Privacy Law at Honduras
Here’s an overview of Ethiopia’s current privacy and data protection legal framework:
Key Legal Frameworks
1. Personal Data Protection Proclamation No. 1321/2024
Adopted: April 4, 2024; In force as of July 24, 2024
Scope: Applies to both public and private entities processing personal data in Ethiopia
Core Principles: Lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and data sovereignty
Data Subject Rights: Includes rights to be informed, access, rectify, delete, restrict processing, object, data portability, post-mortem protection, and protection against automated decisions
2. Oversight & Enforcement
Regulator: The Ethiopian Communications Authority (ECA) oversees enforcement, registration of controllers/processors, handling data transfers, and breach oversight
Breach Notification: Mandatory reporting of personal data breaches to ECA within 72 hours and notifying affected individuals without undue delay
3. Sensitive Data & Children’s Data
Sensitive Personal Data: Its processing is generally banned unless specific exceptions apply (e.g., consent, vital interest, medical treatment, legal proceedings, nonprofit purposes)
Children’s Data: Processing for minors (under 16) requires parental or guardian consent, age verification, and forbids marketing, profiling, or merging purposes
4. Localization & Cross‑Border Transfer
Data Localization: Personal data collected in Ethiopia must be stored on local servers/data centers. “Critical data” may impose stricter localization rules (criteria yet unpublished) .
Cross‑Border Transfers: Allowed only under these conditions:
Adequate protection in the destination jurisdiction;
Explicit informed consent from data subject;
Necessary for contractual or public interest purposes; or
Publicly mandated registry data
5. Penalties for Non‑Compliance
Corporate Fines: Up to 4% of global annual turnover for serious violations
Criminal Penalties:
Simple offenses: 1–3 years imprisonment or fines of 60,000–100,000 ETB.
Moderate offenses: 3–5 years or 100,000–200,000 ETB.
Serious offenses: 5–10 years or 200,000–600,000 ETB
Severe violations (de‑identification, data re‑identification, illegal resale or transfer): 5–10 years or 100,000–300,000 ETB; corporate fines up to 4% turnover
Related Legal Laws & Context
Computer Crime Proclamation No. 958/2016: Addresses cybercrimes such as unauthorized access, malware distribution, data interception, fraud, and grants law enforcement broad investigative powers
Hate Speech & Disinformation Proclamation No. 1185/2020: Criminalizes dissemination of certain online content (hate speech, disinformation), with up to 5 years imprisonment or fines up to 100,000 ETB
Constitutional Right to Privacy: The 1995 FDRE Constitution protects privacy and restricts arbitrary searches/seizures, demanding probable cause, due process, etc.
Regional Context
Ethiopia is part of the African Union’s Malabo Convention on Cybersecurity and Personal Data Protection, which mandates that member states develop comprehensive data protection laws and independent enforcement authorities
Summary Table
| Aspect | Key Highlights |
|---|---|
| Legislation | Personal Data Protection Proclamation No. 1321/2024 (since July 2024) |
| Data Subject Rights | Broad rights including access, erasure, portability, objections |
| Data Localization | Local storage required; critical data may have stricter rules |
| Cross‑border Transfers | Allowed only under explicit, regulated conditions |
| Enforcement & Penalties | ECA oversight; fines up to 4% turnover; criminal sanctions available |
| Related Laws | Computer Crimes (2016), Hate Speech (2020), Constitutional privacy |
| Regional Alignment | AU's Malabo Convention influences broader policy alignment |
Let me know if you’d like help understanding how this applies to specific sectors—like fintech, health, or digital services—or what organizational steps are needed for compliance.Here’s an overview of Ethiopia’s current privacy and data protection legal framework:
Key Legal Frameworks
1. Personal Data Protection Proclamation No. 1321/2024
Adopted: April 4, 2024; In force as of July 24, 2024
Scope: Applies to both public and private entities processing personal data in Ethiopia
Core Principles: Lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and data sovereignty
Data Subject Rights: Includes rights to be informed, access, rectify, delete, restrict processing, object, data portability, post-mortem protection, and protection against automated decisions
2. Oversight & Enforcement
Regulator: The Ethiopian Communications Authority (ECA) oversees enforcement, registration of controllers/processors, handling data transfers, and breach oversight
Breach Notification: Mandatory reporting of personal data breaches to ECA within 72 hours and notifying affected individuals without undue delay
3. Sensitive Data & Children’s Data
Sensitive Personal Data: Its processing is generally banned unless specific exceptions apply (e.g., consent, vital interest, medical treatment, legal proceedings, nonprofit purposes)
Children’s Data: Processing for minors (under 16) requires parental or guardian consent, age verification, and forbids marketing, profiling, or merging purposes
Data Localization: Personal data collected in Ethiopia must be stored on local servers/data centers. “Critical data” may impose stricter localization rules (criteria yet unpublished)
Cross‑Border Transfers: Allowed only under these conditions:
Adequate protection in the destination jurisdiction;
Explicit informed consent from data subject;
Necessary for contractual or public interest purposes; or
Publicly mandated registry data
5. Penalties for Non‑Compliance
Corporate Fines: Up to 4% of global annual turnover for serious violations
Criminal Penalties:
Simple offenses: 1–3 years imprisonment or fines of 60,000–100,000 ETB.
Moderate offenses: 3–5 years or 100,000–200,000 ETB.
Serious offenses: 5–10 years or 200,000–600,000 ETB
Severe violations (de‑identification, data re‑identification, illegal resale or transfer): 5–10 years or 100,000–300,000 ETB; corporate fines up to 4% turnover (
Computer Crime Proclamation No. 958/2016: Addresses cybercrimes such as unauthorized access,malware distribution, data interception, fraud, and grants law enforcement broad investigative powers
Hate Speech & Disinformation Proclamation No. 1185/2020: Criminalizes dissemination of certain online content (hate speech, disinformation), with up to 5 years imprisonment or fines up to 100,000 ETB
Constitutional Right to Privacy: The 1995 FDRE Constitution protects privacy and restricts arbitrary searches/seizures, demanding probable cause, due process, etc.
Regional Context
Ethiopia is part of the African Union’s Malabo Convention on Cybersecurity and Personal Data Protection, which mandates that member states develop comprehensive data protection laws and independent enforcement authorities
Summary Table
| Aspect | Key Highlights |
|---|---|
| Legislation | Personal Data Protection Proclamation No. 1321/2024 (since July 2024) |
| Data Subject Rights | Broad rights including access, erasure, portability, objections |
| Data Localization | Local storage required; critical data may have stricter rules |
| Cross‑border Transfers | Allowed only under explicit, regulated conditions |
| Enforcement & Penalties | ECA oversight; fines up to 4% turnover; criminal sanctions available |
| Related Laws | Computer Crimes (2016), Hate Speech (2020), Constitutional privacy |
| Regional Alignment | AU's Malabo Convention influences broader policy alignment |
RELATED Blog
0 comments