Privacy and data protection in eHealth in Africa - an assessment of the regulatory frameworks that govern privacy and data protection in the effective implementation of electronic health care in Africa: is there a need for reform and greater regional collaboration in regulatory policymaking?

Doctoral Thesis


Permanent link to this Item
Journal Title
Link to Journal
Journal ISSN
Volume Title

University of Cape Town

This thesis examines and evaluates the legal protection of privacy and personal data in South Africa and across Africa in the electronic health care industry, that is, where medical services are provided to individuals by way of networked technological platforms including mobile telephones. This thesis presents a critical understanding of, and pragmatic solution to, the questions that lie at the intersection of the following: an individual's right to privacy and data protection, cultural disparities when defining privacy, the emergence of electronic health care, the sensitivity of health related data, the need for health care in areas, where lack of resources and lack of accessibility are often commonplace, and the introduction of networked technologies within the health care system as a solution. Firstly, eHealth services and applications are described. Secondly, notions of privacy and data protection are considered. Thirdly, the prevailing legal determinants that form the basis of African and South African data protection regulatory measures are ascertained. Fourthly, selected illustrations are presented of the practical implementation of eHealth services and certain recent influencers within the digital environment, which may inform the future eHealth privacy regulatory framework. Finally, criticisms of the Malabo Convention are presented and recommendations advanced. As there is limited guidance with regard to policymaking decisions concerning privacy and data protection in the implementation of eHealth in developing countries, possibilities for reform are suggested. These will allow a more careful balance between, on the one hand, the normative commitment to providing accessible health care using electronic means and, on the other, the rights to privacy and data protection of the user, which require safeguarding within an African context. In proposing a solution, it is argued that adequate privacy regulation of electronic health must (1) be sensitive to societal and cultural differences in what is considered private, (2) be responsive to rapid technological transformation in healthcare industries, and (3) build user confidence in data protection in this context, to enable nascent electronic health initiatives to reach their potential in Africa. It is proposed that the adoption of an accepted social imperative protected by a powerful triumvirate of ethical constraints, effective legal provisions and regulations, and operational necessities, is possible. Greater regulatory collaboration across the continent is called for based on harmonised domestic and international laws, national policies, and industry codes of conduct that are sensitive to local conditions and challenges.