By: Adeboro Odunlami, Bulanda Nkhowani, Jean Hubert Bondo, Kimal Harvey, Sandra Aceng and Y. Z. Ya’u, who are members of the Global Coalition for Tech Justice.
In recent months, social media platforms have faced criticism across the African continent. From lawsuits against Meta in Nigeria, Ethiopia, Ghana and Kenya, to activists calling for greater tech accountability and the highest human rights body passing resolutions to compel platforms to uphold information integrity, public interest content, user data protection and create equal and safer conditions for content moderators – the accountability train is moving, and there’s no stopping it. While this news has elated civil society organisations and activists on the continent, who have long sounded the alarm on Big Tech’s lack of transparency, called for accountability and equitable practices in the enforcement of the platforms’ policies, some questions remain regarding the Nigerian litigation case: Are African governments finally asserting their digital sovereignty? Are they seeking to protect digital rights and African internet users? Or is this more of a Big Tech cash cow, ready to be milked of much-needed revenue?
Platform accountability in Africa
Digital Rights vs. Digital Sovereignty
The Declaration of Principles on Freedom of Expression and Access to Information in Africa, through Principle 40, calls for the protection of privacy and personal information, and affirms that “Everyone has the right to privacy, including the confidentiality of their communications and the protection of their personal information”. Similarly, the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention) provides guidelines for States to establish national laws that protect personal data and facilitate the free flow of information.
The need for this emphasis has become increasingly necessary as global society progresses further towards an online and technologically reliant world. Technology companies are constantly evolving and producing new innovations, primarily for AI models, which rely heavily on access to personal information and data. Social media companies—given their unparalleled access to this type of data—are therefore central to the discussion on access to information and data protection.
However, it is similarly fair to note that the online world is not equitably regulated in the African context. Social media companies do not prioritise their resources in Africa, and despite proclaiming that they self-regulate their platforms using human beings and AI, it is evident that the few human moderators are insufficient, and the AI is not up to the task in Africa due to cultural and linguistic nuances. Tech companies continue to be unaccountable and disinterested in applying equal protection measures in Africa. We see this particularly in terms of breaches of data security, unauthorised theft or sale of data, dissemination of hate speech and misinformation – practices that will become increasingly frequent. It is therefore crucial that African states, both collectively and individually, force big tech companies to the table to properly negotiate a comprehensive regulatory framework.
The recent litigation case in Nigeria highlights the State’s shift from policymaking to proactive enforcement by offering checks and balances, conducting their own investigations, and issuing orders driven by evidence-based findings. Alongside similar cases in Ethiopia, Ghana and Kenya, it also underscores a critical issue: the limited capacity of many African states to confront the power of the online and corporate world while striking a balance regarding tech companies’ accountability.
Amidst growing global digital authoritarianism, it is encouraging to see African governments asserting their digital sovereignty. However, this assertion should go beyond curbing Big Tech’s influence to include strengthening data governance and providing the infrastructure and mechanisms needed for a more equitable and connected digital ecosystem.
Emerging guidelines and further regulations, as well as other similar resolutions, must in some way equip States with practical solutions for addressing the overwhelming power and genuine lack of accountability from tech companies. The resolutions should be an opportunity to capacitate States and reinforce people’s rights. We need proactive and equitable solutions to an issue that will only worsen the longer it remains unaddressed.
Data governance and data sovereignty
There is also an interplay between data sovereignty and data governance, which is intrinsically linked to digital rights. For Nigeria, data sovereignty means putting mechanisms in place for citizens to assert control over personal data, demanding prior approval for cross-border data transfers, and ensuring that foreign platforms adhere to local data protection standards. The Nigerian government’s firm stance against Meta’s “uneven privacy practices”—where the company offers stronger protections in the European Union but maintains looser standards in Nigeria—is a clear assertion of its sovereignty. The regulators’ demands for parity and dignity for Nigerians, as well as the legislative push for multinational social media companies to establish physical offices in Nigeria, underscore the country’s desire for greater data oversight and accountability within its borders.
In Uganda‘s case, data sovereignty and data governance work hand in hand to protect citizens’ personal data. Uganda’s focus has been on establishing internal standards and policies in compliance with the Data Protection and Privacy Act of 2019. This includes ensuring that data regulations and laws govern data stored within Uganda to protect citizens’ data from international cyber threats and espionage, and to ensure that data is not subject to less stringent data protection standards in other countries. These are vital for fostering trust in the digital economy and promoting the ethical and responsible use of data.
