Privacy Regulations in Senegal

The first binding sub-regional data protection framework in Africa, strongly influenced by the EU Data Protection Directive. Requires member states to enact national laws and establish supervisory authorities. About two-thirds have enacted implementing legislation. Currently being revised to align with modern standards.

Continental framework treaty bundling data protection, cybercrime, cybersecurity, and e-commerce. Does not directly regulate websites but sets minimum standards for national laws. Took 9 years to reach the 15-ratification threshold. South Africa notably has not ratified.

Senegal's data protection law has among the harshest criminal penalties in West Africa — up to 7 years imprisonment. The CDP can provisionally withdraw authorization for 3 months, becoming permanent if non-compliance persists. Prior declaration to the CDP is required before processing.