Senegal's data protection law, enacted in 2008, lays a foundational framework for health data governance, complemented by its cybercrime law. An emerging digital health law promises to enhance security and health data governance. The country’s approach includes provisions for cross-border data sharing and rights protections under AU conventions. However, current laws lack specifics on data ownership and equity, with gaps in addressing collective consent and accountability mechanisms. Future legislative updates are anticipated to better address these needs.
Africa
Rwanda’s legislative environment includes a comprehensive data protection and privacy law that aligns with GDPR principles, emphasizing individual data rights. While there is no standalone health law, ministerial instructions govern health data in private facilities, promoting interoperability and service enhancement. The National Cyber Security Authority (NCSA) oversees cybersecurity standards, ensuring adherence across sectors. Key elements like community engagement and marginalized group protections are noted but could benefit from further development. Rwanda’s collaborative approach includes multi-sector partnerships to strengthen its...
Mozambique’s legal landscape includes frameworks for privacy and universal healthcare through its social protection law and electronic transaction laws. The constitution also enshrines privacy rights and universal health coverage. A Cybersecurity Bill is in development, which will establish a central body for coordinating policies across sectors, including health. Although there is no dedicated health data legislation, emerging digital health initiatives and data protection policies are expected to align with health information system development plans, fostering data sharing, interoperability, and...
Egypt’s health data governance landscape is marked by its 2020 Data Protection Law (DPL), which awaits executive regulations for full implementation. The Anti-Cyber and Information Technology Crimes Law reinforces security and data privacy. The Universal Health Insurance Law highlights data sharing between public and private health providers, supporting interoperability within the health sector. The DPL’s planned regulations and the Internet of Things (IoT) framework provide foundational protections for data governance, aligning with Egypt’s commitment to security, privacy, and emerging...
Cameroon's health data governance is supported primarily by its cybersecurity and cybercrime legislation. While specific health data laws are absent, the general framework addresses data privacy and security for sensitive information. Plans for a data protection law and telemedicine bill are underway, which may expand data governance capabilities. Despite the absence of a dedicated health data act, Cameroon’s National Digital Health Strategic Plan outlines priorities for interoperability and standards within the health sector.
Kenya has made strides in health data governance with a robust legislative framework. Key laws include the Digital Health Act, which mandates a comprehensive health information system and data governance framework. The Data Protection Act offers GDPR-aligned protections, focusing on data subject rights, anonymisation, and deidentification. Challenges remain in securing resources for implementation and local data hosting capacity. Kenya is a signatory to cross-border frameworks, enhancing its role in regional data sharing.
Zambia’s health data governance is regulated by several key frameworks such as the Data Protection Act 2021, the Health Data Governance Framework 2024, the Cyber Security and Cyber Crimes Act No. 2 of 2021, and the Zambia National Public Health Act No.19 of 2020. These aim to standardise data management, ensure privacy, and promote interoperability. However, gaps exist in leadership and governance, investment and sustainability, workforce development, legal and policy frameworks, interoperability, ICT infrastructure and services integration. Recommendations include...
South Africa’s health data is primarily regulated through the National Health Act (NHA) and its associated regulations, as well as the Protection of Personal Information Act (POPIA). These legal instruments outline the rules and principles for the collection, storage, use, and sharing of health data, aiming to protect individual privacy while supporting public health objectives. Key gaps are identified in the policy environment, health workforce and data infrastructure. Recommendations include enhancing human rights recognition, improving data quality, ensuring safety...
Malawi’s health data governance is regulated by key laws such as the Constitution of Malawi, the Access to Information Act, the Public Health Act, the Data Protection Bill, and national health strategies. These frameworks focus on protecting individuals and communities, building trust in data systems, and promoting equitable benefits from health data. Key gaps include reliance on paper-based systems and interoperability challenges, which hinder efficient health data management and service delivery.