Dr Patricia Boshe
I was reading the book ‘Mastery’ by Robert Greene, and my mind started to wander. Triggered by the idea, he presented it as ‘Negative Cues’. According to him, these are the missing aspects of the human creative mind or a creative approach to problem-solving. Greene considers this idea as human ignorance of ‘what should have happened’ but did not happen, and rather our tendency to fixate on positive information instead of negative non-existing information in explaining life situations. Being a data protection professional, my thoughts are often (almost always) wired to connect my life experiences with my career experiences. This idea took my mind on a journey to African countries and the implementation of data protection laws. More than two decades since the first African country adopted a comprehensive legal framework for data protection, the actual implementation remains the main challenge on the Continent. My mind rushed to explain it in the lines of what Greene depicts in the book, and I asked myself, ‘What could be the negative cues in this regard’? Following this path, the next question was, what else could have been done? I mean, beyond enacting comprehensive data protection laws and establishing enforcement authorities?
I revert to several discussions on the reasons for these laws’ lack of actual implementation. Generally, the reasons run along the lines of ‘lack of skills and capacity’, ‘lack of political will’, and ‘lack of funds’. Then I asked myself, why is it (sometimes) in the implementation of data protection laws that these challenges are mentioned or heard of? To contextualise my question, it is not the first time African countries have implemented similar legal frameworks. That is, a framework that requires establishing a specialised authority to enforce a law. Think of consumer protection laws, communication laws, copyright, patent and intellectual property laws. Rarely are such arguments advanced in these contexts. For example, Seychelles enacted its first data protection law in 2003, but it was not implemented until a revision was made in 2023, 20 years later. Lesotho enacted its law in 2012, and it is yet to establish an authority 12 years later.
In the book, Greene suggests a solution to a problem might require a look beyond what is already out there. We may need to ‘focus on some need currently not being met or what is absent’. And so, I thought, maybe what happens with other similar legal frameworks (those mentioned above) is that they are meeting their socioeconomic, cultural and political needs. Therefore, their actual implementation is not a burden but a natural (social-political) problem-solving process. In this case, we may need to ‘crystal clearly’ identify the unfulfilled need to be addressed by data protection laws – either at the continental level or within specific countries.
Don’t get me wrong here. I am (and maybe most of you are) aware of the objectives data protection laws intend to accomplish. But has the community (really) felt or expressed the need? If so, was the need expressed in a form that suggests this approach would quench the thirst for the need? Or formulated differently, has the ‘felt need’ been addressed by the coming of the data protection laws? I believe the answers to these questions could enable us to formulate proper strategies to craft data protection law or the related legal frameworks in a way that their actual enforcement is inevitable within our specific African communities to meet data protection needs that are felt and (actually) exist but may not be overly apparent.
If this blog post caused confusion or raised more questions than answers, then my objective has been met. This means you and I are eager to find the answers or eliminate the confusion.
Yours truly, Dr. Patricia Boshe.