Privacy Law at São Tomé and Príncipe
São Tomé and Príncipe has established a comprehensive legal framework for data protection through Law No. 03/2016 on the Protection of Personal Data, enacted on May 10, 2016. This legislation aligns with international data protection standards and is complemented by Law No. 07/2017, which outlines the organization and functioning of the National Agency for the Protection of Personal Data (ANPDP).
Key Features of São Tomé and Príncipe's Data Protection Laws
1. Legal Framework
Law No. 03/2016 Regulates the processing of personal data, including collection, transfer, and use for various purposes. It mandates that data processing activities be notified to the ANPDP, with specific requirements for cross-border data transfer.
Law No. 07/2017 Establishes the operational structure of the ANPDP, empowering it to oversee and enforce data protection regulations effectively.
2. Rights of Data Subjects
Individuals in São Tomé and Príncipe are granted several rights under the data protection law:
Right to Access Individuals can request information about the processing of their personal dat.
Right to Rectification Individuals can request corrections to inaccurate or incomplete personal dat.
Right to Erasure Also known as the "right to be forgotten," allowing individuals to request the deletion of their personal data under certain condition.
Right to Object Individuals can object to the processing of their personal data, particularly in cases of direct marketing.
Right to Data Portability Allows individuals to obtain and reuse their personal data across different service.
3. Data Processing Principles
The laws emphasize several key principles for data processing:
Lawfulness, Fairness, and Transparency Data processing must be conducted legally, fairly, and transparently.
Purpose Limitation Data should be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purpose.
Data Minimization Only the necessary amount of personal data should be collected.
Accuracy Personal data must be accurate and kept up to dat.
Storage Limitation Personal data should not be kept in a form which permits identification of data subjects for longer than necessary.
Integrity and Confidentiality Data must be processed securely to prevent unauthorized access or disclosure.
4. Data Breach Notification
Organizations are required to notify the ANPDP and affected individuals in the event of a data breach that poses a risk to individuals' rights and freedom. Timely notification is crucial to mitigate potential harm.
5. Penalties for Non-Compliance
Non-compliance with data protection laws can result in:
Administrative Fines Ranging from USD 1,250 to USD 50,00.
Civil and Criminal Penalties Depending on the severity of the violation.
Reputational Damage Loss of public trust and potential business opportunities.
6. International Commitments
São Tomé and Príncipe is a signatory to the African Convention on Cyber Security and Personal Data Protection (Malabo Convention), demonstrating its commitment to regional and international data protection standard.
✅ Summary Table
| Aspect | Details | |--------------------------|--------------------------------------------------------------------------------------------------| | Primary Legislation | Law No. 03/2016 (Protection of Personal Data) | | Regulatory Authority | National Agency for the Protection of Personal Data (ANPDP) | | Key Rights | Access, Rectification, Erasure, Objection, Data Portability | | Data Processing Principles | Lawfulness, Fairness, Transparency, Purpose Limitation, Data Minimization, Accuracy, Storage Limitation, Integrity and Confidentiality | | Breach Notification | Required to ANPDP and affected individuals within a specified timeframe | | Penalties for Non-Compliance | Administrative fines (USD 1,250 to USD 50,000), Civil and Criminal penalties, Reputational damage | | International Commitments | Signatory to the African Convention on Cyber Security and Personal Data Protection (Malabo Convention)|
RELATED Blog
0 comments