The Council of Europe and the Commonwealth Secretariat co-organized on 24 – 26 February 2020 a first mission on data protection legislative drafting, with the coordinating support of Namibia’s Ministry of Information and Communication Technology (MICT). The activity drew a very high and broad level of interest, with the attendance of some 85 participants, covering a wide spectrum of institutions and stakeholders, such as the offices of the President, Vice-President, Prime Minister; Parliament; MICT; criminal justice authorities; ministries of education, gender equality and child welfare; ministries of agriculture and land reform; internet and telecommunications providers; civil society groups. The opening ceremony was covered by the Namibian Broadcasting Corporation (NBC), which included messages of support from the EU Ambassador to Namibia, H.E. Sinikka Antila and the Hon. Faustina Caley, Chairperson of the Parliamentary Standing Committee on ICT and Innovation.
The mission was organized at the request of the Namibian government, as a follow-up to the initial Council of Europe’s cyber security and cybercrime maturity assessment visit in May 2019, which was implemented together with the Commonwealth Secretariat and the World Bank. Namibia’s government is very keen to develop and implement national legislation in the areas of cyber security, cybercrime, and data protection in line with international legal frameworks, in part as a response to increased awareness of their exposure to cyber-attacks (NBC news, 18 February 2020) and the importance of a safe cyberspace for trade and development.
The mission reviewed key elements and benefits of the Council of Europe’s Modernised Convention for the Protection of Individuals with Regard to the Processing of Personal Data (i.e. Convention 108+), the European Union’s General Data Protection Regulation (GDPR), the African Union’s Convention on Cyber Security and Personal Data (Malabo Convention), and the Southern African Development Community SADC Data Protection Model Law in a contrast and compare approach with Namibia’s 2013 draft data protection bill. Key data protection concepts, principles and examples of the importance of data protection and privacy in all sectors, as well as the challenges of setting up an independent Data Protection Supervisory Authority and implementing the law once the draft is adopted by Parliament were reviewed and discussed. Some participants’ concerns regarding the impact that the law would have on criminal justice and intelligence services’ capacity to implement their mandates were debated and addressed with practical examples from other countries. In this context, the international experts highlighted both the importance of the rule of law and the practical viability of striking a balance between the needs of these key national services and individuals’ privacy/data protection needs in cyberspace and human rights.
Participants gained a proper appreciation of the complexities surrounding the development of good data protection and privacy legislation, as well as its implementation. Post-workshop evaluation (60% response rate) showed an overwhelming agreement among the participants on the importance of raising awareness (95.24%) and consulting the public (90.48%), and a 100% agreement that the future data protection bill should cover both the private and public sectors. Among the main challenges in drafting the bill, the responders identified the shortage/lack of specialized professionals in the field, lack of understanding of the field and lack of funding. Relatedly, some 85.71% of the responders indicated that building Namibia’s data protection capacity (i.e. having specialized staff) was a somewhat- to very important goal. Lastly, most responders suggested that Namibia’s Data Protection Supervisory Authority should be established by an act of Parliament, its board selected by parliamentary committee and that it should be independent and adequately funded.