Data Protection and Personal Privacy Law in Cape Verde

Data Protection and Personal Privacy Law in Cape Verde

Cape Verde’s Law No. 41 is a data protection law that was passed in 2013. Law No. 41 was passed for the purposes of updating Cape Verde’s previous data privacy law, Law No. 133, which had been passed twelve years prior in 2001. As such, Law No. 41 establishes the legal grounds upon which personal data may be collected and processed within the country of Cape Verde, as the law mandates that data controllers and processors operating within the country adhere to various requirements as it pertains to data processing. Furthermore, the law also allows for Cape Verdean citizens to file a complaint with the Comissão Nacional de Proteção de Dados Pessoais or CNDP for short, Cape Verde’s data protection authority, should they feel as though their rights have been violated under the law.

How is personal data defined?

Under Cape Verde’s Law No. 41, personal data is defined as “any information, regardless of its nature or the media on which it is stored, relating to an identifiable natural person.” Alternatively, the law defines sensitive personal data to include “personal data relating to an individual’s philosophical or political convictions, party or union affiliation, religious faith, private life ethnic origin, health, sex life, or genetic information.” As is the case with many other comprehensive data privacy laws, data controllers and processors within Cape Verde are responsible for handling the sensitive personal data of data subjects with an extra level of care, security, and responsibility, particularly as it pertains to cross border transfers of said sensitive personal data.

What are the requirements of data controllers and processors?

Under Cape Verde’s Law No. 41, data controllers and processors within Cape Verde have the following duties and responsibilities as it relates to the collection and processing of personal data:

What are the rights of Cape Verdean citizens?

Under Cape Verde’s Law No. 41, Cape Verdean citizens have the following rights as it pertains to the protection of their personal data:

In terms of punishments related to non-compliance with the law, Cape Verde’s Law No. 41Is enforced by the Comissão Nacional de Proteção de Dados Pessoais or CNDP for short. To this end, the CNDP has “the power to apply sanctions and fines on data controllers who violate data protection laws.” Moreover, Cape Verdean citizens all retain the right to file their own complaints with the CNDP, as the regulatory body also has the power to conduct investigations against data controllers and processors who are suspected to be in violation of the law. What’s more, the law also allows Cape Verdean citizens to request a specific remedy when filing a complaint with the CNDP.

Although the nation of Cape Verde is relatively small when compared to other countries around the world, as it boasts a population of just over 500,000 citizens, the country has nevertheless taken legislative means to ensure that their citizens have an adequate level of data protection. Through the passing of Cape Verde’s Law No. 41, Cape Verdean citizens can not only have the peace of mind that their data is being protected at all times, but said citizens can also file specific complaints concerning the scope and severity of any potential violations that may occur. As such, the country of Cape Verde has joined the ranks of other nations within the continent of Africa that have passed comprehensive data privacy laws in the past decades, including the likes of Togo’s Law No. 2019-014 Relating to the Protection of Personal Data and Zimbabwe’s Cybersecurity and Data Protection Bill of 2019.

Related Reads