Promoting Data Privacy And Protection In Gabon
Law No. 001/2011 on the Protection of Personal Data is a data protection and personal privacy law that was passed in the African country of Gabon in 2011. As data privacy and protection are rights given to citizens of Gabon in accordance with the Constitution of the Republic of Gabon 1991, Law No. 001/2011 on the Protection of Personal Data was passed in pursuance of various provisions set forth in Gabon’s Constitution. To this end, Law No. 001/2011 on the Protection of Personal Data establishes a legal basis for which personal data or information can be legally collected, processed, and disseminated within Gabon. Moreover, Law No. 001/2011 on the Protection of Personal Data is enforced through the Commission Nationale pour la Protection des Données à Caractère Personnel or CNPDCP for short.
What is the scope and application of Law No. 001/2011 on the Protection of Personal Data?
In terms of the scope and application of Law No. 001/2011 on the Protection of Personal Data, the personal scope of the law covers the collection, processing, use, transmission, or storage of personal data by public, legal, private, or natural persons, irrespective of whether said activities are conducted via automated or non-automated means. The personal scope of the law also applies to “any processing of data concerning public security, defense, research, and prosecution of criminal offenses”. Alternatively, the territorial scope of the law applies to all data processing operations that take place “on Gabonese territory or in any place where Gabonese law applies” as well as operations “carried out by a data controller, established, or not on Gabonese territory, which uses means of treatment located on the territory of Gabon, except for those that are only in transit on Gabonese territory”.
What are the requirements of data controllers and processors under Law No. 001/2011 on the Protection of Personal Data?
In a manner similar to that of the European Union General Data Protection Regulation or GDPR, Law No. 001/2011 on the Protection of Personal Data mandates that data controllers and processors within Gabon adhere to certain principles regarding data protection and personal privacy. These principles include the following:
- Transparency- Data controllers and processors are responsible for informing data subjects of the terms and conditions concerning the collection and processing of their personal data, among other details.
- Confidentiality- Data controllers and processors are responsible for ensuring that their respective operations are only carried out in accordance with their authority and instructions. Data controllers and processors must also “guarantee that only individuals who have technical and legal knowledge regarding the integrity of data” are engaged in the operations of collecting and processing personal data.
- Security- Data controllers and processors are responsible for implementing appropriate security measures for the purposes of ensuring that the personal data in their possession is safeguarded from damage, loss, distortion, or unauthorized access from third parties.
- Retention- Data controllers and processors are responsible for ensuring that personal data is kept for no longer than is necessary to achieve the purposes for which it was collected or processed.
What are the rights of data subjects under Law No. 001/2011 on the Protection of Personal Data?
Under Law No. 001/2011 on the Protection of Personal Data, data subjects with Gabon have the following rights data protection and personal privacy rights:
- The right to be informed- Data subjects have the right to know the identity of the people who are to collect and process their personal data, as well as the purposes for said processing.
- The right to access- Data subjects have the right to request access to personal data that has been collected or processed pertaining to them, as well as the right to challenge such actions.
- The right to rectification- Data subjects have the right to “have their personal data rectified, completed, updated, locked, or deleted where it is inaccurate, incomplete, equivocal, out of date, or if the collection, use, communication, or conservation is prohibited”.
- The right to erasure- Data subjects have the right to request that their data be deleted under certain conditions and circumstances, such as instances in which the collection or processing of their personal data was conducted using illegal means or methods.
- The right to object or opt-out- Data subjects have the right to opt-out or object to the processing of their personal data, on legitimate grounds.
- The right to data portability- Data subjects have the right to a copy of their personal data in a “legible and open manner”.
- The right not to be subject to automated decision-making- Data subjects have the right not to be subject to data processing decisions made solely on the basis of automated processing, permitting said processing would lead to adverse consequences.
What are the penalties for violating Law No. 001/2011 on the Protection of Personal Data?
Law No. 001/2011 on the Protection of Personal Data is enforced by the Commission Nationale pour la Protection des Données à Caractère Personnel or CNPDCP for short. Subsequently, data controllers and processors operating with Gabon who fail to comply with the law are subject to the following punishments:
- A public warning.
- A formal notice on behalf of the CNPDCP in which a data controller or processor must achieve compliance within a determined time.
- The suspension of a data controller or processor’s activities for up to two months. If these parties fail to comply with the law after this two-month period, the suspension can become permanent.
- A monetary fine ranging from XOF 1 million ($1,727) to XOF 100 million ($172,790).
Much like other African countries within the vicinity of Gabon that have passed data protection laws in the past decade, such as Ghana’s Data Protection Act, 2012 and Angola’s Data Protection Law, Law No. 001/2011 on the Protection of Personal Data is the foremost means by which data subjects within Gabon can protect their personal data and privacy. As issues concerning data protection and privacy only continue to arise due to the globalization that has been caused by the internet, the passing of data protection laws will only stand to increase in the upcoming years. Through Law No. 001/2011 on the Protection of Personal Data, data subjects can have the peace of mind that their personal data is being protected at all times.
