Drudeisha Madhub, wey be Data Protection Commissioner for Mauritius, don talk say technologies like digital identity systems no fit work inside legal vacuum without strong data protection safeguards for citizens. She yarn dis as African governments dey rush to roll out digital identity and digital public infrastructure.
Madub say make privacy, cybersecurity and governance be like foundation for digital ID infrastructure, not just something wey dem add later. She yarn wit Biometric Update during ID4Africa 2026 AGM for Abidjan.
“The simplest way to make people convinced about the importance of data protection is just to tell them that if you need digital ID technology, then you also need data protection. You also need cybersecurity. It’s like two sides of the same coin,” Madhub yarn.
She add say, “You cannot have technology without data protection and cybersecurity. If you operate technology in a legal vacuum and in a non-protection side, then you’re obviously putting the lives of your people at stake. Data represents us, it is us. You’re putting us at stake if you do not have the right data protection safeguards.”
Madhub, wey get more than 20 years experience as data governance expert, say e no just enough to get laws. Countries must explore how dem go embed data protection inside technologies dem dey deploy, like through privacy by design.
“We can register controllers and processors. We can make them fill in forms. We probably can do some enquiries and fine them. That’s good, it’s a good start. But data protection is much more than this. It’s not only about these obligations. It’s about how systems respond to data protection requirements,” she opine.
According to Madhub, data protection considerations must dey seriously taken on board by every country when dem dey purchase technologies, create new software systems, apps, or everything related to digital identity.
“If at the foundation we have not put these requirements, we will perhaps see that many digital identity vendors and sellers come to market them to us. They’ll tell you they are marketing trust, or the right trust-by-design, or privacy-by-design systems. We cannot operate in such a way,” she caution.
Madhub retrace Mauritius evolution for data protection, from first law for 2004, through partial implementation for 2009, to adoption of new data protection regime for 2017 wey align wit international standards.
“In 2026, we are going for the EU adequacy assessment, and we are fully aligning our law with the European Union’s General Data Protection Regulation requirements. This is being done to ensure that Mauritius is treated as a safe and equivalent destination in data protection by the EU. As you know, one of the impactful regulations and international standards is the EU-GDPR,” Madhub state.
Under EU-GDPR, biometric data wey dem use for digital identity systems na special category personal data, wey require enhanced protections and stricter processing conditions.
According to Madhub, Mauritius also dey part of many continental and global efforts wey prioritize data governance. “We have also ratified the Malabo Convention, and we are also a party to the African Continental Free Trade Agreement and all its Protocols. From the regional side, we are also implementing the SADC requirements. We have also ratified the Convention on Data Protection of the Council of Europe. We were the first African country to have done it,” she yarn.
“That type of international standardization of data protection standards in Mauritius through our legal framework is actually going to help us make sure that economic cross-border data flows and economic investment from our foreign counterparts is properly secured, as well as the rights of people locally and in other parts of the world.”
Mauritius launch mobile digital ID system for 2024. The deployment give country practical experience for balancing digital identity innovation wit privacy, governance and cross-border data protection requirements.
Madhub explain say Mauritius don serve as example for some other African countries wey dey build data protection mechanisms for dia digital public infrastructure. “We have been benchmarking many African countries such as Rwanda, Uganda, Seychelles, Cote d’Ivoire, and many other countries that I can’t immediately remember. We have worked with them and advised them on the way forward,” she disclose.
She say dem don develop templates wey dem ready to share wit any country wey dey interested. “I elaborated the Mauritius National Data Strategy. This is a document which could have been done by consultants or some other people, but my government trusted me to do it because I’m in data governance. You want to do data governance and you don’t know how to go about it? You can take the templates, get some training from us, and then go ahead with your data governance effort.”
As more African countries dey roll out digital identity and DPI programs, Mauritius dey position itself as model for how data protection, governance and digital identity fit evolve together. Dat balance, Madhub argue, go ultimately determine whether citizens trust di next generation of digital public infrastructure.
