Data Localization Laws are Making African Trade Less Free
Laws that restrict access to cloud computing threaten Africa’s growth
African countries are now the leaders and defenders of free trade: the historic African Continent Free Trade Agreement (AfCFTA) has created the world’s largest free trade area since the WTO. The AfCFTA, which officially went into effect in May, seeks to grow intra-African exports from a dismal 15 percent to the European average of 60 percent. Intra-African trade is key to transforming the region from a historic commodity exporter to a dynamic, diversified, and technology-driven powerhouse. But this agreement is missing a reference to the 21st century’s most important commodity– data. While the agreement reduces barriers to trade within Africa, major African markets like Nigeria, and Kenya, South Africa are effectively regulating the internet economy through data localization laws.
Data localization laws cut off access to global cloud services that are the lifeblood of the modern economy. If African markets are to thrive in the 4th Industrial Revolution, governments must allow companies to access the cloud without restrictions, in-line with global standards. Doing so will attract international investment, foster the growth of local tech champions and traditional industries alike, and bolster the continent’s resistance to cyber-attacks.
Unencumbered data flows have become fundamental to the way the world does business. Yet, over the last decade, seventeen African countries have passed data localization laws. These laws were in response to fears of African governments that sending their citizens’ data abroad would increase citizens’ vulnerability to serious security and privacy threats from foreign actors. Such fears are unfounded, reactive, and could have potentially disastrous effects. Africa’s proliferation of data localization laws poses a significant barrier to new investment, even when these laws are driven by desires to promote local economic development. Nigeria’s data localization framework, for example, specifically mentions the country’s “clear negative trade balance” in the IT sector.
The economic benefits of data localisation, however, only flow to a few local companies that own data centres and even fewer employees needed to run them. Moreover, these laws have not led to increased FDI from global tech giants, which have been slow to build their infrastructure across the continent. A framework that ensures the privacy of African user data as it flows to servers across the world, however, would accelerate the adoption of cloud computing across the continent, enable efficiency, improve competitiveness and boost economic growth.
A modern continental framework for data flows will help African startups and traditional industries alike modernise and scale across the continent. The promise of the 4th Industrial Revolution is that “internet of things” and data-driven insights will create new business opportunities and transform existing sectors. Data localisation laws, however, force business owners to use local services to process all data. Local data storage costs are more expensive than global systems which operate at scale – such costs are passed on to the businesses forced to utilize the local infrastructure and ultimately their customers. With laws that allow firms to freely send data in and out of a country, entrepreneurs can leverage affordable global cloud services.
A local startup can utilize the same infrastructure to store its data as global giants such as Apple and Salesforce, allowing for best speed, pricing, and security. But it is not just technology companies that benefit from the free flow of data: McKinsey estimates that 75 percent of the value added by data flows and internet connectivity is in traditional industries, highlighting substantial impact in Africa, where economies are still dominated by industries such as agriculture, energy, mining, and manufacturing. Access to global cloud services that store and transfer data can even substantially reduce the operational costs of regional manufacturing firms.
Moreover, enforcing data to be placed in limited locations runs contrary to cybersecurity protocols and is more likely to have an unintended negative effect. One motivation for data localization laws is protection from cyber-attacks. National governments argue that the less their citizens’ data travels, the more secure it is. However, by compelling companies to use infrastructure within a limited geographical area data is more prone to security breaches. The physical centralization of data creates a “jackpot” problem whereby a hacker would only have to hack a few servers in a country to access all of its user data.
Local data storage services do not have the budgets or resources to compete with internationally recognized global providers, resulting in citizens’ data being placed in the hands of firms with less rigorous security standards. Cloud platforms such as Amazon Web Services are trusted by the world’s most sensitive industries, whether it be healthcare companies or government agencies.
Data localization is effectively a trade barrier. African government’s safety and privacy concern is legitimate, but their response has been counterintuitive. By making cloud computing burdensome through data localization laws, African countries are inhibiting FDI and economic modernization. Thankfully, a framework to solve this problem already exists the 2014 AU Convention on Cybersecurity and Data. This convention supports both data privacy and the free flow of data and is similar to the European Union’s General Data Protection Regulation (GDPR).
In order to fully benefit from the 4th Industrial Revolution, all AU countries should ratify the convention, which would encourage cloud integration and create a free market for African data.
The article is authored by Lexi Novitske, Principal Investment Officer at Singularity Investments.
Note: The views represented in the article are that of the author’s and WeeTracker does not necessarily hold the same opinion.
Feature image courtesy: mobilemediainfotech
