Beruflich Dokumente
Kultur Dokumente
I.1 Introduction
With the advent and boom of digital economy in the world at large and Cameroon in particular,
amelioration of internet access, and the development of IT and its diverse applications, the
traditional domain privacy is enriched every day with new elements (user information) as the
population quest for better consumer experiences keeps expanding. The more data gets combined
and aggregated, the more substantial the personal data becomes, the more difficult it becomes to
identify and the higher the risks and responsibilities.
As a part of these elements circulating in communication media, personal data turn out to be a
highly coveted resource. Their treatment therefore must be carried out "in accordance with rights,
fundamental freedom, and the dignity of natural persons ". From this in fact, the legislation on
personal data proves to be an instrument of general protection with regard to the fundamental rights
and freedom of persons.
Hence the great necessity to put in place, robust mechanisms to combat against breaches of privacy
that may be caused by the collection, processing, transmission, storage and use of data of an
individual.
It ensures that any treatment of any form, strictly respects the fundamental rights and freedom of
natural persons; it also takes into consideration, the prerogatives of the State, the rights of local
authorities, the interests of businesses and civil society. It ensures that Information and
Communication Technologies (ICT) do not infringe on individual or public liberties, and on life
in particular.
Before examining mechanisms that can be used to combat the unauthorized or illegal access to
personal data or privacy, lets briefly define some key terms or aspects necessary for a better
comprehension of the subject matter.
I.2 Definitions
I.2.1 Data
Data can be referred to as the representation of facts, information or concepts in a form suitable
for processing by terminal equipment, including a program allowing it to perform a function
The facts or numbers, collected can be examined and considered and used to help decision-making,
or information in an electronic form that can be stored and used by a computer. Data is normally
considered to be the raw form of information, which requires some processing.
I.2.2 Protection / Security
To protect here means to keep data safe from damage or loss. Security is the state of being protected
from attacks and threats and other unauthorized access to information (processed data).
It’s also a situation in which someone or something is not exposed to any danger. Mechanism to
prevent any havoc or their attendant effects
The three main pillars or objectives of information security, known as the triad of security are
Confidentiality
Integrity Availability
I.2.2.1 Confidentiality
Maintenance of the confidentiality of information and transactions to prevent unauthorized
disclosure of information to non-recipients enabling the reading, listening, intentional or
accidental, illegal copying during storage, processing or transfer.
I.2.3 Availability
I.2.4 Cyber-criminality
Infraction of the law carried out through cyberspace using means other than those habitually used
to commit conventional crimes;
I.2.5 Cybersecurity
Technical, organizational, legal, financial, human, procedural measures for prevention and
deterrence and other actions carried out to attain set security objectives through electronic
communication networks and information systems, and to protect privacy.
Systematic examination of components and security actors, policies, actions, procedures and
resources used by an organization to protect its environment, conduct compliance tests controls to
assess the adequacy of (organizational, technical, human and financial) resources allocated for
risks, optimization, efficiency and performance.
Personal data is any information that relates to an identified or identifiable living or natural
individual (Data Subject). Different pieces of information, which when collected together can
lead to the identification of a particular person, also constitute personal data.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person. In practice, these also include all data
which are or can be assigned to a person in any kind of way. For example, the telephone, credit
card or personnel number of a person, account data, number plate, appearance, customer number
or address are all personal data.
To determine whether a natural person is identifiable, account should be taken of all the means
reasonably likely to be used, such as singling out, either by the controller or by another person to
identify the natural person directly or indirectly.
Since the definition includes “any information,” one must assume that the term “personal data”
should be as broadly interpreted as possible.
Personal data that has been de-identified, encrypted or pseudonymized but can be used to re-
identify a person remains personal data and falls within the scope of the law.
Personal data that has been rendered anonymous in such a way that the individual is not or no
longer identifiable is no longer considered personal data. For data to be truly anonymized, the
anonymization must be irreversible.
Pseudonymization is one of the appropriate technical and organizational measures to ensure a level
of security appropriate to a risk.
The law protects personal data regardless of the technology used for processing that data – it’s
technology neutral and applies to both automated and manual processing, provided the data is
organized in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t
matter how the data is stored – in an IT system, through video surveillance, or on paper; in all
cases, personal data is subject to the protection requirements.
