The African Continental Free Trade Area Agreement Vis-À-Vis Its Data Protection Concerns


By Israel Olawunmi


As first coined by Marshall McLuhan in 1964, the world is now generally recognized as a ‘global village’. This stems from how the world is now connected as a result of modern communication; thus linking everyone in the world by telecommunication and the internet. One of the key elements of the compact globe is the movement of goods and services across national borders. Hence, globalization is not delimited to telecommunication and the internet, it also embraces commerce: trade in goods and trade in assets. This however, is not without its attendant barriers; barriers in the context of state sovereignty and equality. Barriers such as high tariffs, immigration challenges and regulatory bottlenecks are identifiable issues that plague transnational trade. In dealing with this matter, the international community has continued to devise means to ease through these barriers whilst the sovereignty of states under international law is not jeopardized in any form. The African Continental Free Trade Area Agreement (“the Agreement”) is one of the means of achieving this goal through the creation of the African Continental Free Trade Area(“AfCFTA”). The Agreement aims to boost intra-African trade by providing a comprehensive and mutually beneficial trade agreement. The Agreement covers trade in goods and services, intellectual property rights and competition policy. As prior stressed, the world has become a global village, analogous to the global village is the transitioning from the Third Industrial Revolution to the digital economy, otherwise known as the Fourth Industrial Revolution. This is done by creating a bridge between the physical and cyber world. The digital economy can help facilitate multiple value chains and lessen the traditional boundaries for the exchange of goods and services. This leads to the place and importance of personal data in the exchange of goods and services. Despite being widely extolled as a game-changer and a progressive step in ensuring trade liberalization and economic integration in Africa, the Agreement has an unaddressed manifest data protection regime gap. This may prove to be stumbling block to the reduction of trade barriers amongst member States, as a party may be reluctant to transact with another, if its personal data is not adequately and effectively protected. Africa must develop a framework that will guarantee safety, privacy and dignity of individuals and businesses. This work seeks to examine data protection under the Agreement and other consequential matters.


 It is pertinent at this point to take a peep into the historical background of the Agreement, what it is about and its core objectives. It is a regional agreement which seeks to bolster industrialization in Africa. The AfCFTA is a flagship project of the African Union (“AU”)’s Agenda 2063, a blueprint for attaining inclusive and sustainable development across the continent over the next 50 years.[1]


The roots of AfCFTA can be traced to the 1980 Lagos Plan of Action, adopted by the Organization of African Unity(OAU) for the formation of an African common market. Also, a plan in 1991, signed in Abuja, Nigeria, to launch the African Economic Community, with an ambitious six-stage roadmap to full economic integration.[2]Neither of these were implemented but the goal remained in the pipeline.[3] At the 18th Ordinary Session of the Assembly of Heads of States and Government of the AU, held in Addis Ababa, Ethiopia in January, 2021, took a decision to establish a Continental Free Trade Area by an indicative date of 2017.[4] This deadline however, was not met, but the Agreement was signed on 21st March, 2018 at the Extra-Ordinary Summit of the African Union held in Kigali, Rwanda. The Agreement came into force on 30th May, 2019 after Gambia became the 22nd member State to ratify it.[5] Nigeria signed the Agreement on 7th July, 2019 and ratified same in November,2020, making Nigeria the 34th member State to ratify. Of all the 55 AU member States, Eritrea is the only country that is yet to join.[6] The operational phase of the Agreement was subsequently launched during the 12th Extraordinary Session of the Assembly of the African Union in Niamey, Niger on 7th July, 2019.The AfCFTA will be governed by five operational instruments, i.e. the Rules of Origin; the online negotiating forum; the monitoring and elimination of non-tariff barriers; a digital payments system and the African Trade Observatory. An Extraordinary Summit of the AU Assembly on the AfCFTA took place virtually on 5th December,2020. The AU Assembly approved the start of trading under the Agreement as from 1st January, 2021.[7] The AfCFTA’s Secretariat is in Accra, Ghana, with Wamkele Mene from South Africa, serving as the first Secretary-General.[8] The Secretariat is charged with the implementation of the Agreement.

