EAC charts path for secure cross-border data flow
DAR ES SALAAM: THE East African Community (EAC), through the Eastern Africa Regional Digital Integration Project (EARDIP), is advancing efforts to establish a harmonised legal framework to safeguard personal data and strengthen cybersecurity across the region.
This follows the second meeting of the Technical Working Group (TWG) on the Development of Data Protection and Cybersecurity Legal Frameworks, held recently in Dar es Salaam, Tanzania.
The meeting was part of EARDIP’s objective to enhance cross-border data flows while ensuring robust data protection and cybersecurity systems, crucial for building trust and supporting the development of the EAC Single Digital Market.
In his opening remarks, TWG Chairperson Mr Gisiora Dickson Ochoki, Director of Cybersecurity at Kenya’s Ministry of ICT and the Digital Economy, emphasised the importance of continuity and collaboration.
“This meeting builds on the strong foundation laid during our first session,” he said.
ALSO READ: TEC blesses the General Elections, urging Tanzanians to participate peacefully
“Continued engagement is vital in shaping a regional framework that safeguards citizens’ rights and accelerates East Africa’s journey towards a secure and integrated digital market.” The proposed framework is being developed through a Partner State–driven process, drawing on both technical and legal expertise from across the region.
It is guided by EAC integration objectives and aligned with national laws to prevent overlaps or conflicts. Partner states discussed core principles such as lawfulness, transparency, fairness, data minimisation, integrity and confidentiality and purpose limitation, key to ensuring responsible data handling and strong safeguards for citizens.
The TWG also addressed sensitive policy areas, agreeing on balanced approaches to issues like national security exemptions, data localisation and protection of vulnerable groups including children.
To support cross-border data flows, various mechanisms were reviewed, including Standard Contractual Clauses, Binding Corporate Rules, codes of conduct and risk-based assessments.
Practical cooperation among national data protection authorities was also emphasised, particularly for coordinated incident responses, government access requests and enforcement.
Although some partner states have enacted national data protection laws, others are still in the process. This underlined the need for a regional framework to provide uniform standards, fill legislative gaps and guide secure data transfers across borders.
The idea of a “Single Data Territory,” modelled after the EAC’s Single Customs Territory, was also floated to streamline regional data movement.
The TWG agreed that a common legal framework is essential to protect personal data, ensure legal certainty, prevent misuse and uphold data subjects’ rights, such as access, correction, deletion, portability and redress in cases of harm.
ALSO READ: Dr Samia sends condolences to the Odinga family, Ruto, following the demise of former PM
The EAC Secretariat and partner states will now lead the drafting of the regional legal instrument, which will be submitted to EAC policy organs for consideration.
The process will remain regionally focused, align with national laws and include broad stakeholder consultations. By establishing trusted cross-border data flows within a clear legal framework, the EAC aims to strengthen digital trust, enhance cybersecurity, protect personal information and support inclusive and secure regional digital transformation.
