telecommunications Sub-Sector: The Ugandan Perspective’ (2004) paper presented at the African Electronic Privacy and Public Voice Symposium held on December 6, 2004, Cape Town, South Africa. <www.thepublicvoice.org/events/capetown04/bakibinga.doc>.
178 Makulilo (n 67 ). See also Micheal D Birnhack, ‘The EU Data Protection Directive: An Engine of a Global Regime’ (2008) 24 Computer Law & Security Report 508.
179 Viljoen (n 29) 470.
180 For example, ECOWAS.
181 Viljoen (n 29) 471.
182 ACHPR, art 9.
183 For more on the conflict between both human rights, see David Banisar, The Right to Information and Privacy: Balancing Conflicting Rights And Managing Conflicts (World Bank Institute Governance Working Paper Series). World Bank <www.ip-rs.si/fileadmin/user_upload/Pdf/Publikacije_ostalih_pooblascencev/Right_to_Information_and_Privacy__banisar.pdf> (accessed 7 April 2016).
184 Ibid, 1.
185 Address by Hon Justice Bernard M Ngoepe, Vice President of the African Court on Human and Peoples' Rights, on the occasion of the Opening of the 55th Ordinary Session of the African <www.achpr.org/sessions/55th/speeches/opening-statement-court/>
186 AU Convention, art 33.
187 Viljoen (n 29) 6.