Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Algeria: Navigating the legal landscape of data protection

In an age defined by rapid technological advancements, the imperative to fortify data protection measures has become increasingly evident. For Algeria, a country on the cusp of significant digital transformation, the legal infrastructure governing data protection is a critical aspect of ensuring the responsible use and safeguarding of sensitive information. Hakim Berrah, from Clyde & Co LLP, delves deeper into the current legal landscape of data protection in Algeria, exploring the challenges it faces and the legal initiatives undertaken to address these issues.

Iacob MADACI / Essentials collection / istockphoto.com

Algeria's legal framework for data protection is primarily characterized by a sectoral approach, with existing laws such as the Telecommunications Law and the Postal and Telecommunications Code playing a role in shaping data protection practices. Law No. 18-07 of 25 Ramadhan 1439 Corresponding to June 10, 2018 Relating to the Protection of Individuals in the Processing of Personal Data (Law No. 18-07), in force since August 11, 2023, is the most relevant legal source for data protection in Algeria today.

Article 2 of Law No. 18-07 specifies that the processing of personal data, whatever its origin or form, must be done in respect of human dignity, privacy, and public freedoms, and must not infringe on the rights of persons, their honor, and their reputation.

In addition, Law No. 18-07 provides for the establishment of a National Authority of Personal Data Protection (ANPDP), whose members were appointed by Presidential Decree No. 22-187 of 18 May 2022 (Presidential Decree No. 22-187) for a period of five years. The ANPDP plays the role of regulator of the processing of personal data.

Challenges in the legal sphere

Absence of comprehensive local precedents

The recent adoption of Law No. 18-07 poses challenges in providing a standardized and comprehensive approach to data protection. This gap leaves room for ambiguity in interpreting and enforcing data protection principles. However, everything is put in place by the institutions to make sure that the application of Law No. 18-07 is respected and understood not only by citizens but also by the entities collecting personal data.

Limited regulatory authority

Regulatory bodies responsible for overseeing data protection issues may face limitations in their authority and capacity. This raises concerns about the adequacy of enforcement mechanisms and the ability to address evolving challenges effectively.

Cross-border data transfers

In an interconnected global economy, cross-border data transfers are commonplace. The absence of clear legal provisions governing international data transfers poses risks related to data sovereignty, privacy compliance, and alignment with international standards.

Steps towards legal solutions

Drafting a comprehensive data protection law

Recognizing the need for a dedicated legal framework, discussions, and initiatives have been moving faster the last year to ensure the effectiveness of Law No. 18-07.

Capacity building initiatives

Efforts are being made to enhance the capabilities of regulatory bodies and law enforcement agencies. This involves training programs, workshops, and collaborations with international organizations to ensure that legal authorities are well-equipped to address the complexities of data protection in the digital age.

Public-private collaboration

Stakeholders from both the public and private sectors are actively engaging in dialogues to contribute to the development of effective data protection policies. Collaborative efforts aim to strike a balance between protecting individual rights and fostering innovation and economic growth.

The legal landscape of data protection in Algeria is undergoing a transformative phase. While challenges persist, there are initiatives to enhance regulatory capacity and foster collaboration, which signifies a positive trajectory. The evolving legal framework is crucial not only for ensuring compliance but also for instilling confidence in businesses and individuals as Algeria navigates the intricate terrain of the digital era. As legal solutions continue to unfold, Algeria stands poised to establish a robust foundation for data protection in line with international standards.

­­­­­­­­­­­­­­­­­­­­­Data protection has a significant impact on various aspects of Algerian society, ranging from individual privacy rights to the development of a secure and trusted digital economy. Here are some key areas where data protection has a notable impact in Algeria:

Individual privacy rights

  • Legal safeguards: Adequate data protection measures are essential for safeguarding the privacy rights of individuals. A comprehensive data protection law, when implemented, will empower individuals with legal mechanisms to control how their personal data is collected, processed, and stored.
  • Consent and transparency: Data protection regulations ensure that individuals have the right to provide informed consent for the processing of their personal data. This emphasis on transparency helps build trust between individuals and entities handling their information.

Business practices and innovation:

  • Compliance requirements: The introduction of robust data protection laws will necessitate businesses to comply with specific standards and practices. This compliance not only protects the privacy of individuals but also fosters a culture of responsible data management within organizations.
  • Innovation and trust: A strong data protection framework contributes to the development of a trusted digital ecosystem, encouraging innovation and the adoption of new technologies. Businesses can confidently explore data-driven strategies knowing that privacy and security are prioritized.

Cross-border data transfers:

  • International collaboration: Clear regulations on cross-border data transfers enhance Algeria's ability to engage in international collaborations. Ensuring the lawful and secure transfer of data across borders is vital for businesses engaged in global activities while protecting the rights of Algerian citizens.

Government and public services:

  • Public trust: Government agencies handling personal data, such as health records or citizen information, must adhere to stringent data protection standards. Doing so not only upholds citizens' trust in public institutions but also ensures the responsible use of sensitive information.
  • Efficient public services: An effective data protection framework facilitates the efficient and secure delivery of public services. It enables the government to leverage digital technologies to streamline processes while maintaining the confidentiality and integrity of citizens' data.

Cybersecurity and data breach response:

  • Prevention and preparedness: Data protection regulations are intertwined with cybersecurity measures. A focus on data protection enhances the prevention of data breaches, and having clear regulations in place ensures that organizations are prepared to respond swiftly and appropriately in the event of a breach.

Consumer rights and redress:

  • Individual empowerment: Data protection laws empower individuals with the right to access their data, rectify inaccuracies, and, in certain circumstances, request the deletion of their information. This gives individuals greater control over their personal data.
  • Redress mechanisms: In the event of data breaches or misuse, individuals have legal avenues for seeking redress. This legal recourse serves as a deterrent against negligent or malicious handling of personal data.

Closing remarks

In summary, the impact of data protection in Algeria extends across legal, economic, and societal dimensions. As the country continues to develop its data protection framework, the goal is not only to comply with international standards but also to empower individuals, foster trust, and create an environment conducive to responsible and innovative data practices.

Below are some recommendations from the ANPDP:

  • If the data controller is established abroad and uses, for the purposes of processing personal data, automated or non-automated means, located on Algerian territory, it must first delegate its representative established in Algeria to sign and declare the processing or request authorizations, following the procedure described. (This procedure is performed only once to have an access account that will be transmitted from the ANPDP to the representative installed in Algeria).
  • It is absolutely necessary that each body or natural person concerned by the processing of personal data appoint its authorized representative with an appropriate profile who is mainly concerned with:
    • establishing the mapping of processing;
    • ensuring follow-up; and
    • raising awareness among users of processing operations on the provisions and compliance standards cited in Law No. 18-07. This representative must be independent and have direct access to the head of the organization to report cases of violation of Law No. 18-07 that may arise. This representative is the focal point of the ANPDP.
  • Certain information must be entered in both languages (Arabic and French) to allow this data to be displayed on the National Register for the Protection of Personal Data governed by Article 28 of Law No. 18-07, which will be available in both languages.

Given that Law No. 18-07 has been in force since August 11, 2023, it's crucial for businesses and individuals in Algeria to familiarize themselves with its specific provisions and ensure compliance with the data protection requirements outlined in Law No. 18-07. If you require detailed information, consulting the official text or seeking legal advice from a professional well-versed in Algerian data protection laws is recommended.

Hakim Berrah Lead Africa Desk
[email protected]
Clyde & Co LLP, Dubai