Cross-border data sharing for research in Africa: An analysis of the data protection and research ethics requirements in 12 jurisdictions.

BACKGROUND

In recent years, there has been a notable uptake in genomic and health-related research activities across the African continent. Similarly, there has been increased introduction of data protection legislation that affects the sharing of personal data such as health data and genomic data, including for research. Many of these statutes have stricter requirements when sharing personal data across borders. Consequently, the cross-border sharing of health data that includes genetic data requires careful navigation of the pertinent data protection legislation, in particular concerning the sharing of such data for research purposes. To help researchers navigate these legal frameworks, 12 African countries were analysed to develop country guides on cross-border data sharing.

RESULTS

Of the 12 countries that were analysed, ten have data protection laws in place (Botswana, Ghana, Kenya, Malawi, Nigeria, Rwanda, South Africa, Tanzania, Uganda, and Zimbabwe), while two countries (Cameroon and The Gambia) do not. With the exception of Ghana, all countries with data protection statutes or bills had additional requirements to be met when sharing personal data across borders. Consent and adequacy are the most common grounds for justifying the sharing of personal data across borders.

CONCLUSION

Given the limitations of the current models of consent, consent is not a suitable basis to transfer large quantities of data for research. Adequacy is a common ground, but there are national differences in the implementation of this ground. Researchers must therefore analyse each national legal framework and make decisions on a case-by-case and country-by-country basis.