Privacy Law at Comoros
Privacy law in Comoros is still in the early stages of development, particularly in the area of data protection and privacy rights. The country’s legal framework for privacy and data protection is relatively underdeveloped compared to some other nations. However, the Comoros Constitution and a few national regulations provide some basic protection for privacy.
Here is an overview of privacy law in Comoros:
1. Constitutional Protections
Constitution of Comoros (2001):
Article 16 of the Constitution of Comoros guarantees fundamental rights, including the right to personal liberty, freedom of expression, and protection against arbitrary interference with privacy.
The Constitution recognizes the right to privacy by stating that individuals have the right to protect their personal communications and family life from unwarranted interference.
While the right to privacy is mentioned in the Constitution, it is not as extensively detailed as in other legal systems with more robust privacy frameworks.
2. Personal Data Protection Law
Data Protection Law (2019):
In 2019, Comoros passed a Personal Data Protection Law to regulate the collection, processing, and storage of personal data. This law serves as the first formal framework for personal data protection in the country, aligning to some extent with international data protection standards.
The 2019 Law governs the collection, processing, and security of personal data and establishes legal requirements for businesses and organizations handling personal data.
Consent: Personal data must be collected and processed with the explicit consent of the individual, except where there are legal reasons for processing without consent (e.g., for the performance of a contract).
Transparency: Data controllers must inform data subjects about the purposes for which their data is being collected and the entities with which their data may be shared.
Data Subject Rights: Individuals have the right to access their personal data and the right to request corrections or deletion of inaccurate or irrelevant information.
Security: Organizations are required to implement security measures to protect personal data from loss, unauthorized access, or disclosure.
Data Retention: Personal data should not be kept for longer than necessary and should be deleted once it is no longer required for the original purpose for which it was collected.
3. Data Protection Authority
National Commission for the Protection of Personal Data:
The National Commission for the Protection of Personal Data is the regulatory body in Comoros responsible for overseeing compliance with the personal data protection law.
The Commission is tasked with ensuring that businesses, organizations, and government agencies handle personal data in compliance with the law and protecting the rights of individuals.
The Commission also handles complaints, conducts investigations, and may issue fines or sanctions for violations of data protection regulations.
4. Telecommunications and Internet Privacy
Telecommunications Law (2009):
The Telecommunications Law regulates the telecommunications sector, including the provision of internet services in Comoros. The law contains some provisions that relate to privacy, such as the requirement for telecommunications companies to protect the confidentiality of communications.
While the law addresses the need for privacy in communications, it does not go as far as to comprehensively regulate online privacy or the collection of personal data by digital services such as e-commerce or social media platforms.
Internet Privacy:
As Comoros increases its internet connectivity, concerns related to online data privacy and personal data protection are becoming more significant. However, specific laws or regulations governing internet privacy, social media platforms, or online services are still developing.
5. Surveillance and Law Enforcement
Government Surveillance:
Like many countries, Comoros’ government may have access to personal communications or data for national security or law enforcement purposes. However, specific legislation governing surveillance or monitoring is not fully developed or transparent in Comoros.
Law enforcement agencies may access personal data or communications in specific circumstances, but safeguards, such as judicial oversight, are not as clearly defined in existing laws.
6. International and Regional Compliance
African Union and Regional Frameworks:
Comoros is a member of the African Union (AU) and is expected to align to some extent with regional frameworks and standards for privacy and data protection, including the African Union Convention on Cyber Security and Personal Data Protection (2014), which promotes a harmonized approach to data protection across the continent.
Comoros is also expected to follow some of the regional privacy and data protection developments within the East African Community (EAC), though the country is not a member of this specific regional body.
Global Data Protection Standards:
While Comoros’ data protection law reflects a basic attempt to align with international data protection standards, there is no indication that the country has fully implemented or harmonized its laws with frameworks like the EU’s General Data Protection Regulation (GDPR).
The future may see more alignment with global data protection frameworks as the country’s legal infrastructure matures and online activities expand.
7. Challenges and Gaps
Lack of Awareness and Enforcement:
While Comoros has passed a data protection law, challenges remain in terms of enforcement and public awareness. The country may face difficulties in fully implementing the law due to limited resources and technical expertise in data protection enforcement.
There is also a lack of widespread public education on privacy rights, and many individuals may not be fully aware of their rights or how to exercise them in the context of personal data processing.
Online Privacy:
With the rise of digital services, e-commerce, and social media platforms, online privacy remains an area of concern. While the personal data protection law has some provisions on digital data, internet-based privacy issues such as data collection by social media companies and cross-border data transfers still lack comprehensive regulation.
Limited Regulatory Framework:
The regulatory framework for cybersecurity, data breaches, and other digital privacy concerns is still not fully developed. In particular, there is a need for more detailed legislation to cover the digital economy comprehensively.
8. Conclusion
Comoros is in the early stages of developing a legal framework to protect privacy rights and regulate personal data. The 2019 Personal Data Protection Law is an important first step toward modernizing the country's approach to privacy and data protection. However, challenges related to enforcement, public awareness, and the rapid growth of the digital economy remain. As Comoros continues to develop its legal and regulatory framework, it will need to enhance its data protection laws and their implementation to align more fully with international standards and to address emerging issues in digital privacy.
RELATED Blog
0 comments