Bulelani Jili: "African policymakers should see digital development, data flows, and data governance as mutually reinforcing."

Bulelani Jili is a Meta Research PhD fellow at Harvard University. His research interests include ICT development, Africa-China relations, cybersecurity, post-colonial thought, and privacy law.

This interview is also available in French.

How do you assess the policies set up by various African countries to pursue “digital sovereignty”?

Digital sovereignty is an analytical aperture and strategic posture that seeks to reassert the authority of state actors over cyberspace, including the development of digital technology. As such, this vision demands the recognition of individual countries’ rights to craft and employ the requisite policy instruments to govern cyber activities within their juridical territory. Yet the shifting constellation of global networks and the privately owned technical infrastructure of the internet suggests an opposition to this statist approach. Accordingly, advocates of the concept, on the one hand, seek to recentre the nation-state as the principal vector to govern cyberspace while also wishing to leverage private firms and investment to pursue digital development.

One thread of digital sovereignty is data localisation. Briefly, data localisation is a protectionist policy measure that may result in marginal gains for some local stakeholders, including enterprises and workers, but it may also cause more significant harm to the broader economy. The benefits of data localisation would accrue to the small number of data centre owners and employees who operate locally. However, the wider ecosystem may suffer from limited or poor access to data. Although data centre infrastructure is critical for the use of data for development, many governments focus on forcing firms to store data locally, even though it does not necessarily lead to digital development or better-protected data, never mind the fact that many countries struggle to provide reliable electricity supply and high-speed connectivity. Currently, it is unrealistic to expect every firm that manages data to set up data storage facilities and business operations in every country. Meanwhile, not having domestic controls in place would be equally problematic. This highlights the need for national frameworks and a continental data governance framework. Accordingly, African policymakers need to focus on building both domestic and regional frameworks to harmonise diverse regulatory spaces and enable economies of scale for African firms. Being able to acquire, use, and move data seamlessly across borders allows firms and government agencies to provide digital goods and services. Seamless data flow also supports the use and reuse of data within the African data ecosystem, which is critical to leveraging data-driven emerging technologies that empower innovations in public service delivery and new business ventures on the continent. Inversely, restrictions on the movement of data result in the loss of entrepreneurial opportunities.

How do foreign actors like China, European countries, the US, and private actors understand and deal with the local African discourse on data ownership?

In the context of African data localisation, China is promoting its notion of cyber sovereignty (网络主权). Cyber sovereignty can be simply defined as respecting an individual country’s right to choose its own digital development path and cyber management policies. Following this logic, state actors should principally discourage the interference of other nation-states in the internal affairs of other governments. Accordingly, this statist approach privileges the ambitions of governments over those of private firms and civil society. And in turn, this commitment is antithetical to current US commitments. The US government advocates for more open and multistakeholder approaches that promote the leadership of private firms and civil society engagement. However, China and its principle of cyber sovereignty is attractive in part because it provides legitimacy and cover for state and sub-state actors who wish to further restrict online activity in the name of political stability. While this push for cyber sovereignty and its seemingly commensurate emphasis on localisation ostensibly empowers local stakeholders, it does not raise questions about the capacity of African stakeholders to promote rights against local government abuses and private firms’ excesses. It must be said that China’s cyber sovereignty commitment does not result in neutral outcomes or even the supposed local empowerment, but it can be an obfuscating frame that loses sight of the technological asymmetries between itself (a power realised through the tightening grip over domestic corporations) and its African partners that come to rely on its technical expertise to realise digital development.

How can regional and international organisations better support a shared vision of data governance and regulation, and cybersecurity in Africa?

Firstly, it must be said that policymakers should see digital development, data flows, and data governance as mutually reinforcing, not something that needs to happen sequentially. Of course, digital development only gets harder given that it also depends in part on African policymakers addressing other major economic and political issues like urbanisation, cybercrime, youth unemployment, poverty, and climate change. But again, rather than conceptualising digital developments independently from these challenges, policymakers should recognise that digital tools and development can also play a constructive role in addressing them. For example, the COVID-19 pandemic illustrated the significance of free data flows. Free data flows are critical to the management of public health crises. Timely and unhindered access to data has ensured appropriate policy responses that go towards improving health outcomes. Data governance’s cross-cutting significance means it should not be segmented or seen as some sort of dislocated aspiration from development goals.

Again, for example, the push for data localisation in Africa might have consequences for the trade liberalisation ambitions envisioned by the African Continental Free Trade Area (AFCFTA). While the free trade agreement’s e-commerce protocol remains to be finalised, data localisation requirements have consequences for several provisions under the services protocol. Accordingly, the African Union can learn from other regional bodies, such as those in the Asia Pacific, via the Asia Pacific Economic Cooperation (APEC). APEC has not let similar socio-economic hurdles stop them from the arduous work of building a regional data governance framework while also addressing associated issues like digital infrastructure gaps.

To its credit, the African Union has demonstrated an interest in building a regional digital economy. The African Union has designed the Digital Transformation Strategy for Africa (DTSA) to adopt emerging technologies for sustainable development. The framework acknowledges and seeks to correct the historical deficiency of continental cooperation, aiming to promote further cohesion across distinct policy environments. In addition, the Malabo Convention, which has been signed by 15 countries, offers a standard level of data protection that seeks to prevent cybercrime and privacy violations while also mitigating the need for strict localisation requirements. Accordingly, it also facilitates regional data flows for African states. AFCFTA offers a similar tangible opportunity to work towards a shared policy infrastructure, particularly under the e-commerce protocol. A regional approach to data governance would support the development of a single digital market in Africa that leverages data-driven technologies. A single market would lay the foundations for regional cooperation on other major issues such as data protection, privacy, cybersecurity, and government access to data for purposes such as law enforcement requests and regulatory oversight of firms.

The ability of African countries to fully realise their ambitions for sustainable, safe, inclusive, and effective digital development is contingent on their ability to work together. Likewise, policymakers in Africa should focus on developing national and regional data governance frameworks that account for the continent’s distinct challenges while enabling data flows across countries. The promotion of data flows needs to happen in parallel with discussions about how they can also work together on related policy objectives, including cybersecurity, data privacy, and human rights. What is salient is that regardless of the issue, local legal responsibilities move with the data, and firms can be held accountable if they breach these shared laws. Ultimately, policymakers need to recognise that a regional data governance framework is a critical ingredient to ensure the region’s people, firms, and governments are better positioned to meet this digital inflexion point.

This interview is part of the Negotiating Africa’s digital partnerships: interview series led by Dr Folashade Soule with African senior policymakers, ministers, private and civic actors to shed a light on how African actors build, negotiate and manage strategic partnerships in the digital sector in a context of geopolitical rivalry. The series is part of the Negotiating Africa’s digital partnerships policy research project hosted at the Global Economic Governance programme (University of Oxford) and supported by the Centre for International Governance Innovation (CIGI).