March 8th, 2024

EU and EAC Build Bridges for Data Protection in East Africa

Data protection is increasingly important, especially to ensure privacy and protect sensitive data, as well as consumer and human rights. In addition, sound data protection frameworks encourage trade, investment, and ease regional integration. For these reasons, countries in the East African Community are increasingly setting up data protection frameworks and data protection authorities to enforce these frameworks. However, the countries are at very different stages in the development and operationalization of these frameworks. While some countries have active data protection authorities, other countries have no legal framework. Several countries are in the very initial stages of setting up their data protection authority. There is, therefore, a great potential for the new authorities and countries with no legislation to learn from other countries with more experience.

It is against this background that the European Commission, through two initiatives (the Data Governance in Africa Initiative and the African Union European Union (AU-EU) Digital for Development (D4D) Hub Project), and in collaboration with the East African Community (EAC), is supporting the implementation of data protection frameworks in East Africa. Through a series of workshops, research initiatives, and study visits, the project is paving the way for knowledge exchange and peer-to-peer learning among countries at varying stages of data protection law development. The first knowledge exchange took place on September 13 to 14, 2023, as stakeholders convened in Nairobi, Kenya, with the participation of key regional stakeholders, including representatives from the data protection sector, local private enterprises, and civil society organisations.

From 6 to 7 March, the East Africa Exchange on Data Protection took place in Kampala, Uganda, hosted by the Uganda Data Protection Authority, the Personal Data Protection Office (PDPO). The exchange advanced discussions on the importance of regional cooperation in establishing common data protection standards. Further, it aimed to enhance knowledge and experience sharing in data protection law enforcement at the East African regional level, fostering peer-to-peer connections, best practices exchanges, and learning opportunities.

In attendance at the event were data protection authorities in the EAC (Kenya, Uganda, Rwanda, Tanzania, and Somalia), representatives from the Ministries of ICT and agencies responsible for the development of data protection laws from all EAC countries, Ministries for EAC Affairs, the EAC Secretariat, the East Africa Business Council (EABC), the Africa Union Commission (AUC), the Network of African Data Protection Authorities (NADPA), and development partners, among others.

For the Personal Data Protection Office (PDPO), Ms Stella Alibateese, National Personal Data Protection Director, emphasised that “We must recognise the diverse stages of development and implementation of data protection and privacy laws across the East African Community Partner States. Within this diversity lies our strength—the unparalleled opportunity for knowledge exchange, peer learning, and collective growth. Our resolve to address cross-border challenges and embrace a future of shared regulation has never been stronger.”

The EAC Deputy Secretary General in charge of Customs, Trade, and Monetary Affairs, Annette Ssemuwemba, noted that “In East Africa, safeguarding data is not just a necessity but a cornerstone for progress. Establishing robust data protection agencies and harmonising regulations is imperative for fostering trust, enabling seamless collaboration, and driving regional integration. As we unite our efforts to protect data, we forge a path towards a digitally secure and interconnected East Africa."

The Deputy Ambassador of the EU Delegation to Uganda, Mr Guillaume Chartrain, highlighted that “Data protection is not merely a technical or legal issue but a fundamental prerequisite for upholding democracy, fostering economic growth, and safeguarding individual rights. This is a lesson we have learned in Europe, and we stand ready to support the East African region and the African continent as a whole on its journey towards a responsible and citizen-centred approach to personal data protection.”

Further, the Data Governance for Africa Initiative Head of Programme, Franz von Weizsäecker, noted, “We are happy to support the African Union, its Regional Economic Communities such as EAC, and its member states in their efforts to develop and implement state-of-the art data policies. I am looking forward to understanding the priorities of Eastern African data protection authorities so that we can design suitable support mechanisms for regional initiatives.” Two research projects prepared by Strathmore University (Kenya) were presented: a legal gap analysis covering the existing data protection frameworks in the EAC, highlighting their similarities and differences, as well as a collection of relevant resources for the data protection authorities. Participants worked together to agree on a shared vision for the EAC as well as immediate steps that can be taken to ease cross-border data flows, trade, and regional integration.

The participants discussed how best support could be provided to countries lacking adequate laws or authorities in this domain, ensuring they are brought up to par with established standards. There was emphasis on improving coordination and flow of information at the national and regional level, between development partners and other interested stakeholders, as well as within the national ecosystem. This helps avoid duplication of efforts.

The AU-EU D4Dhub Project Coordinator, Cristina de Lorenzo, said, “For the AU-EU D4D Hub Project, fostering collaboration and knowledge exchange in data protection across East Africa is a vital step towards building a resilient digital future for Africa. Through our initiatives, we support African institutions to create an enabling environment for an inclusive and sustainable digital transformation. This event in Kampala marks another significant milestone in our shared journey towards harmonising standards and facilitating cross-border cooperation.”


The Data Governance in Africa Initiative supports the African Union (AU) and its member states to form development-oriented and human-centric data regulation, data use, and data infrastructure at continental, regional, and member state levels. The Initiative provides concrete support for a single digital market in Africa by harmonising regulations on data, creating cross-border data flow, and promoting investments in secure and sustainable data infrastructure facilities. Funded by the European Union and its five Member States (Belgium, Estonia, Finland, France, and Germany), under the Global Gateway strategy, the project is implemented from 1 January 2023 to 31 July 2026. This activity is implemented by GIZ.

The AU-EU D4D Hub is a Team Europe project, co-funded by the European Union and jointly implemented by Enabel, GIZ, Estonia Development Cooperation, AFD, Expertise France, and LuxDev. It is part of the D4D Hub, an EU-led platform that creates and leverages partnerships to shape a sustainable digital future worldwide. This activity is implemented by GIZ. The project supports African institutions to create an enabling environment for an inclusive and sustainable digital transformation. It provides demand-driven technical assistance, promotes knowledge sharing, and facilitates multi-stakeholder dialogues.

Find more information here.