Building trust in Ethiopia’s digital economy through principled, accountable data handling.
Proclamation No. 1321/2024 lays the cornerstone for automated personal data processing in Ethiopia, constructing essential consumer trust for the country's expanding digital services sector.
The Regulatory Authority
The Ethiopian Communications Authority (ECA) is designated as the chief administrative regulator, holding powers to register processors, issue operational permits, conduct audits, and resolve public complaints.
Core Principles of Personal Data Processing
Under Article 4, all data controller networks must verify adherence to five basic principles:
- Lawfulness & Transparency: Explicit customer awareness during data capture.
- Purpose Limitation: Collected only for specific, registered, and authorized tasks.
- Data Minimization: Limiting storage scope to the bare minimum required for operations.
- Accuracy & Maintenance: Data must be continuously kept current.
- Security & Integrity: Implementing secure architectures to defend against malicious data breaches.
Sensitive Data Classes
Heightened administrative controls are applied when managing sensitive data profiles, including health status, religious beliefs, union affiliations, genetic traits, and political opinions. These classes require direct user consent or specific legislative exemptions.