The Rwandan parliament has yet to ratify the 2014 African Union Convention on Cyber Security and Personal Data Protection adopted in Malabo, Equatorial Guinea, an official source confirmed to APA in Kigali on Wednesday. Rwanda will become the fifth country to ratify the framework after Senegal, Mauritius, Namibia and Guinea when the new ratification comes into force.
Although Africa has made significant progress in creating its digital ecosystem over the previous decade, official estimates suggest that despite these attempts, there is still a clear gap between African Union (AU) member states in terms of awareness, comprehension, expertise, and ability to deploy and implement appropriate policies, capacities, and programs to mitigate cyber threats.
Paula Ingabire, Rwandan Minister of Information and Communications Technology and Innovation, told lawmakers Wednesday in Kigali that the essence of the convention is to pave the way for the 2017 National Revolution Policy to be implemented.
This policy requires the government harmonize laws for protection of individuals with regard to the processing of personal data and privacy, it said.
It also raises issues about privacy and involves the protection of collected, stored and used personal identifiable data or other sensitive data.
In addition, the policy states that health information, privacy and protection regulations need to be strengthened to safeguard patients from insurance and other healthcare practitioners ‘ access to personal medical information without adhering to universally recognized principles of data protection.
The law on data protection would encompass the main principles and other basics.
These include regulating the collection, processing, storage and sharing of private information ; establishing legal and institutional frameworks for the protection of private information
Other main principles are to set rules and restrictions on the collection of private information for a particular, explicit and legitimate purpose.
The AU Convention on Cyber Security and Personal Data Protection was created in June 2014 after extensive ICT access and internet penetration in Africa also raised concerns about the need to encourage governance of cyber security and cyber stability across the world.
The Convention imposes on member states commitments to create legal, policy and regulatory steps to encourage cybersecurity governance and cybercrime control.