Teki Akuetteh

Teki Akuetteh, Africa Digital Rights Hub: “Civil society organisations have the power to hold governments accountable on digital rights enforcement”

Teki Akuetteh is an ICT/Telecom Lawyer, a Privacy/Data Protection Consultant and Senior Partner at a law firm based in Accra, Ghana. She is also the Founder and Executive Director of the Africa Digital Rights Hub, a member of the UN Global Pulse Privacy Advisory Group, and a non-resident fellow of the Center for Global Development. Previously, Teki has worked for the Government of Ghana in the development of several key legislations for the ICT sector.

This interview is also available in French.

Compared to the West, African data protection authorities have 1/10 of the average budget to effectively carry out data governance. What recommendation do you have for policymakers negotiating digital partnerships (especially with Chinese firms and Western firms) to bolster their data governance capacities while protecting digital sovereignty?

In terms of funding, it is a tricky issue. Apart from governments negotiating with multilateral corporations like the World Bank and the IMF, it is challenging for governments to negotiate funding for a data protection authority especially when it comes to dealing with major private corporations. One significant reason for this is that an extremely crucial feature of any effective data protection authority is independence. It becomes even more complicated to negotiate policy or funding requirements for a regulator that is supposed to be independent of the government itself.

So you realise that under the law, data protection authorities can typically receive support from donor agencies and other corporations. However, this support must be provided in a way that ensures their independence. I would not suggest that governments subject themselves to corporations and request funding to support data protection authorities. Nevertheless, supporting data protection authorities is an essential part of our society, as it enables the protection of individual or fundamental rights.

It is high time that we engage in discussions regarding policy support and the implementation of legal frameworks that benefit the ICT industry as a whole, specifically addressing cybersecurity and data protection issues at the multilateral level. In my experience working with the Ghana Data Protection Commission and as a consultant on a World Bank project, I focused on creating an enabling legal environment for the country, which involved passing several laws. After the laws were passed, we made sure to allocate resources to support the implementation of the legal framework. This process goes beyond policies and laws; it requires substantial resources.

For example, during the second phase of the E-Ghana project (renamed e-Transform) at the Data Protection Commission in Ghana, we secured funding components from the World Bank to support the implementation of the law. However, it was not deemed adequate due to the significant amount of resources required.

They need a physical space. They need technologies to support them. They need to hire competent staff to efficiently implement the laws. They need to raise awareness because that is also part of ensuring an ecosystem that deeply respects these rights. Having that understanding is extremely important. With that understanding, you can then consider appropriate funding. I must say that sometimes there is a lack of knowledge regarding the actual costs to fund these institutions. Therefore, when creating these institutions, it is important to assess what kind of institution is being built and conduct a cost analysis, so that funding can be allocated before the project starts.

When it comes to how governments engage with corporations, for instance, if a government is hiring a company like Amazon, Huawei, or a telco provider to provide specific services and they will be paid for it, I believe we need to include measures such as data protection impact assessments, compliance with data protection and cybersecurity requirements, in the work plans. These aspects should be part of the terms of reference or calls for proposals, and companies should be evaluated accordingly. Funding at the government or international organisation level is fine, but I wouldn't recommend direct funding from corporations to these institutions. However, with corporations, we should ensure that they incorporate data protection compliance into the systems or services they are required to deliver.

You recently co-wrote a blog post about upgrading the AU-EU digital partnership, what do African leaders need to be focusing on within the next five years?

I believe that at the continental level, our focus should be on developing a strategy to harmonise our digital ecosystem. This includes frameworks and laws, as one of the biggest challenges we face as a continent with 54 countries and diverse realities is the difficulty of effectively coming together. I strongly believe that Africa has a strong future, and to achieve that, we need a strategy to unite quickly. This is also our biggest challenge as a continent: ensuring that we can come together to accomplish what we need to do. It is crucial and will make a significant difference for Africa.

Take the General Data Protection Regulation (GDPR), for example. If it were just one or two European countries implementing it, it wouldn't have had the desired impact on data protection. We need to find a way to work around our differences. When I mention harmonisation, I'm not talking about uniformity. This is always a challenge for us as a continent, as there's a tendency to seek the same kind of laws when we think of harmonisation. However, insisting on uniformity will pose challenges. We should focus on achieving harmonisation by working around the differences in our laws and finding common ground where they exist to speak with one voice.

That's the first point I want to emphasise. Secondly, when we discuss the continental free trade area and digital transformation strategies, we need to consider what implementation truly entails. Reading about text data policies, interoperability frameworks, and continental-level digital transformation strategies may sound promising, but what matters is the actual implementation. Over the next five years, we should prioritise moving beyond rhetoric and executing these well-designed strategies and plans for the future of the continent.

Lastly, we need to think about what resources in the digital space we have as a continent or better, that we can claim as originating from Africa. I recently had a conversation with someone who wondered if it was too late for Africa to claim any such digital resource as its own. Their view, though painful, resonated with reality. People on the continent are primarily consumers, benefiting from technologies, platforms, services, and infrastructure that originate from elsewhere. For instance, considering digital infrastructure, most of it is not even located in Africa. This made me realise that we need to come up with something entirely different, something that doesn't solely rely, for example on AI technology that we don't even own. It got me worried because I wondered where we should even start. Therefore, for the overall socioeconomic development of the continent, we must think beyond the digital and consider how Africa can carve its own niche, just as the rest of the world has done, and become a driving force for the rest of the world.

On the topic of harmonising our regulations, are there any common areas that exist today already that represent opportunities for further alignment?