This, in theory, is excellent. Pursuing data sovereignty to strengthen the country’s data governance regime and practice, including policies, standards, and processes, is not only laudable but also necessary. And it is at this intersection of data sovereignty and data governance that digital rights become even more central. This is because Meta’s alleged data governance infractions not only affect the data sovereignty of Nigeria but also the digital rights of its citizens. Infringements such as unauthorised data sharing, denial of data self-determination, and the imposition of “take it or leave it” privacy policies directly undermine these fundamental digital rights.
Additionally, if local data protection frameworks are generally underdeveloped or poorly enforced, mandating specific data governance requirements to assert data sovereignty can expose users to a greater risk of data breaches, misuse, or inadequate consent regimes. In essence, data sovereignty is not merely a matter of national control or economic interest — it is a crucial mechanism that must be done with appreciation for its potential effects on individual digital rights. Hence, Nigeria’s regulatory push against Meta should not only be viewed through the lens of jurisdictional assertion but also as an opportunity to carefully review its data governance regime, in principle and practice, and its consequences for digital rights.
A way forward
Regional collaboration
As Africa continues its efforts to bridge the digital divide, many data controllers and collectors are located outside the continent. This poses severe limitations for a country-level territorial data protection law and technology regulation. A country-level law will allow Big Tech to selectively choose which country laws to comply with and which to disregard. This requires that African countries adopt a collective regional approach to address their specific peculiarities in an increasingly unequal digital era. As a follow-through on the Malabo Convention, such a framework must recognize that data protection is fundamentally tied to the observance of digital rights—anchored by clear, enforceable provisions that also hold Big Tech accountable.
What’s more, working towards a post-Malabo convention, African governments must avoid the temptation of unilateral policymaking. The new continental data protection framework and any future tech accountability frameworks must be the work of a multi-stakeholder-driven approach, taking inspiration from the tradition of policy making in the broad spectrum of internet governance that is anchored on multistakeholderism.
We must learn to think continentally and consider African digital sovereignty, not just the digital sovereignty of individual African countries, similar to the European Union approach. There is power in fighting collectively—pooling our shared strength to stand up to tech giants. Just as importantly, leveraging the scale of a harmonised and united African market becomes a powerful tool in any negotiation. The current momentum, sparked by data breach litigations across the continent, should be harnessed to advance the conversation around regional harmonisation of data protection and privacy laws and practices.
Trust building between citizens and governments
For digital sovereignty efforts to be truly effective and embraced by the public, they must be built on a strong foundation of human rights and trust between citizens and their governments. Without this crucial trust, citizens may view government digital initiatives, even those aimed at protection, with scepticism or suspicion, and this may undermine the very goals of digital autonomy.
To bridge this trust deficit, a multi-pronged approach is essential.
First of all, governments must work hard to strengthen their institutional transparency; there can be no trust without transparency. This includes improving digital communication with citizens while facilitating real-time feedback and dialogue. This will enhance visibility and reduce the perception of secrecy and corruption.
Secondly, independent regulatory bodies must truly be independent. Data protection regulators, as well as the judiciary, must be empowered to fairly address and enforce the rules and policies laid down. For instance, it would be most disastrous if any investigations or judicial decisions against Meta were found to be obtained through dubious interception.
Thirdly, the payment of penalties must be linked to a public good, rather than opaque regulatory budgets. Even before the fines are paid, regulators need to communicate measures to be taken to ensure accountability for this fine and future fines. For instance, will there be regular reports on how these funds are invested in data protection capacity, cybersecurity, or digital rights programs?
Fourthly, government agencies themselves need to demonstrate a serious commitment to Nigerian data protection and governance standards and policies.
Finally, there must be a significant investment in capacity development and awareness. That is, government workers must be continuously trained on best practices in data governance. Simultaneously, citizens must be educated about their data rights and empowered to make informed choices regarding their personal data.
Recommendations
On a continental level:
-
- Urgent move towards real regional collaboration on platform accountability mechanisms and data governance in Africa as a precursor for the protection of platform data and the adoption of context-friendly and lightweight mechanisms that are relatively free from bureaucratic processes. States can choose to hone in on data governance in this instance, to finesse a better working relationship for the wider umbrella of digital transformation governance.
- African states, both collectively and individually, should compel big tech companies to properly negotiate a comprehensive regulatory framework for Big Tech and ensure processes for monitoring compliance and progress with these frameworks.
On national levels:
-
- Building trust and strengthening institutional capacity and transparency to improve citizen-government harmony in Big Tech accountability.
- Properly constituting investigative panels, policy dialogues and standard-setting with stakeholders from civil society and digital rights to ensure that in asserting digital sovereignty, rights are not impacted negatively.