Data protection is the process of safeguarding important data from corruption, compromise or loss and providing the capability to restore the data to a functional state should something happen to render the data inaccessible or unstable.
- DATA PROTECTION AS A RIGHT IN CAMEROON
There is more to data protection than storing and handling it in a safe way. People have rights over their data. That explains the reasons why the right to access is reserved for the consumer and must be granted before his/her data can be used.
There are also situations where people can object to the use of their personal data. People can also challenge the accuracy of information held about them and have the right to request for such content to be deleted.
These same rights is translated to the claim for damages by a person whose data has been misrepresented and as a result has suffered some inconvenience or loss.
2. DATA PROTECTION AND IMAGE RIGHTS
The infringement on the image rights of a person can lead to legal action. In the cases of YOMBA Madeleine v Les Brasseries du Cameroun and Mrs. MFOPA MAMA born NTOUO SABIATOU v Société NESTLE Cameroun S.A and Société Ocean Central Africa S.A, the photo of an individual was unlawfully used for advertising purposes without the individual’s consent and this constituted a violation of the image rights of the individual.
3. DATA PROTECTION AND CONSENT
The content which is subject to data protection can only be given by the voluntary consent of the owner of the information. Hence if the information of a person is used without his knowledge and against his will or agreement.
Section 44(1) of the Cybersecurity Lawprovides that it is prohibited for any natural person or legal entity to listen, intercept, store communications and related traffic data, or subject them to any other means of interception or surveillance, without the consent of the users concerned, except where such person is legally authorised to do so.
4. DATA PROTECTION AND CONTRACTS
Data protection and contracts is reflected through data processing agreements, data protection agreement or data processing addendum.
A data processing agreement, data protection agreement or data processing addendum is a contractual agreement between a data controller (a company) and a data processor (a third-party service provider.) It defines each party’s rights and obligations regarding data protection.
A DPA also defines the responsibilities of the controller and the processor and sets out the terms they’ll use for data processing.
5. DATA PROTECTION AND ELECTRONIC COMMERCE
E-commerce transactions involve the exchange of sensitive information such as personal details, credit card numbers, and addresses. Ensuring the protection of this data builds trust with customers, who are more likely to make purchases if they believe their information is secure.
Data protection in e-commerce guarantees secure transactions, fostering trust between businesses and consumers. When customers are confident that their personal and financial information is safeguarded, they are more likely to make purchases and engage in repeat business.
6. DATA RETENTION IN THE FINANCIAL MARKET
Financial market data must be kept for a specified period of ten years. Persons handling such data have an obligation of confidentiality, and disclosure is subject to prior authorisation by the competent authority. Any offender shall be liable to penalties, including imprisonment, as provided by Article 38 of the Prevention and Suppression of Money Laundering and Financing of Terrorism Regulation.
7. DATA RETENTION IN THE BANKING SECTOR
Regarding the storage of personal data, Article 10 of the CEMAC Payment Systems Regulation provides that, when opening an account, the customer must provide their personal data.
Article 218 of the CEMAC Payment Systems Regulations adds that the Bank of Central African States (‘the Central Bank’) shall take all appropriate precautions to prevent the personal data recorded from being distorted, damaged, or accessed by unauthorised third parties.
Furthermore, the CEMAC Regulation on Financial Consumer Protection requires credit institutions to record, collect, process, store, and share consumer personal data in a lawful, fair, and non-fraudulent manner. However, credit institutions are prohibited from collecting, storing, processing, and disseminating sensitive consumer data.
8. DATA RETENTION IN THE HEALTH AND PHARMACEUTICAL SECTOR
Patient data is stored at several levels. Within each healthcare establishment, patient-doctor communications are privileged and confidential.
The recording and storage of data related to a medically assisted reproduction process is mandatory. In addition, whoever is involved in a medically assisted reproduction process shall be bound by the obligations of confidentiality (Articles 9 and 10 of the medically assisted reproduction law).
9. DATA SUBJECT RIGHTS
- Right to information
This is a right provided to consumers by virtue of Article 4(1) of the E-Communications Consumer Protection Decree which provides that a consumer of electronic communications services has, notably, the right to information from the operator or service providers.
As per Article 30 of the CEMAC Regulation on Financial Consumer Protection, it provides that where personal data has been collected from the consumer, the reporting institution shall be required to communicate to the consumer the purposes of the processing and the identity of the possible receivers of the personal data.
- Right to access
The consumer of electronic communications services is entitled to the right of access to electronic communications by virtue of Article 4(2) of the E-Communications Consumer Protection Decree provides with standards of quality and regularity inherent in its nature, throughout the national territory.
- Right to rectification
This right is inherent by virtue of Article 20 of the Identification requirements Law which provides that subscribers have the right to obtain, free of charge, the communication of their identification information and require this data to be the rectified, or updated.
- Right to erasure
According to Article 30 of the CEMAC Regulation on Financial Consumer Protection, where personal data has been collected from the consumer, the reporting institution shall be required to communicate to the consumer the purposes of the processing and the identity of the possible receivers of the personal data, and inform the consumer of their right to rectification and erasure.
- Right to object
Article 4(2) of the E-Communications Consumer Protection Decree provides that the consumer of electronic communications services is also entitled to the right to the service provider’s responses to his complaints, and to compensation for damages arising from the violation of their rights.
- Right to data portability
Article 2 of the Number Portability Decree requires the operators to preserve the subscriber’s right to maintain the same phone number when he changes the operator.
- Right not to be subject to automated decision-making
According to Article 30 of the CEMAC Regulation on Financial Consumer Protection the reporting institution is required to obtain the prior consent of each consumer before transmitting his data to third parties, except for credit information offices and any person to whom banking secrecy is not enforceable.
Add comment