When it comes to data protection laws, most of our current laws already recognise the fundamental right to privacy. Across countries, there is general agreement that this right is crucial and must be protected. So, it's not a point of disagreement. Moreover, many countries on the continent have data protection laws in place, which acknowledge key principles such as safeguarding personal data, lawful processing of information, and recognising certain rights for data subjects. While the extent of these rights may vary, there is more common ground in the legal texts than differences.

Where differences arise is in the implementation of these laws. Countries have varying approaches to implementation, including the level of independence of their data protection authorities and the effectiveness of enforcing the laws. Many laws have been passed to enable enforcement to some extent. Once we identify the commonalities, or what I call the "low-hanging fruits," in terms of harmonisation, we can make progress. For example, we don't need all 55 African countries to have data protection laws to respect and recognise each other's data protection authorities.

A notable example is the recent memorandum of understanding signed between Mauritius and the South African Data Protection Authority. This bilateral agreement between the Mauritian Data Protection Office and the South African Information Commissioner focuses on data flows and transfers. Encouraging such arrangements at the regional level can be facilitated by the African Union Commission (AUC). It is relatively easier for countries like Ghana to engage with Senegal, Mauritius, or South Africa individually, rather than convening all countries at the same table. Therefore, we should start establishing a network of arrangements or strategies that include memoranda of understanding for data movement and transfer, particularly within the continent, aligning with initiatives like the Continental Free Trade Area and the Single Digital Market for Africa.

These are a few areas that we can focus on if we want to promote harmonisation.

How can civil society fit itself / contribute to the national drive to deliver large-scale digital projects eg in infrastructure or software solutions to ensure digital rights issues are considered throughout project development?

In the last two decades, I have observed the crucial role of civil society, particularly in our region, not only as a voice for the people but also in holding governments accountable for constitutional and legal rights. How do we achieve this? We advocate for more transparency in processes and better structures and strategies for implementing various frameworks across the continent. Another important role for civil society is research, which is why we established the Africa Digital Rights Hub (ADRH). Through ADRH, we aim to address the lack of government offices equipped to handle digital rights challenges. For example, during my work with the Government of Ghana, I noticed a shortage of individuals with deep expertise in digital rights and the necessary knowledge for implementing laws in the sector, including ICT and telecoms.

Most of the few individuals with expertise in this field have been absorbed by telecom companies due to their higher salaries. To have me on board, the Government of Ghana had to pay me under the World Bank project since they couldn't match the competitive salaries offered by the private sector. This is one of the major challenges we face. Civil society can help bridge this gap, as governments may not be able to immediately change their salary structures or afford to hire all the required skill sets within the public sector. Civil society organisations, like ADRH, have the opportunity to conduct research and bring in consultants from around the world to delve into specific issues, which governments may not have the resources to do. NGOs can also convene stakeholders and shape relevant policies for our ecosystems.

Without these efforts, we see governments signing on to projects where the World Bank's consultancy processes require international competitive bidding due to implementation costs. Consequently, non-Africans often end up implementing these projects in Africa. During my time working for the World Bank, we introduced parameters within our procurement processes to include local context requirements. For instance, if drafting a law in Ghana, the consultant had to work with a local law firm familiar with the legal system to facilitate the process. However, I believe that civil society is sometimes better positioned to work quickly, publish its findings, and enable governments to address these issues. They also have the ability to bring stakeholders together, which is crucial for a thriving ecosystem.

In cases where legal frameworks are not effectively working, civil society organisations have the power to hold governments accountable. For example, we've seen strategic litigation in Kenya related to the Duma number, which led to the development of their data protection law. In a continent where the enforcement of rights may not be as progressive as in other parts of the world, and where holding individuals accountable can be expensive, civil society plays a vital role in supporting these endeavors.

With the emergence of other influential pieces of legislation (Digital Services Acts, EU AI Act, Digital Markets Act) and the inevitable influence that will have on Africa's governance of the sectors these pieces of law are targeted, how much agency do African states have to determine the way they would like to address these topics? How can they increase their agency?

The level of agency individuals or regions have depends on themselves, as no specific country or region decides for an entire continent. However, having agency requires being informed, knowing one's identity and position, and understanding what one wants to achieve. Europe, Asia, and others approach Africa because they recognise the continent's significance and how it can benefit their interests. Unfortunately, Africa often lacks a solid presence at the negotiating table, even from a government perspective. Therefore, for Africa to have agency, it needs a strong position that goes beyond defining a strategy or having a document stating its goals. Concrete steps must be taken to effectively achieve those objectives. This determination of action also shapes the approach to these issues.

As a continent, or as countries, understanding the challenges, the ecosystem, limitations, and opportunities are crucial. Simply adopting another region's approach, such as the European General Data Protection Regulation (GDPR), may not work seamlessly in a different context. African countries are now realising that implementing GDPR requires adaptation to their unique circumstances, infrastructure, and regional factors. In my view, agency should be closely tied to self-awareness, knowing who you are, and having a comprehensive strategy for approaching these issues.

This interview is part of the Negotiating Africa’s digital partnerships: interview series led by Dr Folashade Soule with African senior policymakers, ministers, private and civic actors to shed a light on how African actors build, negotiate and manage strategic partnerships in the digital sector in a context of geopolitical rivalry. The series is part of the Negotiating Africa’s digital partnerships policy research project hosted at the Global Economic Governance programme (University of Oxford) and supported by the Centre for International Governance Innovation (CIGI).