Law: Law 2013-450 on the Protection of Personal Data (the Law)

Regulator: The Telecommunications/ICT Regulatory Authority of Côte d'Ivoire (ARTCI)

Summary: On June 19, 2013, Law 2013-450 on the Protection of Personal Data (the Law) came into effect, establishing Ivory Coast's comprehensive data protection framework. The Law addresses the requirement for prior authorization when processing sensitive data, defines consent as a fundamental principle, mandates the appointment of data protection officers, and imposes restrictions on data transfers.

Additionally, Ivory Coast implemented supplementary laws such as Law 2013-451 (only available in French here) which outlines measures to regulate cybersecurity, and Law 2013-546 that governs electronic transactions within Ivory Coast. The legal frameworks facilitate and regulate digital commerce, ensuring that electronic transactions are conducted securely and are legally compliant.

Notably, the Law introduces the Regulatory Authority for Telecommunications in Côte d'Ivoire (ARTCI), which actively operates and plays a central role in overseeing telecommunications and ICT matters. Ivory Coast maintains an active membership in the Economic Community of West African States (ECOWAS), aligning its data protection framework with ECOWAS requirements. Furthermore, on April 3, 2023, Ivory Coast ratified the African Union Convention on Cyber Security and Personal Data Protection to promote cybersecurity and protect personal data.