Ethiopian Parliament passes digital data protection legislation

The legislation delineates specific rights for data subjects, mandates obligations for entities handling personal data, and imposes restrictions on data collection and use.

 Person, Security

The Personal Data Protection Proclamation (PDPP) passed by Ethiopia’s Federal House of Representatives on April 4, 2024, constitutes a comprehensive legal framework designed to fortify individual privacy and regulate the management of personal data within the nation. Ethiopia is intensifying its digital ID endeavors, mainly through the Ethiopia National ID Program (NIDP), which hailed this move in a post on X.

The PDPP furnishes Ethiopians with enhanced control over their personal data, encompassing rights to access, rectify, erase, and restrict the processing of their information, alongside the capacity to object to direct marketing and automated decision-making processes.

Related to digital IDs, the legislation establishes clear parameters for biometric data, specifically outlining ‘physical identity data’ comprising facial images, fingerprints, or comparable personal information derived from recognised technical processes. Ethiopia will soon require its citizens to register for digital IDs with this data to access government services.

Why does it matter?

The PDPP constitutes a new step in creating a sturdy legal framework safeguarding Ethiopian citizens’ privacy and personal data. As Ethiopia’s digital ID initiatives lead the way for its digital transformation, the PDPP assumes a pivotal role in ensuring the collection, processing, and protection of personal data in alignment with global standards, which could facilitate cross-border transfers with other similarly developed nations.