KEY FINDINGS FOR MALAWI, EQUATORIAL GUINEA, AND MAURITANIA
1. Similarities:
Data Protection Legislation: All three countries have data protection laws
in place, though with varying stages of enforcement. Malawi recently
enacted its Data Protection Act in 2024, while Mauritania passed its law in
2017, but it has yet to come fully into effect. Equatorial Guinea has a
comprehensive Personal Data Protection Law (Law No. 1/2016), though
operational structures remain underdeveloped.
Constitutional Protections: In all three countries, privacy is enshrined in
their constitutions, guaranteeing individuals protection of their private life,
home, and correspondence. However, the implementation of these
constitutional rights through robust data protection laws has been slow
across the board.
Consent Requirement: Across all three nations, data processing generally
requires the explicit consent of the data subject, ensuring that personal data
is handled transparently and ethically.
Cross-Border Data Transfer: In each country, the transfer of personal data
to another country requires either adequate protection in the recipient
country or additional safeguards, such as contractual clauses or the data
subject’s consent. This is particularly important for international business
operations.
2. Differences:
Operational Framework: Malawi and Mauritania have established or are in
the process of establishing data protection authorities (DPAs) to enforce their
respective laws. Malawi’s MACRA oversees compliance and enforcement,
while Mauritania’s data protection law provides for an authority that is not
yet operational. Equatorial Guinea, although having a comprehensive law,
lacks a functioning data protection authority, limiting its enforcement.
Penalties and Enforcement: Mauritania and Malawi both have provisions
for criminal and administrative penalties for breaches of their data protection
laws. However, Equatorial Guinea’s law appears to focus more on civil
liabilities and lacks details about enforcement mechanisms.
1. Similarities:
Data Protection Legislation: All three countries have data protection laws
in place, though with varying stages of enforcement. Malawi recently
enacted its Data Protection Act in 2024, while Mauritania passed its law in
2017, but it has yet to come fully into effect. Equatorial Guinea has a
comprehensive Personal Data Protection Law (Law No. 1/2016), though
operational structures remain underdeveloped.
Constitutional Protections: In all three countries, privacy is enshrined in
their constitutions, guaranteeing individuals protection of their private life,
home, and correspondence. However, the implementation of these
constitutional rights through robust data protection laws has been slow
across the board.
Consent Requirement: Across all three nations, data processing generally
requires the explicit consent of the data subject, ensuring that personal data
is handled transparently and ethically.
Cross-Border Data Transfer: In each country, the transfer of personal data
to another country requires either adequate protection in the recipient
country or additional safeguards, such as contractual clauses or the data
subject’s consent. This is particularly important for international business
operations.
2. Differences:
Operational Framework: Malawi and Mauritania have established or are in
the process of establishing data protection authorities (DPAs) to enforce their
respective laws. Malawi’s MACRA oversees compliance and enforcement,
while Mauritania’s data protection law provides for an authority that is not
yet operational. Equatorial Guinea, although having a comprehensive law,
lacks a functioning data protection authority, limiting its enforcement.
Penalties and Enforcement: Mauritania and Malawi both have provisions
for criminal and administrative penalties for breaches of their data protection
laws. However, Equatorial Guinea’s law appears to focus more on civil
liabilities and lacks details about enforcement mechanisms.