I.2.7.1 Examples of Personal Data
a name and surname;
a home address;
an email address such as name.surname@company.com;
an identification card number;
location data (for example the location data function on a mobile phone);
an Internet Protocol (IP) address;
a cookie ID
Radio Frequency Identification (RFID) tags
the advertising identifier of your phone;
data held by a hospital or doctor, which could be a symbol that uniquely identifies a
person.
II.1 Examples
Prominent amongst the texts and laws governing personal data protection includes:
This law governs the security framework of electronic communication networks and information
systems, defines and punishes offences related to the use of information and communication
technologies in Cameroon.
The law shall not cover the specific applications used in national defense and security. The
electronic communication networks targeted by this law shall include: satellite, ground and
electronic networks when they are used to route electronic communications and audio-visual
communication broadcast or distribution networks.
Chapter IV of this text termed “Security Activities” elaborates on the laws governing the
protection of personal data.
Offences and Penalties in view of a violation of these laws are stipulated in Chapter II, Section
74 of the afore mentioned Text.
II.2.3 Observations
1) It can be examined that, this law, which in terms of not only charging those who are
responsible for the processing of personal data with a minimum obligation of protection,
uses a repressive and impersonal tone that suggests that it is more for third parties than
responsible for commercial sites.
2) chapter II section 74, paragraph 3 seems to apply in a particular way to contractual
relations because it punishes even higher authority or power.
Therefore, this ungrounded and hesitant protection leaves a field of all the possibilities to the
persons in charge of the treatment of these data. This is the case of operators of commercial
sites, whose general conditions of sale (GCS) provide clauses that under other conditions
would be unacceptable.
Given that, the gold mine of personal data is based on what man has more expensive, defenders
of rights and freedom are therefore called to act. Faced with this new concern for individual
freedom and privacy, many countries have incorporated the protection of personal data into their
internal law. In Europe, it is enshrined in Article 8 of the Charter of Fundamental Rights of the
European Union, under the Freedom chapter and in Africa by the African Union Convention on
Cyber Security and Data Protection.
II.2.5 Perspectives
As a way of preventing devastating outcomes, the Cameroonian legislation must make every
effort to fill the existing legal gap but also and specially to provide as much clarification as
possible on the already regulated sections. It would then be commendable to address a number of
issues quickly, including:
1) Create a body for control and regulation of personal data, because the current National
Agency for Information and Communication Technologies (ANTIC), bends under its
many statutory missions that it is hard to believe that it will be effective in the protection
of personal data.
2) Clearly define the principle of temporality as to the duration of storage and processing of
personal data.
3) Ensure the protection of cross-border transfers of personal data outside Cameroon; Indeed,
as a comparative law, to transfer outside France, it is necessary, depending on the case, to
apply for a specific authorization to transfer, governed either by the "Binding Corporate
Rules" (BCR) or by the" standard contractual clauses (CCT) adopted by the European
Commission ";
4) Introduce the mandatory prior declaration of all files (videos, customers ...) of personal
data by any person and the modalities of their modification and deletion.
5) To oblige all companies to implement "accountability" measures relating to internal
procedures and compliance with data protection rules.
6) Create the field of "Correspondant Informatique et Libertés" which will ensure the legal
security of data in accordance with the law. Any enterprise will therefore have the
obligation to recruit or appoint one.
7) Prescribe the membership of Cameroon to the French Association of Personal Data
Protection Authorities (AFAPDP) which has real French expertise in the protection of
personal data.
8) Clarify the fate of personal data of deceased persons. After the death of a third party, who
could have access to these data and under what conditions.
9) Strengthen the criminalization of any breach and hamper the processing of data.
II.2.6 Conclusion
Serious reforms are urgently needed so that Cameroon enters the digital modernity, protects its
citizens and creates confidence in its international partners to finally disprove the quote available
on the CNIL website: "no law [ protection of personal data], ... this country is not recognized by
the European Union as adequate ". Which is far unacceptable, hence the need for quick measures.
II.3 References
https://gdpr-info.eu/issues/personal-data/
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en
https://www.i-scoop.eu/gdpr/gdpr-personal-data-identifiers-pseudonymous-information/
https://www.village-justice.com/articles/Cameroun-emergence-commerce-difficile-protection-
des-donnees-personnelles,22593.html