Motolani Peltola: “The pursuit of digital sovereignty and local data ownership has implications for local capacity development”

Motolani Peltola (formerly Agbebi) PhD is a university lecturer at the Faculty of Management and Business, Tampere University, Finland. Her research interests include Sino-Africa relations and its implications for socio-economic development in Africa; China’s digital silk road and its implications for Africa’s technological future; and human capital development in Africa.

This interview is also available in French.

With the significant increase in data centres in Africa, estimated at around 700 new facilities in the coming decade, what are your thoughts on digital sovereignty and local data ownership in this context?

A growing number of African governments are actively fortifying their digital sovereignty through the adoption of policies, laws, and regulations pertaining to data localisation. This involves increasing investments in digital infrastructure, particularly data centres, and imposing restrictions on the hosting and transfer of data beyond national borders unless officially exempted. Concurrently, the continent is witnessing an escalating trend in the adoption and implementation of data protection and privacy regulations, exemplified by Nigeria's Nigeria Data Protection Regulation (NDPR), South Africa's Protection of Personal Information Act (POPIA), Kenya's Data Protection Act, Ghana's Data Protection Act, among others. Notably, these regulations often draw inspiration from the EU’s General Data Protection Regulation (GDPR), albeit with certain deviations. In their approach to data localisation, African countries exhibit a spectrum of approaches ranging from hard localisation to soft localisation to hybrid localisation regulations.

The surge in efforts by African governments to bolster digital sovereignty and local data ownership encompasses economic, social, and political dimensions. The rationale behind the adoption of data localisation requirements includes considerations for cybersecurity, data protection and privacy of citizens, economic development, law enforcement, national security, and, controversially, government censorship and surveillance. While these motivations hold true for African countries, the predominant reasons often revolve around data protection and economic development. For instance, Nigeria's data localisation policy is justified by the aspiration to rectify the negative trade balance in the ICT sector and foster a digital economy for the benefit of its citizens. Similarly, South Africa views data and associated digital infrastructure as strategic national resources.

Through the implementation of data localisation regulations, certain African governments aim to mitigate the risk of data colonisation, reinforce digital sovereignty, and ensure local economies reap the benefits. The prevalence of foreign technology firms in Africa, with their access to valuable user data, exposes African governments and citizens to data and national security vulnerabilities. Local hosting of data is envisioned as a means for African governments to maintain control over critical data and data infrastructure, such as data centres, with some countries designating them as critical information infrastructure to be protected as strategic national assets yielding socioeconomic benefits.

The expansion of data centres in Africa, coupled with investments in broadband networks and supporting digital infrastructure for local data storage and processing, contributes to local digital infrastructure development and diminishes dependency on foreign platforms and companies. Given that Africa's share of global data centre capacity is less than 1%, there is an imperative to develop these digital infrastructures. Moreover, the pursuit of digital sovereignty and local data ownership has implications for local capacity development, fostering expertise in areas such as data services and cybersecurity.

However, the promotion of local data ownership poses a dual perspective. While it may be deemed a legitimate strategy to enhance digital sovereignty, fortify data and national security, as well as curb data colonisation by foreign entities, critics argue that if the entire infrastructure, technical expertise, and support are provided by foreign firms, concerns about exposure to data vulnerabilities remain unresolved.

Furthermore, the unintended consequences of data localisation on competition, trade, and investments may impede economic development. Similar to industrialised Western democracies, African nations face the challenge of balancing the imperative of digital sovereignty facilitated by data localisation with economic considerations against such regulations. Consequently, national data regulation policies must be adeptly designed to mitigate negative economic impacts on cross-border data flows and trade while ensuring gains from a data sovereignty regime align with the needs of a burgeoning digital economy.

How do foreign actors like China, European countries, US, and private actors understand and deal with the African discourse on local data ownership?

The responses of foreign state actors, such as China, European countries, and the United States, to the discourse surrounding data localisation in Africa can be seen as reflective of their domestic approaches to digital sovereignty, data protection, and regulation.

Within the European Union (EU), a comprehensive framework for data protection is embodied in the General Data Protection Regulation (GDPR), supplemented by additional regulations like the Data Act and Data Governance Act. These instruments are crafted to control, facilitate, and safeguard cross-border data flows. The GDPR, as a representation of European union countries' stance on data protection, emphasises individuals' rights to privacy, control over their data, responsible organisational practices, and governs cross-border data transfers outside the EU. While the EU and Africa share concerns regarding the dominance of foreign technology firms and their utilisation of citizen data, there are disparities in their approaches to digital sovereignty. The EU champions a liberal stance on digital sovereignty, emphasising individual control over data rather than government or private organisations, contrasting with African countries’ tendencies to exhibit elements of both state-centric and liberal models in their approaches to data sovereignty to varying degrees.