ALSO READ   Melaye's Recall: Keyamo SAN Aligns with INEC on Suspension of Process


Intra-African trade has historically been low. In 2017, intra-African exports were 16.6% of total exports , compared to the 68% in Europe and 59% in Asia.[9] The AfCFTA is the world’s largest free trade area since the formation of the World Trade Organization (WTO) by connecting to 1.3 billion people across 54 African Countries.[10]The AfCFTA could have a gross domestic product of around US$3.4 trillion as it aims to create a single continental market, reduce tariffs among member States, as well as regulatory measures such as sanitary standards and technical barriers to trade and allowing the free movement of goods, services and people in Africa. The AfCFTA is also expected to enhance competitiveness at the industry and enterprise level through the exploitation of opportunities for scale production, continental market and better reallocation of resources. The United Nations Economic Commission for Africa (UNECA) contends that the AfCFTA has the potential to boost intra-African trade by 52.3% by eliminating import duties, and to double this trade if non-tariff barriers are also reduced.[11] The AfCFTA is projected to progressively reduce trade tariffs by over 90% by 2022 and by extension, address the increasing inflation and infrastructural deficits within the continent.[12] To achieve the objectives of AfCFTA, the Agreement mandates member States to:[13]

i.  Progressively eliminate tariffs and non-tariff barrier to trade in goods;

ii. progressively liberalize trade in services;

iii. cooperate on investment, intellectual property rights and competition policy;

iv. cooperate on customs matters and implementation of trade facilitation measures;

v.  establish a mechanism for the settlement of disputes concerning their rights and obligations; and

vi. establish and maintain an institutional framework for the implementation and administration of the Agreement



The world has gone digital and by consequence, individuals are often required to provide their personal data to perform certain online transactions or for even offline activities. Data is defined as information especially facts or numbers collected to be examined, considered and used to help decision-making or information in an electronic form that can be stored and used by a computer.[14] Data means characters, symbols and binary on which operations are performed by a computer, which may be stored or transmitted in the form of electronic signals, stored in any format or any device.[15] Personal data on the other hand, can defined as information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.[16] By this definition, personal data can include name, home address, bank account details, medical records, photo, posts on social media and any other unique identifier.[17]

The earliest record of using data to track and control businesses dates back to 7,000 years ago, when accounting was introduced in Mesopotamia in order to record the growth of crops and herd.[18] The importance and relevance of data in this digital era cannot be overstated. Joris Toonder of Dutch internet marketing company, Yonego, believes that data in the 21st Century is the new oil of the digital era: an immensely untapped valuable asset. Furthermore, it is the key to the smooth functionality of everything from the government to local companies, without which progress would halt.[19] This aptly captures the true essence of personal data and the pressing need to ensure its protection. A data breach can occasion not only embarrassment but loss to individuals, corporations, and governments. In 2018, Facebook spotted a spike in unusual activities, meaning hackers could have had access to users’ personal data, putting a sea of Facebook users at risk.[20] Personal data must be protected to secure and guard personal data from abuse, corruption, compromise or loss. Data protection becomes important because of the high rate at which personal data is created and stored.


Proliferation of digital platform usage translates to increased ease and volume of information gathering. Although the total volume of information and data collected through digital devices and consumed within the continent is not readily available, a look at the global statistics provides some insight. On the average, the volume of data generated in the past ten years worldwide has grown by 45% annually, and expected to grow even faster in coming years.[21] The Agreement has ensured the free flow of services as well as information in African countries. Most developed countries have enacted data protection laws and have been implementing them for quite a while now. Data breaches or failure to comply with data protection laws can come with grave consequences. However, it is not only disturbing that data protection was not sufficiently considered in the Agreement, some African countries have no data protection laws. Data governance in Africa is developing rather slowly. The degree of enactment, adoption and enforcement of data governance regulations varies remarkably across African countries. These variations are mostly attributable to differences in individual institutional capacities of respective governments to legislate and implement appropriate policies. A significant number of African countries are yet to have any form of legislation on data and privacy protection, making Africa the continent with the least data governance prevalence. Countries such as Sudan, Botswana, Ethiopia, Liberia, Congo, Guinea-Bissau, and so on are yet have data protection laws. This making exchange of personal data between these countries susceptible to abuse, corruption or any security risk, and even posing a challenge to reduction of trade barriers under the Agreement.

