The Delicate Dance of Tech Titans and Sovereign States: The Geopolitical Stakes Surrounding Data Ownership in Africa

In 2017, Kenya would go on to conduct what would become one of its most hotly contested elections to date, against the backdrop of the Cambridge Analytica scandal of 2016.  Facebook, present-day Meta, would play a complicit hand in undermining this young democracy’s sovereignty via the exploitation of the country's data. It enabled the use of machine learning algorithms on personality traits and preferences for targeted political messaging to create detailed psychological profiles of users and targeting political ads from dubiously harvested data. With technological landscape rapidly evolving, the urgent need for East Africa to take proactive steps to address the widening gap created by the dominance of ‘big tech’ in data custody would be tangibly felt.

The US and Western Europe is home to over 50% of the world’s data according to the McKinsey Global Institute. This underlines the importance of East African countries recalibrating their technology and geopolitical security policies related to data and AI governance prior to the innovation of their own data centres (which we touch on below). By addressing these risks and strengthening governance, East African nations can secure a stronger position in the rapidly expanding world of emerging technologies.

This highlights a critical issue in the African digital landscape—digital sovereignty. The dominance of foreign tech giants over local digital infrastructure, data, and technology can limit the autonomy of African nations with their own standards and solutions which may not align with local needs. This situation raises concerns about the long-term control and management of digital resources, suggesting a need for greater emphasis on developing and safeguarding Africa’s technological independence through building our own data centres.

Data centres are specialised facilities that house digital and computer systems designed to support the continuous operation of IT infrastructure. These include servers and storage devices which are used to store, manage and process digital data. They are the backbone of digital services as they support everything from websites and cloud storage to online transactions and enterprise.

Who Owns my Data?

As data is an intangible asset that transcends geopolitical borders, there is often ambiguity as to who owns it. It is dependent on several factors including the creator, how it is used, and which laws apply regarding data protection.

This is best explained via a simple journey. Data is created whenever we interact with a digital system through activities such as taking a picture, sending a message or posting on social media. This data is collected by companies, websites and devices such as computers and smartphones. After it is collected, it could then be used to analyse behavioural patterns to offer personalised services, for example. All this data is stored on servers which could be physical or on the cloud. This simple journey explains how a picture, which was once yours, is stored and processed by a tech company and sold as information. Along this journey, the attribution of ownership to this photograph became more and more unclear. Unknowingly, users transfer the ownership of their data on to technology companies in several ways: through complex privacy policies, default settings that favour data sharing, inadequate consent mechanisms, and third-party data practices. This lack of transparency and user awareness means that the true ownership of data is often obscured.

The Curious Case of Cambridge Analytica

In 2016 and 2017 came some of the most significant consecutive data privacy breaches in recent history. The widespread misuse of personal data for political manipulation undermined some of the most consequential political outcomes of the century – namely, Trump's 2016 US Presidential Election, the Brexit Referendum and the 2017 Kenyatta re-election. Cambridge Analytica, a British consulting firm had harvested personal data from 87 million  Facebook profiles without their consent to influence these democratic exercises towards the will of their clients.

In Kenya’s case specifically, Cambridge Analytica used sophisticated data manipulation techniques backed by their psychographic profiling.  By analysing the personal data collected through Facebook, including likes, shares, and interactions, Cambridge Analytica was able to build profiles of Kenyan voters identified by voter emotional triggers, values and political leanings. Cambridge Analytica was able to leverage these profiles to create highly targeted personalised political advertisements.

This case demonstrates the potential for data misuse that comes with a lack of digital sovereignty. Cambridge Analytica’s ability to deploy such tailored content was facilitated by Facebook’s inadequate privacy protections at the time, which allowed for the large-scale extraction and misuse of personal information. Kenya did not have ownership of the digital tools which informed is election allowing foreign entities to manipulate the country's data and play a significant role in shaping domestic political outcomes.

The Data Centre Solution

As sovereign states explore the erection of localised data centres, they also assess the feasibility of acquiring the key components of these centres. Those include the physical machines that store and process data, fibre optic cables, backup power and cooling systems.

These data centres are paramount for achieving digital sovereignty as they provide a nation with a secure and regulated environment for storing and managing vast amounts of data.

By centralising data storage, organisations and governments can claim and safeguard their data, ensuring its integrity and mitigating the risk of loss and manipulation. Additionally, data centres provide both physical (biometric access controls) and digital (encryption) advanced security measures to further protect data from cyber-attacks.

The East African region, with its 29 data centres, demonstrates significant strides in digital infrastructure, with Nairobi, Kenya, hosting over half of these facilities. Kenya stands as a regional leader, ranking second on the continent in the number of data centres, tied with Nigeria’s 15 but still behind South Africa’s 39. A notable development in this landscape is the partnership between Schneider Electric and IXAfrica Data Centres, which led to the launch of an AI-ready hyperscale data centre in Nairobi, the largest of its kind in the region.

The presence of these data centres plays a role in the region’s tech ecosystem. They not only provide the computation capacity essential for developing and deploying complex AI models but also serve as a catalyst for local talent development. By offering hands-on experience with sophisticated technologies, these centres help cultivate a skilled workforce capable of driving future innovations. The emergence of several technological unicorns from Kenya and Nigeria underscores the impact of this infrastructure on regional entrepreneurship and economic dynamism.

The growth of this encouraging phenomenon will allow East African nations to maintain control over their data under local laws rather than foreign regulation. Additionally, the gatekeeping of access to this data will be a step in the direction of preventing cases like the Cambridge Analytica scandal reoccurring in the future.

Legislation’s Late Entrance

Moreover, legislation is being introduced in the region to control the flow of digital information. In the past few years, governing bodies such as the European Union (EU) have introduced laws like the General Data Protection Regulation (GDPR). This act gives individuals the rights over their data such as the right to access it, correct it or request its deletion, as well as nations more control over the data collected within the European region. Although the EU holds the keys to such a high-income market that technology giants’ compliance to this regulation ultimately affects users globally, a more bespoke approach must be tabled for Africa to truly stake a claim for their digital sovereignty. 

In October 2021, Rwanda enacted their first data protection legislation – Law No. 058/2021. This law applies to the domestic and international control and processing of Rwandese data and  gives individuals rights including accessing, erasing and rectifying data, objections to processing and requires all processors to obtain the consent of the  user Similarly, Kenya’s ‘Data Protection Act 2019,’ which draws many similarities to the GDPR, saw the appointment of the Data Protection Commissioner and the establishment of the Office of the Data Protection Commissioner. The act aims to protect personal data and freedom of expression, ensuring that data is processed lawfully.

Conclusion

The increasing adoption of digital technologies is transforming economies at an unprecedented speed. However, the phenomenon of a small number of large tech firms owning the overwhelming majority of the infrastructure and data of their users brings into question the ethical uses of this information. As much as the ownership of data is ambiguous, one thing is for certain, the digitisation of the economy is one of the key drivers of socioeconomic growth and government revenue. The unequivocal opportunities it presents in employment, growth and diversification of the economy further asserts the urgency of its cautious stewardship.

With the internet being projected to reach 5.2% of Africa’s GDP by 2025, the impacts of digitisation are already being seen beyond the information and communication technology (ICT) sector. As Africa’s systems become more digitally integrated, the urgency of securing its digital sovereignty will only grow increasingly important.