The ratification of Data Protection bill is delayed by over two years, as its implementation scope risks the autonomy of regional governments. The House of Federation (HoF) is expected to pass a decision based on constitutional principles.
The Ministry of Innovation and Technology (MInT) finalized drafting the proclamation in 2020, after which it was tabled to the Council of Ministers. The proclamation aims to regulate data collection, use, protection and processing, and data privacy. It is aimed at the registration of personal data at the Data Protection Commission to be established as a federal authority without violating the autonomy of regional states.
However, the Ministry of Justice (MoJ) objected the proclamation erodes constitutional powers of regional states. Following irreconcilable disagreements between MInT and MoJ, the bill was sent to the HoF for the ultimate decision on who will implement the proclamation.
The constitution states certain mandates like the Criminal Codes are designed both by federal and regional governments. And since data protection is part of crime mitigation, the mandate should be given to regional governments. This argument came from the MoJ, after MiNT submitted the draft.
MoJ experts argued the proclamation shrinks the autonomy of regional governments. It stated that the implementation of the proclamation should be decentralized and implemented by regional states.
The draft bill allows the establishment of Data Protection Commission, an independent entity responsible to the Parliament. But as per the MoJ’s argument, the commission should be established at regional states level.
“The scope of the proclamation is designed for a national level implementation. The scope is e-commerce plus e-government. Data protection cannot be decentralized, while centralizing national ID. In the same vein, data protection cannot be implemented without trust in the government, Ayalneh Lemma, head of legal affairs directorate at MInT said.
It will be very complex, if all the regional states in the country are going to have their own data protection standards and codes, according to Ayalneh.
“Our argument is the Data Protection Proclamation should be implemented uniformly by the federal government, without leaving mandate and power to the regional governments. Our argument is based on the constitution. The principle of the constitution is to create a ‘single economic society’ in Ethiopia. The proclamation must be centrally implemented. It cannot be implemented unless it is coded uniformly. Even Europe has single data standard,” Ayalneh said.
MoJ is arguing from legal perspectives, on behalf of regional states. The regional states are not consulted, hence they do not know about the issue, according to an official at the MoJ.
Baheru Zeynu, founder and manager of Africom Technologies Plc, stresses the ratification is long overdue now. “Implementing the e-transaction proclamation, which is ratified in 2020, remains difficult without Data Protection Proclamation.”