Data is likened to the new oil, the question of who controls this invaluable resource has become a focal point of global discourse. Nations across the world are grappling with the complexities of data ownership, privacy and sovereignty. The rapid digitisation of economies and societies has amplified concerns over data governance, prompting countries to enact stringent data protection laws to safeguard their citizens’ information and assert control over their digital landscapes.
Globally, the push for data sovereignty has gained momentum. In 2024, the United States, United Kingdom, European Union and several other nations signed the Framework Convention on Artificial Intelligence. This legally binding treaty aims to ensure that AI technologies are deployed in ways that respect human rights, democracy and the rule of law. It emphasises the protection of user data, adherence to legal standards and transparency in AI practices. Such international agreements underscore the growing recognition of data as a critical asset requiring robust governance frameworks.
READ ALSO: How Data is Fueling Progress and Success in Africa’s SDGs
Africa, with its burgeoning digital economy, is increasingly recognising the importance of data sovereignty. The continent’s digital infrastructure is expanding rapidly, with mobile data usage growing by approximately 40% annually. Yet Africa still hosts less than 1% of global data centre capacity.
To address this gap, the International Finance Corporation (IFC) invested $100 million in Raxio Group in April 2025 to bolster digital infrastructure across several African countries, including Ethiopia, Angola, Côte d’Ivoire, Mozambique, the Democratic Republic of Congo and Uganda. The investment aims to enhance local data hosting capabilities, improve cybersecurity and reduce reliance on foreign data centres.
According to the World Bank, the funding represents the IFC’s largest such debt investment in Africa to date. It reflects the growing interest from global institutions in the continent’s digital economy, where mobile money, AI-driven services and cloud-based platforms are expanding rapidly.
Nigeria’s Data Protection Milestones
Nigeria has made significant strides in establishing a robust data protection framework. In June 2023, President Bola Ahmed Tinubu signed the Nigeria Data Protection Act into law, replacing the Nigeria Data Protection Bureau with the Nigeria Data Protection Commission (NDPC). The Act provides a comprehensive legal foundation for the processing of personal data, emphasising the rights of data subjects and outlining the responsibilities of data controllers and processors.
The impact has been substantial. By 2024, Nigeria’s data protection sector had generated ₦12 billion in revenue, a notable increase from ₦4 billion in 2021. It also contributed to job creation, with 23,000 positions generated in 2024 alone, up from 10,123 in 2023. Compliance with data regulations improved, with the number of verified Data Protection Officers rising from 362 in 2021 to 2,888 in 2024. The NDPC intensified enforcement efforts, conducting 213 investigations into privacy breaches and non-compliance cases in the same year.
Kenya’s Progressive Data Governance
Kenya has been similarly proactive in shaping its data protection landscape. The country enacted the Data Protection Act in 2019, establishing the Office of the Data Protection Commissioner (ODPC). The ODPC oversees data processing activities, ensures compliance with protection principles and safeguards the rights of data subjects. Kenya’s approach promotes transparency, accountability and public awareness around data rights.
South Africa’s Comprehensive Data Regulation
South Africa’s Protection of Personal Information Act (POPIA), which came fully into effect in July 2021, represents a comprehensive effort to regulate the processing of personal information. The Act applies to both public and private entities and mandates strict adherence to data protection principles. The Information Regulator, established under POPIA, is empowered to enforce the Act, investigate complaints and impose penalties for violations. South Africa’s framework aligns with international standards, facilitating cross-border data flows and supporting the country’s digital economy.
Challenges and the Path Forward
Despite these advancements, African countries face significant hurdles in realising full digital sovereignty. Internet shutdowns have become a troubling trend, with 21 instances reported across 15 African countries in 2024—the highest recorded in a single year. Often enacted during periods of conflict, protest or elections, such shutdowns disrupt economic activity and infringe on citizens’ rights to information access.
The continent’s dependence on foreign technology firms for data storage and processing continues to raise concerns over control and privacy. Strengthening local digital infrastructure, refining regulatory frameworks and enhancing regional collaboration are essential steps toward genuine digital sovereignty.
The battle for digital sovereignty in Africa remains a complex, ongoing endeavour. As countries like Nigeria, Kenya and South Africa continue to strengthen their data protection regimes, they lay the groundwork for a more autonomous digital future. By investing in infrastructure, promoting awareness and aligning with global standards, African nations can assert control over their data, safeguard their citizens’ privacy and unlock the full potential of the digital economy.
