By Thierry piette-coudol, avocat au barreau de paris, enseignant universitaire en afrique et en france, consultant spécialisé dans la sécurisation des échanges - February 18, 2019
Thierry Piette-Coudol is the author of multiple articles and books on the legal aspects of digital technology, including “Electronic Signature”, “Connected Objects: Legal and Technical Security”, “Digital Technology Serving OHADA Law and Party States”. Soon to be published “Protecting health-related data in Smart Cities”
The openness of public data contributes to the proper exercise of democracy, insofar as it promotes transparency and citizen consultation. Yet how, in Europe and in the countries of the African continent, do governments exercise their sovereign right to retain national control over Internet governance, a network that knows no borders, to regulate the related uses and players and protect the personal data of their citizens? A closer look at the legal aspects of digital sovereignty.
The question of digital sovereignty has emerged with the development of telecommunications and in particular the Internet, a globally open network whose technologies (US-based Windows and Mac OS), dominant players (US GAFA), uses (social media, etc.) and content largely escape the control of States-Nations.
The Internet reopens questions around the principle of popular or national sovereignty, asserted in France in 1789, as well as in many democratic countries. “Sovereign law” is defined as a State’s ability to govern itself within its borders in order to control both its present-day and its future. It gives the State the power to organize and control all of the country’s communication channels – land, sea, river – as well as its telecommunications, in order to enable the movement of trade, in peacetime, and that of the armed forces, in wartime. Nonetheless, with the development of telecommunications, Governments have opened certain sectors (audiovisual sector, networks, infrastructures and telephone services) to competition, while keeping a portion of them under their control as national public services, via their regulatory authorities.
Because it has enabled the emergence of private giants that have become more powerful than States and uncovered flaws in web governance (private data theft, electoral manipulation, cybercrime, etc.), the Internet revolution is testing the sovereign prerogatives of States that are expected to guarantee the rights, freedoms and security of citizens within their borders, as well as economic development.
It is the State’s duty to guarantee citizens sovereignty over their data. It is important to understand, however, that the opening up of public data, made compulsory in Europe by Directive 2003/98/EC, pertains to opening up government data TO the public and not opening up OF public data itself. Examples of data opened by France, the leading country in this area, include: data from the national statistics office INSEE, data from public research, land registry, fuel prices, lists of mayors, certified health institutions, accounting results and regional breakdown of young innovative companies, lists of medicines, waiting times for an appointment with a pediatrician or ophthalmologist, State real estate inventory listings, etc.
In France, the release of “communicable” public data is governed by the Act for a Digital Republic (LRN) of 7 October 2016, aimed at shifting from a system in which private individuals must request data, to one that makes supply the rule. However, each government agency details, by decree, the data which it does not wish to make open, for various reasons related to sovereign function. The CRPA (Code of Relations between the Public and the Administration) includes a section on the opening of public data under the LRN.
Consequently, the opening up of data produced by administrations does not raise the question of the confidentiality of citizens’ personal data, with one exception: the law requires certain private sectors to provide information to the State so that the latter can transform it into public data accessible to all. This is no problem for example when it comes to collecting data from telephone operators on the location of their mobile sites to map out the coverage of mobile networks. The issue is more critical with citizens’ health data, which healthcare professionals are required to provide, in anonymous form, for epidemiological statistics. The confidentiality of personal health data is governed by the Public Health Code.
In 2005, the OECD launched an open government initiative calling for such principles as “the transparency of administrative actions, the accessibility of administrative services and information, and the responsiveness of the government to new ideas, requests and needs”.
Since 1978, the Data Protection Act has been in effect in France, which has also created a National Data Protection Commission (CNIL).
At the European level, work on the subject has taken shape on the basis of the French acquis. A new regulation, known as GDPR (General Data Protection Regulation), establishes the framework for the processing of personal data on European territory and strengthens citizens' control over the use made of their personal data.
Internationally, the United Nations General Assembly has published a Declaration of Human Digital Rights regarding “the promotion of the right to privacy in the context of the surveillance and interception of digital communications and the collection of personal data both domestically and externally, including on a large scale”.
For that to happen, the governments would need to have digitized administrative data. This is rarely the case in Africa where State activity does not cover all the country’s realities, due in particular to the prominent part played by the informal economy.
That being said, while they are still in the process of regulating their telecommunications and audiovisual sectors, and thus exercising their sovereign rights, these quickly-developing nations are being overtaken by the digital revolution and the concept of the “information society”.
Underpinned since 2004 by the International Telecommunications Union, a UN agency, and the United Nations Economic Commission for Africa, the information society is governed by 4 laws:
There also exists an African Union Convention on Cybersecurity and Personal Data Protection adopted in 2018 by 17 countries. It establishes a framework for all countries and has many principles in common with the EU GDPR.
Many regional organizations have shown the same determination to regulate electronic exchanges, in particular financial: ECOWAS (Economic Community of West African States), UEMOA (West African Economic and Monetary Union), CEMAC (Central African Economic and Monetary Community).
Personally, I have contributed to updating the administration part of the Uniform Act relating to General Commercial Law (AUDCG) of the OHADA (Organization for the Harmonization of Corporate Law in Africa) which regulates trade: electronic signature and stamp, timestamping, security of electronic exchanges, etc.
A number of audits in which I recently participated show this: countries such as Niger and Mauritania already have regulatory texts on electronic exchanges, in addition to their telecommunications law and audiovisual services law. However, these enactments are drawn up on a piecemeal basis. They often prove to be one step ahead of uses for operational reasons: lack of computers, unpredictable power supply, difficult Internet connection in the hinterlands, far from the coastal submarine cables that supply the African continent, etc.
Yes. There exists one modern system that works very well: the One-Stop Shops for Port Affairs or Foreign Trade, located across the large ports along the coast of Africa. These national or regional dematerialization platforms facilitate the secure completion of import, export and transit formalities. They make it possible for all parties to file standardized information and documents, signed electronically, at a single entry point that reduces the costs and deadlines for formalities and transactions.
Niger, meanwhile, is preparing to establish a system that will manage electronic identification of individuals, thanks to which it would be able to issue identity cards and passports, as well as organize electronic voting. The initiative is in step with both digital sovereignty and national sovereignty!
The 3 criteria defining Open Data:
1. Availability of and access to data
2. Re-use and distribution of data
3. Universal participation