Law: Law No. 025/2023 of 09/07/2023 amending Law No. 001/2011 of September 25, 2011, on the protection of personal data (only available in French here) (the Personal Data Law).

Regulator: Gabon data protection authority (APDPVP)

Summary: The National Assembly and the Senate of Gabon adopted the country's overarching data protection legislation, in the form of Law No. 001/2011 on the Protection of Personal Data (only available in French here) (the Law), in 2011. The Law provides data subjects with the rights of access, to object to data processing, and to rectification and erasure. The Law, which established the Gabon data protection authority (CNPDCP) clarified its capacity for enforcement actions in 2019, and noted that alongside issuing warnings and a three-month ban on activities, it can impose fines ranging from CFA 1 million (approx. €1,500) to CFA 100 million (approx. €150,100) for violations of the Law, and CFA 100 million to CFA 300 million (approx. €450,300) for repeat violations. The CNPDCP is also an observing member of the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108).

Notably, the Law was amended following the passage of Law No. 25/2023 amending Law No. 001/2011 relating to the protection of personal data (only available in French here) (the Amendment Law). The Amendment Law provides further clarification to provisions under the Law including data subject rights, obligations of data controllers and processors, and data processing principles.

Privacy and data protection is also considered pursuant to Articles 1 and 47 of the Constitution of Gabon (only available in French here), and Law No. 26/2018 regarding the Regulation of Electronic Communications in Gabon (only available in French here).