Privacy Law at Honduras

Here’s an overview of Ethiopia’s current privacy and data protection legal framework:

Key Legal Frameworks

1. Personal Data Protection Proclamation No. 1321/2024

Adopted: April 4, 2024; In force as of July 24, 2024

Scope: Applies to both public and private entities processing personal data in Ethiopia 

Core Principles: Lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and data sovereignty 

Data Subject Rights: Includes rights to be informed, access, rectify, delete, restrict processing, object, data portability, post-mortem protection, and protection against automated decisions 

2. Oversight & Enforcement

Regulator: The Ethiopian Communications Authority (ECA) oversees enforcement, registration of controllers/processors, handling data transfers, and breach oversight 

Breach Notification: Mandatory reporting of personal data breaches to ECA within 72 hours and notifying affected individuals without undue delay 

3. Sensitive Data & Children’s Data

Sensitive Personal Data: Its processing is generally banned unless specific exceptions apply (e.g., consent, vital interest, medical treatment, legal proceedings, nonprofit purposes)

Children’s Data: Processing for minors (under 16) requires parental or guardian consent, age verification, and forbids marketing, profiling, or merging purposes 

4. Localization & Cross‑Border Transfer

Data Localization: Personal data collected in Ethiopia must be stored on local servers/data centers. “Critical data” may impose stricter localization rules (criteria yet unpublished) .

Cross‑Border Transfers: Allowed only under these conditions:

Adequate protection in the destination jurisdiction;

Explicit informed consent from data subject;

Necessary for contractual or public interest purposes; or

Publicly mandated registry data 

5. Penalties for Non‑Compliance

Corporate Fines: Up to 4% of global annual turnover for serious violations 

Criminal Penalties:

Simple offenses: 1–3 years imprisonment or fines of 60,000–100,000 ETB.

Moderate offenses: 3–5 years or 100,000–200,000 ETB.

Serious offenses: 5–10 years or 200,000–600,000 ETB 

Severe violations (de‑identification, data re‑identification, illegal resale or transfer): 5–10 years or 100,000–300,000 ETB; corporate fines up to 4% turnover

Related Legal Laws & Context

Computer Crime Proclamation No. 958/2016: Addresses cybercrimes such as unauthorized access, malware distribution, data interception, fraud, and grants law enforcement broad investigative powers 

Hate Speech & Disinformation Proclamation No. 1185/2020: Criminalizes dissemination of certain online content (hate speech, disinformation), with up to 5 years imprisonment or fines up to 100,000 ETB 

Constitutional Right to Privacy: The 1995 FDRE Constitution protects privacy and restricts arbitrary searches/seizures, demanding probable cause, due process, etc.

Regional Context

Ethiopia is part of the African Union’s Malabo Convention on Cybersecurity and Personal Data Protection, which mandates that member states develop comprehensive data protection laws and independent enforcement authorities 

Summary Table

AspectKey Highlights
LegislationPersonal Data Protection Proclamation No. 1321/2024 (since July 2024)
Data Subject RightsBroad rights including access, erasure, portability, objections
Data LocalizationLocal storage required; critical data may have stricter rules
Cross‑border TransfersAllowed only under explicit, regulated conditions
Enforcement & PenaltiesECA oversight; fines up to 4% turnover; criminal sanctions available
Related LawsComputer Crimes (2016), Hate Speech (2020), Constitutional privacy
Regional AlignmentAU's Malabo Convention influences broader policy alignment

Let me know if you’d like help understanding how this applies to specific sectors—like fintech, health, or digital services—or what organizational steps are needed for compliance.Here’s an overview of Ethiopia’s current privacy and data protection legal framework:

Key Legal Frameworks

1. Personal Data Protection Proclamation No. 1321/2024

Adopted: April 4, 2024; In force as of July 24, 2024 

Scope: Applies to both public and private entities processing personal data in Ethiopia

Core Principles: Lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and data sovereignty 

Data Subject Rights: Includes rights to be informed, access, rectify, delete, restrict processing, object, data portability, post-mortem protection, and protection against automated decisions 

2. Oversight & Enforcement

Regulator: The Ethiopian Communications Authority (ECA) oversees enforcement, registration of controllers/processors, handling data transfers, and breach oversight

Breach Notification: Mandatory reporting of personal data breaches to ECA within 72 hours and notifying affected individuals without undue delay 

3. Sensitive Data & Children’s Data

Sensitive Personal Data: Its processing is generally banned unless specific exceptions apply (e.g., consent, vital interest, medical treatment, legal proceedings, nonprofit purposes)

Children’s Data: Processing for minors (under 16) requires parental or guardian consent, age verification, and forbids marketing, profiling, or merging purposes 

Data Localization: Personal data collected in Ethiopia must be stored on local servers/data centers. “Critical data” may impose stricter localization rules (criteria yet unpublished) 

Cross‑Border Transfers: Allowed only under these conditions:

Adequate protection in the destination jurisdiction;

Explicit informed consent from data subject;

Necessary for contractual or public interest purposes; or

Publicly mandated registry data 

5. Penalties for Non‑Compliance

Corporate Fines: Up to 4% of global annual turnover for serious violations 

Criminal Penalties:

Simple offenses: 1–3 years imprisonment or fines of 60,000–100,000 ETB.

Moderate offenses: 3–5 years or 100,000–200,000 ETB.

Serious offenses: 5–10 years or 200,000–600,000 ETB 

Severe violations (de‑identification, data re‑identification, illegal resale or transfer): 5–10 years or 100,000–300,000 ETB; corporate fines up to 4% turnover (

Computer Crime Proclamation No. 958/2016: Addresses cybercrimes such as unauthorized access,malware distribution, data interception, fraud, and grants law enforcement broad investigative powers 

Hate Speech & Disinformation Proclamation No. 1185/2020: Criminalizes dissemination of certain online content (hate speech, disinformation), with up to 5 years imprisonment or fines up to 100,000 ETB 

Constitutional Right to Privacy: The 1995 FDRE Constitution protects privacy and restricts arbitrary searches/seizures, demanding probable cause, due process, etc. 

Regional Context

Ethiopia is part of the African Union’s Malabo Convention on Cybersecurity and Personal Data Protection, which mandates that member states develop comprehensive data protection laws and independent enforcement authorities 

Summary Table

AspectKey Highlights
LegislationPersonal Data Protection Proclamation No. 1321/2024 (since July 2024)
Data Subject RightsBroad rights including access, erasure, portability, objections
Data LocalizationLocal storage required; critical data may have stricter rules
Cross‑border TransfersAllowed only under explicit, regulated conditions
Enforcement & PenaltiesECA oversight; fines up to 4% turnover; criminal sanctions available
Related LawsComputer Crimes (2016), Hate Speech (2020), Constitutional privacy
Regional AlignmentAU's Malabo Convention influences broader policy alignment

 

LEAVE A COMMENT

0 comments