Conversely, both the EU and the United States express concerns about the discourse on local data ownership in Africa, particularly with respect to the implications of increasing governmental control over data for civil liberties and the potential misuse of data by authoritarian governments. Also, there are concerns regarding the national security risks posed by digital infrastructure provided by state-led Chinese companies. Additionally, concerns are raised about the competitiveness of European tech companies amidst increasing data localisation regulations in a sector dominated by Chinese and American technology firms. The EU's endeavours to enhance its position in the global data value chain, foster competitiveness, and negotiate agreements with African countries on digital-related clauses further underscore the complex landscape.

The United States, adopting a more liberal approach to data sovereignty, has historically abstained from imposing federal or comprehensive data localisation requirements. Dominance of U.S. technology companies around the world and a historical advocacy for open cross-border data flows reflect a liberal regime on data localisation with limited restrictions. While debates persist on data localisation, there is yet to be a formal consensus among U.S. policymakers on domestic mandates and responses to foreign policies is yet to materialise. Having said that, economic concerns about threats to American businesses in the event of restricted cross-border data flows, coupled with concerns of authoritarian approach to data governance due to China’s increasing dominance in the provision of digital infrastructure in Africa are prominent in U.S. deliberations on increasing data localisation in Africa. For example, the U.S. Trade Representative has expressed reservations about data localisation measures in Nigeria and Kenya, deeming them discriminatory to foreign businesses (that store and process data globally) and potentially detrimental to the development of the digital economy.

China, adopting a state-centric view of digital sovereignty, centralises the role of the state in data governance and citizen data control. Enforcing a strict data localisation approach, mandating data to be hosted within the state of its production, China has propelled the growth of its domestic firms at the expense of foreign competitors. In Africa, China's active involvement in financing digital infrastructures, including data centres, and its technology companies’ collaboration with governments in designing national digital economy strategies, exemplifies its commitment to shaping the digital landscape in alignment with its Digital Silk Road aims.

A common thread in the response of foreign actors namely the US, China and the EU is a concerted effort to bolster the competitiveness of their technology firms globally and particularly in Africa’s technology sector which still holds substantial investments opportunities. Despite the variations in their domestic stances on data localisation, these actors – the US, China, the EU demonstrate an interest in capitalising on the investment opportunities facilitated by the growing trend of data localisation in Africa.

How can regional and international organisations better support a shared vision of data governance and regulation in Africa?

In addressing the critical issue of data governance and regulation in the African context, a primary concern revolves around the need to harness the benefits of the digital economy while mitigating the inadvertent challenges posed by data localisation to trade and overall economic progress. Therein lies the potential role of regional and international organisations in facilitating a collective vision for robust data governance in Africa. A shared vision of data governance and regulation in Africa can be better supported in the following ways:

Firstly, there is a necessity for capacity building initiatives and technical assistance. These interventions should be tailored to enhance the expertise of individuals, organisations, and government officials in formulating and implementing effective data governance frameworks aligned with their unique priorities. Furthermore, capacity building efforts should include comprehensive training on principles, regulations, and best practices associated with data governance.

Secondly, the promotion of standardisation and policy harmonisation is a crucial strategy to counteract the potential impediments to continental trade posed by disparate levels of data localisation and governance across African nations. It is crucial to facilitate interoperability and cross-border data flows to bolster continental trade initiatives, such as the African Continental Free Trade Area (AfCFTA). The Malabo convention, albeit pending full ratification, serves as an initial step towards policy harmonisation. It is imperative to encourage sustained dialogue and collaboration amongst African countries, fostering the development of common standards and aligning regional practices with global norms to alleviate barriers that impede economic development and delivery of essential services in sectors such as the health sector.

Moreover, the lack of policy complementarity in data governance within Africa could exacerbate digital divides and inequalities. This is particularly evident when certain data governance regimes, through localisation measures, result in disparate access to data, increased prices, and limited availability of ICT products and services. Consequently, regional policy harmonisation becomes a compelling imperative to address this challenge and promote equitable development.

Thirdly, the establishment of platforms for collaborative dialogue involving all stakeholders, including civil society organisations, regional and international bodies, and the private sector, is crucial for fostering an effective and cooperative data governance ecosystem. This collaborative effort should be oriented towards the protection of individual data, responsible data usage, and the creation of an enabling environment for innovation and economic development.

Fourthly, regional, and international bodies can play a pivotal role in fortifying democratic institutions and civil society organisations in African countries. The association between data localisation and a decline in internet freedom underscores the importance of support in ensuring these entities possess the requisite resources and can exert agency to contest data governance laws that may undermine democratic processes and impede civil liberties.

Finally, financial support for digital infrastructure development remains indispensable. Such financing is instrumental in creating the necessary infrastructure for effective data governance and management in Africa, thus facilitating the overarching goals of economic development and innovation.

This interview is part of the Negotiating Africa’s digital partnerships: interview series led by Dr Folashade Soule with African senior policymakers, ministers, private and civic actors to shed a light on how African actors build, negotiate and manage strategic partnerships in the digital sector in a context of geopolitical rivalry. The series is part of the Negotiating Africa’s digital partnerships policy research project hosted at the Global Economic Governance programme (University of Oxford) and supported by the Centre for International Governance Innovation (CIGI).