Despite the fact that the European General Data Protection Regulation (GDPR) provides ways to transfer data, it is difficult to find ways to share data between Europe and Africa. The feasible routes rely on EU enforcement. This means the possibilities for oversight are limited, leading to considerable data privacy risks.
According to a group of ethicists and legal scholars in the B3Africa project, it is vital that European researchers collaborate with biobank researchers in low and middle-income countries. This means we need to put procedures in place to enable data transfer from EU Member States to states in Africa. In a recent publication in the journal International Data Privacy Law, they write that in order to ensure effective data protection for data subjects in biobanking, the bar for data protection needs to be raised in the countries that receive data.
They write that although Kenya, Nigeria, South Africa, and Uganda have taken considerable steps towards developing data protection frameworks, it is only in South Africa and Nigeria that bills to protect personal information are likely to meet the level of protection that the GDPR sets out for biobank research. According to Santa Slokenberga and co-authors, the current legislative initiatives in Kenya and Uganda needs revision to ensure that privacy is protected when researchers share their data.
The article is open-access published, which means you can access it and read the full text on the journal website: EU data transfer rules and African legal realities: is data exchange for biobank research realistic?