By: Binta Jaiteh
Telecom giants Africell and Qcell have expressed strong opposition to the Public Utilities and Regulatory Authority’s (PURA) demand for customers’ personal data. Appearing before the National Assembly’s Select Committee on Education, Training, and ICTs, representatives from both companies presented their concerns during discussions on the ‘Data Protection and Privacy Bill, 2024’.
Ahamat Jah, representing Qcell, highlighted that Section 25 of the bill emphasizes transparency and accountability, requiring telecom operators to provide clear and accessible privacy policies. While he acknowledged the importance of data protection, he stressed that regulatory authorities must ensure that privacy safeguards are in place.
“Organizations must have policies in place to ensure compliance. They should conduct and publish annual transparency reports detailing how they handle personal data, and this should be under the data protection authority, which is PURA,” he stated.
When questioned by Hon. Musa Badjie about specific projects requiring PURA to request customer data, Jah responded that while some national projects necessitate data sharing, telecom operators remain cautious about protecting user privacy.
He disclosed that PURA typically sends generalized requests for customer data, including names, phone numbers, dates of birth, and addresses, often without specifying the purpose. “When we challenge them on why such sensitive data is required, they simply respond that they are a regulatory body,” he explained, adding that similar concerns exist with Gambia Revenue Authority (GRA) requesting data irrelevant to their projects.
Jah cited an example involving a World Bank project that sought demographic data on certain areas but did not require personal identifiers like names and phone numbers. He argued that PURA should lead efforts to protect personal data, ensuring that only necessary information is collected for national projects.
“If PURA demands data without justification, I am fully prepared to challenge them in court. While some data is essential for national development, it must be properly regulated. A dedicated Data Protection Authority must be established to oversee compliance and prevent breaches that could expose individuals to risks,” he asserted.
Africell’s Senior Regulatory Affairs Manager, Sally Bittaye, echoed similar concerns, stating that they had previously written to PURA regarding the issue.
“Our stance remains clear: until a proper regulatory framework is in place, sharing customer data without safeguards is unacceptable. Once the commission is established, we will push for stronger regulations to ensure data protection is effectively enforced,” she affirmed.
The Data Protection and Privacy Bill, 2024, mark a significant step toward strengthening privacy rights in The Gambia. However, stakeholders argue that the law must be refined to enhance clarity, enforceability, and protections against misuse. Addressing these issues will help The Gambia establish a robust, internationally recognized data protection regime that safeguards the privacy and dignity of its citizens.