ALSO READ   Nature & Scope of the Written Memorandum of Claim & Options for Settlement Requirements of the High Court of Lagos State (Civil Procedure) Rules, 2019


It goes without saying that digitalization is crucial to the seamless implementation and prosperity of the Agreement, as it forms a bedrock for the enforcement of the provisions of the pact, and monitoring progress. However, digital networks are largely dependent on personal data flow and analytics to improve efficiency and innovations for scaling up operations and broadening market penetration. E-commerce activities in fact have their flow tied to personal data exchange between the different contracting parties across the given territories. It then becomes imperative for countries to take active steps in protecting the integrity of their national data and security, and preserving citizens’ rights to retain control over their personal information and national competitive advantage. A lax or inexistent data regime or regulation can be generally disadvantageous market activities and outcomes, hence, the need to address data governance issues when negotiating trade agreements to ensure fairness and nondiscriminatory treatment. Trade negotiators are invariably interested in including and agreeing on provisions to clarify rules governing the handling of personal data for trade purposes. In the context of the Agreement, even though there is a general optimism surrounding its promise of economic development and increased prosperity for the region, there are still necessary building blocks that must be strengthened for it to succeed and benefit all Africans. One of such foundations is the need to fix gaps in policies, institutions, and structures to fully harness the potential of digital trade.[22] 


The Agreement is expected to play a cogent role in harmonizing data governance in Africa, as 54 out of the 55 African countries are parties to it and not all of these countries have data regime. Being binding on all member states, the Agreement fails to sufficiently address the pressing data governance questions, making transacting a tad difficult in this regard. Admittedly, the Agreement provides that it is governed by the principle of transparency and disclosure of information,[23] there is still an absence of an effective regime for data protection. There is no specific regional position on data governance and transborder data transfer, other than the provision contained in the Agreement’s Protocol on Trade in Services, which provides thus: ‘Privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and account.’

This provision when compared to the data protection of other trade agreements is not robust enough and does not guarantee sufficient protection and security of personal data. The provision merely suggests that member States should adopt necessary measures to comply with their national data protection legislations, so long as it is not implemented in a way to restrict cross-border trade. It is arguable that in effect, the provision even restricts trading with member States without a data protection regime. In Nigeria for example, the Nigeria Data Protection Regulations (NDPR), 2019 prohibits transfer of personal data to a country without a data protection regime.[24] Flowing from this are questions like: are African States without data protection laws precluded from enjoying the benefits of AfCFTA? or States with data protection regime be coerced to wait for those who do not before the fruits of AfCFTA be enjoyed by them? The Agreement ought to have proposed a model data protection law or forge a clear data governance structure at national and continental levels to allay fears surrounding any data breach in cross-border transactions. ratifying it. Unfortunately, the African Union Convention on Cyber Security and Personal Data Protection, also known as the Malabo Convention ,2014, albeit comprehensive has been signed by only 14 States and ratified by 5.[25]

ALSO READ   Busola Dakolo: Beyond Criminal & Civil Actions for Rape and Other Sexual Offences - Elvis E. Asia


It is indubitable at this point that The Agreement should incorporate data protection provisions or guidelines to automatically bind signatories to it. This would do well to properly address the data protection concerns amongst contracting parties in the trade area. Thorough consideration should be given to the following in tackling the data governance question under the Agreement:[26]

  1. Definition, scope of coverage, and regional stance on data governance;
  2. rules for promoting seamless interoperability of cross-border data flows in a secure manner;
  3. minimum standards on ethical use of data;
  4. coordinated cybercrime legislations, procedures for conducting investigations into reports, and intelligence sharing;
  5. coordinated approach on taxing borderless transactions concluded through data channels;
  6. online consumer protection laws;
  7. regulation of cross border payments various across African currencies and digital currencies;
  8. principles on data privacy, protection and security;
  9. regulation on how open government data can be accessed;
  10. management of digital identities; and
  11. sanction for default or breach.


