The 8th Network of African Data Protection Authorities (NADPA-RAPDP) Conference, held in Abuja, Nigeria, served as a key forum for NADPA-RAPDP members to deliberate on their evolving role in shaping Africa’s digital governance landscape. More than a policy gathering, the conference signaled a shift in how Data Protection Authorities (DPAs) across the continent see themselves; not just as watchdogs, but as enablers of responsible innovation. The event brought together African policymakers, regulators, private sector leaders, legal experts, tech giants, and civil society actors to advance dialogue on how to govern data in a way that protects rights, fosters innovation, and supports regional integration.
Addressing questions like, “What outcomes is data protection supposed to achieve?”, speakers explored the critical intersection of technology, government, rights, and innovation. The goal was to illuminate pathways for data governance that effectively serve systems and citizens. Discussions particularly highlighted the central and expansive role DPAs must play across numerous sectors, necessitating their active engagement with businesses big and small. Many speakers emphasized that data privacy and protection is the heart of our digital future.
“ Trust is the currency of innovation. ”
Central to the entire conference was the recurring theme of trust. As Dr. Vincent Olatunji, National Commissioner of the Nigeria Data Protection Commission (NDPC) aptly put it, “Trust is the currency of innovation.” However, it cannot be assumed; it must be built, between departments, across borders, and with the public. As conversations around interoperability, sandboxes, and harmonization gained momentum, it was clear that trust requires a careful balance between enabling technological progress and upholding privacy and data rights.
Establishing trust in the digital space is fundamentally about empowering stakeholders with the knowledge and capacity regarding sound data governance principles and practices. Reflecting this critical need and serving as a key milestone at the conference, Nigeria launched the Virtual Privacy Academy. Designed to provide structured training for public and private-sector actors, the Academy reflects NDPC’s broader strategy to operationalize Nigeria’s data protection law and strengthen compliance across the board. Dr. Olatunji also highlighted the Authority’s achievements, including over 5,000 compliance assessments, 40,000 supported data controllers and processors, 223 investigations, and the licensing of 267 Data Protection Compliance Organizations (DPCOs), a signal that DPAs are beginning to institutionalize trust by turning laws into action.
‘’Uniformity is not the only means to harmonisation”
There was a shared vision to build a harmonized, trustworthy, and innovation-ready data governance ecosystem across Africa. While over 35 African countries have enacted data protection laws, speakers noted inconsistencies in enforcement, limited interoperability, and poor adoption of the Malabo Convention, which is presently only ratified by 18 countries in 14 years. Across panels, it was clear that harmonization remains a top priority, but with a crucial shift in tone. Rather than pushing for identical laws across borders, emphasis was placed on the value of continental data governance alignment by finding shared principles, mutual recognition mechanisms, and interoperable standards that can enable data to flow safely and responsibly across jurisdictions.
Speakers like Abdul-Hakeem Ajijola, Executive Chairman of Consultancy Support Services Limited and a member of the African Union Cybersecurity Expert Group, emphasized the importance of designing locally relevant and enforceable laws, rather than importing models like the European Union’s General Data Protection Regulation (GDPR) without adaptation; a view which acknowledges Africa’s regulatory diversity and economic realities, and reflects a practical approach to building from within rather than from without.
The complexity was further illustrated by Kenya’s Data Commissioner, Immaculate Kassait, who highlighted the paradox of data governance in Africa, where the same data collection practices that raise privacy concerns have also enabled financial inclusion and digital growth. The challenge, then, was to regulate in ways that empower, balancing innovation with accountability through agile, context-sensitive governance tools.
“The reason fintech is thriving on the continent is because of the level of experimentation fintech regulators have allowed.”
DPAs are increasingly embracing non-traditional oversight mechanisms, acknowledging the need for regulatory flexibility to evolve alongside technology and deepen the digital economy. This approach is crucial because, as one speaker noted, “We know much about data protection, but we do not know much about Artificial Intelligence and Digital Public Infrastructures,” highlighting the need for regulators to better understand emerging tech applications. Regulatory experimentation offers a flexible pathway that can benefit both regulators and solution providers by allowing learning and adaptation in a controlled environment.
While this kind of experimentation is mutually beneficial, solution providers often require specific incentives to actively engage. Based on engagements with regulators in Africa through the Africa Sandboxes Forum, a key concern frequently raised is how to encourage participation from big tech. This raises critical questions: What incentives would truly drive big tech engagement in regulatory experimentations? Furthermore, how can such initiatives be best structured to help regulators effectively understand emerging technologies such as AI applications, fostering more informed and effective regulations? While specific incentives may not have been detailed in every discussion, such questions are what we are tackling in our co-creation engagements, which began in Kigali, within the Africa Sandboxes Forum.
“The digital economy can only be deepened by entrepreneurs. But this only happens if it’s safe to share data across jurisdictions, sectors and borders.”
Among the agile data governance tools alluded to, regulatory sandboxes stood out as a forward-looking and increasingly strategic approach. These controlled environments allow for real-world testing of new technologies and services under regulatory oversight, enabling DPAs to engage proactively with innovation rather than reacting after the fact. More importantly, cross-border sandboxes were seen as practical venues to test harmonization in action, helping regulators identify interoperability challenges, strengthen mutual trust, and support regional cooperation. For example, regional sandboxes can be testing grounds for how different laws apply to innovators in order to establish the cross cutting policy elements that can contribute to a harmonization mechanism. Additionally, sandboxes were hailed as providing a structured way to test new technologies in multiple jurisdictions, build mutual trust between regulators and innovators, identify practical barriers to interoperability, and strengthen regional cooperation through real-world collaboration.
In parallel, Privacy Enhancing Technologies (PETs) were also acknowledged for their role in mitigating risks, especially in complex or high-stakes environments. But like sandboxes, PETs are not one-size-fits-all. Each tool carries trade-offs: cost, capacity requirements, and varying degrees of complexity, underscoring the importance of governance strategies that blend technology, law, ethics, and education.
“Africa needs to co create a digitally enabled continent where data governance is not outsourced, rights are protected, economies thrive and no one is left behind.”
The conference closed with the resounding message that change is collective. Whether advancing harmonization, scaling trust, or designing adaptive regulatory models, no single actor (government, private sector, or civil society) can act alone. There was a shared commitment to amplifying Africa’s voice in global data governance forums, promoting regional collaboration, and developing data privacy regimes that are rooted in African values, culture, and dignity.
As Africa steps further into its digital future, the message from Abuja is clear: when trust, responsibility, and cooperation guide our actions, data becomes not a barrier, but a bridge, linking economies, empowering individuals, and strengthening our shared digital destiny.
