The expression “data is the new oil” has become commonplace over the past ten years.
During a decade of economic stagnation across much of the rich world following the 2009 financial crisis, the technology and digital infrastructure sector emerged as one of the key drivers of economic growth.
Companies such as Google, Ali Baba, and Amazon generated billions of dollars in profits, partly because of their ability to collect, analyze, and monetize extremely large amounts of data.
However, in recent years, countries in the rich world, particularly in Europe, have introduced mechanisms such as the General Data Protection Regulation (GPDR) that have undermined the ability of tech companies to get their hands on valuable personal data.
In Canada, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) governs how private sector organizations collect, use and disclose personal information in the course of commercial business. However, there has been a strong push to modernize the guidelines, which have been described as less prescriptive compared to other jurisdictions such as the European Union, and inadequate in the face of changing technology, such as artificial intelligence and facial recognition.
Nevertheless, as Danielle Colleman explains:
“These same protections, however, do not exist uniformly in the resource-rich, infrastructure-poor African countries, where Western tech seeks to establish its presence. These conditions provide an ideal landscape for digital colonialism…“
“Digital colonialism refers to a modern-day “Scramble for Africa” where largescale tech companies extract, analyze, and own user data for profit and market influence with nominal benefit to the data source,” she continues. “Scant data protection laws and infrastructure ownership by western tech companies open the door for exploitation of data as a resource for profit and a myriad of uses including predictive analytics.”
Colleman defines “digital colonialism” as “the decentralized extraction and control of data from citizens” with or without their explicit consent “through communication networks developed and owned by Western tech companies.” The 19th century “Scramble for Africa” enabled colonial powers to engage in the systematic extraction of African resources for European benefit.
The answer to this situation is not straightforward. Colleman argues that even in countries that have established data protection laws similar the GDPR, such as Kenya, which introduced a Data Protection Bill (DPB) that sought to mirror European regulation, data colonialism is alive and well.
This is because most large tech companies “have the time, money, and resources to fight for their desired outcomes, even if they stand in direct violation of pre-established laws. For example, Uber has flaunted its willingness to operate in clear violation of local laws, launching in cities where its operation violates city ordinances”.
In this context, civil society emerges as a critical actor that can help create public awareness about this issue, and that can push for the establishment and enforcement of data protection laws across the country. However, civil society in Africa and across the South needs ongoing technical and financial support to be able to play this role.
It is worth noting that despite the many limitations civil society organizations in the region face, it seems like their efforts to push for change are beginning to paying off, as many countries in the region have passed these types of legislation. In 2021 alone Rwanda, Zambia, and Zimbabwe enacted data privacy laws.
Reminiscent of the long struggle for Freedom of Information legislation, more countries urgently need to pass data privacy laws to protect individuals from the predations of Big Tech.