AfCFTA comes with a truckload of economic benefits for African countries. It can even serve as stimulant for the long-awaited regional data protection framework needed for the ease of trade in Africa’s growing digital economy. To ensure that the full potentials of AfCFTA are realized, all stakeholders must work hand in hand to enhance digitalization with necessary policy reforms. The signatories to the Agreement must swiftly deliberate and agree on how to incorporate specific data protection provisions in the Agreement in line with international best practices. This would to a reasonable extent abate the data protection concerns under the Agreement, and increase the confidence of investors in the free trade area. A cue can be taken from the European Free Trade Agreement, that contains robust provisions on data protection binding on member States, the US-Mexico-Canada Agreement (USMCA) or even the European Union General Data Protection (GDPR).

Israel Olawunmi writes from Lagos. He can be reached at


[1] Tralac, ‘African Continental Free Trade Area (AfCFTA) Legal Texts and Policy Documents’, (Tralac, 2021),  accessed 23 September, 2021

[2] Olu Fasan, ‘AfCFTA: Africa is Moving Too Slowly Towards Economic Integration’ (International Growth Centre, 2019, accessed 23 September, 2021

[3] John Young, ‘Who Will Benefit From The African Continental Free Trade Area?’ (Global African Network,2020) , accessed 23 September, 2021

[4]  Tralac, op.cit

[5] Prince Nwafuru ‘AfCFTA: The Underlying Principles, Objectives and  Benefits’, (Nairametrics, 2021) accessed 23 September, 2021

[6] Abdur Rahman Alfa Shaban, ‘Eritrea Defends Decision To Sit Out Africa Free Trade Pact- For Now’,(Africanews., 2020), accessed 23 September, 2021

[7] Ueli Staeger and Bruce Byiers, ‘AUDA-NEPAD: Does Money Focus Equal Ownership Trade’, (ECDPM, 2021), accessed 23 September, 2021.

[8] Sofia Balino, ‘African Continental Free Trade Area Completes First Month of Trading’, (IISD, 2021) accessed 23 September, 2021

[9] Thomas Kendra, Ledea Sawadago-Lewis and Ala Peter- Daley, ‘AfCFTA: The Basics-What You Need To Know’, (Hogan Lovells, 2020), accessed 23 September, 2021

[10]David Thomas, ‘What You Need To Know About The African Continental Free Trade Area’,  (African Business, 2021), accessed 23 September, 2021

[11] United Nations Economic Commission for Africa, ‘African Continental  Free Trade Area, Questions & Answers’, (ATPC, 2021), accessed 23 September, 2021

[12] Nwafuru, op.cit

[13] Article 4 of the AfCFTA Agreement.

[14]  accessed 23 September, 2021

[15] Regulation 1.3 (iv) Nigeria Data  Protection Regulation (NDPR)

[16] Article 4(1) General Data Protection Regulation (GDPR)

[17] Regulation 1.3 (xix) NDPR

[18]  Mark Rijenam, ‘A Short History of Big Data,’(‘Experfy, 2019) accessed 23 September, 2021

[19] Joris Toonder, ‘Data is the New Oil of the Digital Economy’, (Wired, 2014) economy/ accessed 24 September, 2021

[20] Sarah Perez, Zack Whittaker, ‘Everything You Need To Know About Facebook’s Data Breach Affecting 500 Million Users’, (Techcrunch, 2018) affectibg-50m-users/ accessed 24 September, 2021

[21] Centre For The Study of the Economies of Africa, ‘Strengthening Data Governance in Africa’,(Project Inception Report, 2021), 9,  accessed 24 September, 2021

[22] ibid

[23] Article 4 of the AfCFTA Agreement; Article 6 of the Protocol on Trade in Services.

[24] Regulation 2.11 (c-e) NDPR, 2019

[25] Tomslin Samme-Nlar, ‘Why It Is Important For African States To Ratify The Malabo Convention’,(African Academy Network on Internet Policy, 2018), accessed 24 September, 2021

[26] Centre For The Study of the Economies of Africa, op.cit 18


Please enter your comment!
Please enter your name here