In the digital era, data generated by internet users are raw materials for various multinationals. Restricting its misuse is a security issue, particularly in Africa where regulations are somewhat lax. 

The Irish Data Protection Commission (DPC) announced on Monday (May 22),  a €1.2 billion fine against Meta Platforms Ireland Limited. The fine was imposed over the violation of Article 46 (1) of the General Data Protection Regulation (GDPR) in relation to the unlawful processing and storage of European Facebook users’ data in the U.S. 

Meta Platforms Ireland Limited is allowed five months to "suspend any future transfer of personal data to the United States," six months to stop "the unlawful processing, including storage, in the United States" of the transferred EU personal data. The Irish CPO's decision comes in the week marking the fifth anniversary of the GDPR, which became effective on May 25, 2018.

The decision issued Monday by the Irish regulator is the umpteenth in a series of fines that stems from a multitude of complaints filed, since 2011, by privacy activist Max Schrems.

It calls on African authorities to regulate the management of African users’ private data by multinationals such as Facebook, Amazon, and Google ... whose services are used by hundreds of millions of people on the continent.

The African Union Convention on Cybersecurity and the Protection of Personal Data adopted on June 27, 2014, which aims to protect personal data is yet to become effective. As of April 11, 2023, it was ratified by 14 countries. The last country to ratify it was Côte d'Ivoire, on March 8, 2023. As per Article 36, one more ratification is needed for the text to officially become effective.

Muriel Edjo