Data Protection Africa Summit 2018 was held in Senegal. The right to privacy is part of the Senegalese constitution, but 2008 legal reforms saw the enactment of Law No. 2008-12 on the protection of personal data, as well as other ICT-related laws. The Senegalese example is impressive, as their law entered into force in 2014, the data protection commission known as the Commission des Données Personnelles (CDP) was established, and the CDP’s website is highly accessible and informative with regular reports about the activities of the CDP and resources for citizens looking to exercise their rights under the law.
Under Law No. 2008-12, an individual has the right to:
- be informed by any data controller if they hold personal data about that individual;
- access and know how personal data concerning them is being processed;
- object, for legitimate reasons, to the processing of personal data concerning them;
- have a data controller correct, supplement, update, lock, or delete personal data concerning him, if the data is inaccurate, incomplete, equivocal or out of date, or if its collection, use, communication, or conservation is prohibited; and
- not be subject to a decision made on the sole basis of an automated processing that would produce adverse legal repercussions for them.
Ms. Awa Ndiaye is the President of the Personal Data Protection Commission (CDP)