Back to all insights
Data Protection, Legal Update

A New Dawn for Data Protection in Ethiopia: An Overview of Proclamation No. 1321/2024

Kiya Tsegaye
February 18, 2025
7 min read
A New Dawn for Data Protection in Ethiopia: An Overview of Proclamation No. 1321/2024

Building trust in Ethiopia’s digital economy through principled, accountable data handling.

Proclamation No. 1321/2024 lays the cornerstone for automated personal data processing in Ethiopia, constructing essential consumer trust for the country's expanding digital services sector.

The Regulatory Authority

The Ethiopian Communications Authority (ECA) is designated as the chief administrative regulator, holding powers to register processors, issue operational permits, conduct audits, and resolve public complaints.

Core Principles of Personal Data Processing

Under Article 4, all data controller networks must verify adherence to five basic principles:

  1. Lawfulness & Transparency: Explicit customer awareness during data capture.
  2. Purpose Limitation: Collected only for specific, registered, and authorized tasks.
  3. Data Minimization: Limiting storage scope to the bare minimum required for operations.
  4. Accuracy & Maintenance: Data must be continuously kept current.
  5. Security & Integrity: Implementing secure architectures to defend against malicious data breaches.

Sensitive Data Classes

Heightened administrative controls are applied when managing sensitive data profiles, including health status, religious beliefs, union affiliations, genetic traits, and political opinions. These classes require direct user consent or specific legislative exemptions.

K
Kiya Tsegaye
Managing Partner
Share: