[Column] Hans van Linschoten: Data sovereignty in Africa, why you should care
African businesses are currently making massive investments in things like machine learning and artificial intelligence tools and are using cloud and virtualized infrastructure to enhance service delivery.
Talking with industry leaders and experts across the continent, one thing is clear, they’re making these investments because they want to adopt the flexibility and benefits of the cloud.
The cloud services sector in Africa might be in its early stages of development, but the impact is already far-reaching. Large firms are using compute capabilities and AWS database to transform how they reach a predominantly mobile and digital customer base. A number of African cloud-native startups are also leveraging the cloud to disrupt the entire industry.
There is significant potential in the growing African cloud market where an estimated $2 billion is being spent in cloud this year. This, together with all cloud related businesses happening in Africa, tells you how much businesses can benefit from cloud.
Even as this happens, there’s one concern that cannot be ignored when it comes to matters of cloud; the physical location of data centers. This is because data sovereignty is a crucial factor in many countries.
Data sovereignty is the concept that digital data is subject to the laws of the country in which it is processed. Data stored in Uganda for example falls under Uganda’s privacy laws (The Data Protection and Privacy Act, 2019), as well as data that flows within its borders.
With the increase in Software as a Service (SaaS) and cloud storage services in recent years, their use often entails cross-border data transfers, which can result in major compliance challenges for users and even the providers. Once your data travels outside of a country's borders it becomes subject to the law(s) of the land in which it is stored.
The main concern associated with data sovereignty is maintaining privacy regulations and keeping foreign countries from being able to sub open data. This here is the very reason why African businesses need to care.
This can be a complex legal issue that has the capacity to affect organizations worldwide. For example, we can have a Kenyan cloud service provider that has its main office including accounting, sales and marketing and even operations in Uganda while their customer service call center is in Germany. This implication here is that certain personal information about accounts must be sent to Germany in order for them to contact clients and provide support. If Germany’s Privacy Principles (APP) stipulate that the cloud provider must disclose what information is being sent out of Germany, then there’s the potential for an organization’s personal data to be sub opened by a foreign government. In some countries like Indonesia, regulators stipulate that financial data cannot be stored outside the country without approval.
There are clear regulations which we cannot run away from and need to be observed. Most established organizations I engage with that are actively embracing cloud, care deeply about where their data resides. Some African banks already have regulations requiring financial data to be stored in their countries and this is a good starting point.
Bottom line, having data in the cloud offers many benefits; it allows for easier flow of information and for safe and easy remote backup of files and data and in many cases, saves cost.
African developers and organizations should see this as an opportunity to tap into local cloud solutions to ensure data sovereignty is observed. The more data sovereignty we have in Africa, the better protected Africans are by African privacy laws and the less reliance there is on internet infrastructure from outside.