Critical reflections on principles governing the protection of personal data in the Democratic Republic of Congo

Abstract

Nowadays, more personal data are being collected with the advent of computers and the development of new telecommunications technology. However, the emerging form of new technologies creates new challenges and risks in personal processing information, which can be inaccurate, incomplete or irrelevant. Furthermore, personal data can be accessed or disclosed without authorisation, used for a purpose other than that for which they were collected or destroyed. Therefore, the unregulated processing of personal information threatens a person’s right to privacy. In response to this, many countries are adopting or updating data protection legislation and policies. Still, the Democratic Republic of Congo (DRC) has been very slow and insignificant in adopting a data protection law. As a result, there is no specific comprehensive Data Protection legislation in the DRC, even though few provisions on data protection can be found in the Telecommunications and Information and Communications Technology (2020 ICT Act). This paper aims to do a critical analysis of principles governing the processing of personal data in the DRC to assess the extent to which they comply with international and African regional human rights standards applicable to data protection principles. It principally sets the gaps in the 2020 ICT Act while bringing to light its prospect to strengthen the protection of personal data in the DRC. The research also assesses the weaknesses that may require development going forward and proposes recommendations to ensure that the DRC complies with international standards.