Ghana is preparing a new Data Protection Bill to bring Artificial Intelligence (AI) systems, automated decision-making, deepfakes and cross-border data transfers under formal legal oversight for the first time, with Parliament’s Select Committee on Communications urging the government to move the legislation to the floor of the House without delay.
Communications Minister Samuel Nartey George announced the bill on March 2 at the 2026 Data Protection Conference in Accra, saying the proposed legislation was designed to modernise Ghana’s data protection regime in response to increasingly complex global data ecosystems and the growing deployment of AI across health, finance, telecommunications and the public sector. He said the objective was to strengthen enforcement mechanisms, clarify international data transfer rules and enhance citizens’ rights, ensuring that Ghana’s legal framework remained relevant as technology evolved.
The Minister also disclosed that a separate Emerging Technologies Bill was being developed to provide structured oversight for AI systems, advanced analytics, digital assets and new digital platforms, stressing that the legislation aimed not to stifle innovation but to guide it responsibly. A Data Harmonisation initiative is additionally underway to reduce regulatory fragmentation across financial services, telecommunications and the public sector.
Days after the conference, Data Protection Commission (DPC) Executive Director Dr. Arnold Kavaarpuo told media in Parliament that the new bill would specifically address data harvesting by multinationals, the absence of local data infrastructure, and the regulatory gaps created by machine learning and deepfake technologies. Abednego Bandim Azumah, the National Democratic Congress Member of Parliament for Bunkpurugu and Chairman of Parliament’s ICT Select Committee, called the legislation urgent, saying: “We need laws to cover AI, cyber threats, and data misuse by multinationals, and the power to enforce penalties for violations.”
The DPC’s 2026 Data Protection Week launched in January already signalled the shift from education to enforcement. Dr. Kavaarpuo warned at the January 26 launch that organisations that had not registered with the Commission under Section 27 of the Data Protection Act (DPA) must do so without delay, and that Section 56 of the Act prescribes fines and imprisonment for non-compliance. The annual Data Protection Week has been expanded into a month-long national programme to accelerate public awareness ahead of stricter enforcement.
The case for urgency was illustrated at the conference by Dr. Kavaarpuo through the account of a Ghanaian teacher whose mobile loan default led to a lender accessing her contact list and circulating her personal information publicly. “Data protection is not merely a technical issue but one of power, responsibility and consequence,” he said, describing the incident as representative of how personal information shared under financial pressure can be weaponised.
Ghana’s data governance debate has intensified in parallel with a planned nationwide SIM card re-registration exercise, for which policy think tank IMANI Africa has demanded seven minimum legal safeguards before citizens are asked to submit biometric data again, citing failures in the 2022 registration to securely authenticate the biometrics of 30 million participants against National Identification Authority records.
Source : www.newsghana.com.gh
