Summary

The rapid advancement of technology has increased the use of Automated Decision-Making (ADM) systems in various sectors such as healthcare, finance, and government service delivery in Africa. While they improve efficiency, ADM systems raise concerns about human rights violations, bias and accountability. Currently, data protection laws regulate ADM systems on the African continent by requiring transparency and accountability from data controllers and processors involved in ADM. Laws such as the South African Protection of Personal Information Act (POPIA), the Nigerian Data Protection Regulation (NDPR), the Ghana Data Protection Act and the Kenya Data Protection Act include data subjects’ right not to be subjected to decisions impacting them, which are based solely on ADM. However, there remain specific gaps in these laws, where some such as the Ghana Act, lack provisions for Data Protection Impact Assessments (DPIAs) when conducting high-risk data processing such as ADM. Thus, the requirement of DPIAs must be included in African laws to cater for the risks associated with ADM, such as bias and discrimination. African nations must also increase their adoption of AI governance policies and best practices such as the General Data Protection Regulation (GDPR) ADM principles, the OECD Principles on Artificial Intelligence, and the UNESCO Recommendation on the Ethics of Artificial Intelligence to alleviate these risks.