Photo of Witney Schneidman

Witney Schneidman has nearly 40 years of experience working across Sub-Saharan Africa.

Drawing on his experience in the State Department, the World Bank, think tanks and his own consulting practice, Dr. Schneidman, a non-lawyer, has advised energy, technology, consumer and health companies, among others, on projects in more than 30 African countries. He has also served as Deputy Assistant Secretary of State for African affairs, and on the Africa advisory committees in the Office of the U.S. Trade Representative and at the U.S. Export-Import Bank.

Dr. Schneidman provides strategic advice on the varied political, economic, social and regulatory issues that are critical to companies’ success in Africa. This includes issues related to Corporate Social Responsibility, compliance, market entry and risk mitigation. He played a leading role in the passage and recent reauthorization of the African Growth and Opportunity Act and was a delegate to the Global Entrepreneurship Summit co-hosted by President Obama during his visit to Kenya.

Dr. Schneidman chairs Covington’s Africa Practice Group and is a senior member of the firm’s Public Policy Practice Group, the International Strategy Group and the International Trade and Finance Group.

There has been a substantial increase in the use of the Internet across the African continent, aided by ongoing investment into local digital infrastructure, reduction in the associated costs, and improved user access. This has allowed both individuals, and private and public entities, the ability to access, collect, process and/or disseminate personal data more easily, which has spurred a number of African countries to enact comprehensive data protection laws and establish data protection authorities. There is also a growing perception among African countries that there is a need to protect their citizen’s personal data, to regulate how public and private entities use personal data, and to establish data protection authorities tasked with enforcing these laws.

While countries like Kenya, Rwanda and South Africa now have comprehensive data protection laws, which share some elements found in the European Union’s General Data Protection Regulation (“GDPR”), many of the proposed data protection laws have specific rules that are different from those in other countries in Africa. Consequently, technology companies conducting business in Africa will be required to keep abreast of the evolving regulatory landscape as it relates to data protection on the continent.

Continue Reading Tech Regulation in Africa: Recently Enacted Data Protection Laws

South Africa’s Information Regulator (the “Regulator”) issued, on June 22, 2021, a Guidance Note on Exemptions from the Conditions for Lawful Processing of Personal Information (“Guidance Note”), arising under sections 37 and 38 of the Protection of Personal Information Act, 4 of 2013 (“POPIA”).  The purpose of the Guidance Note is to provide guidance to “responsible parties” who: (i) intend to apply for an exemption from one or more of the eight conditions for the lawful processing of personal information, as prescribed by POPIA (section 37 of POPIA), or (ii) may automatically be exempt from some of these conditions where the processing occurs in the performance of a “relevant function” (section 38 of POPIA).  In a media statement, also issued on June 22, 2021, the Regulator confirmed that the June 20, 2021 deadline for responsible parties to register their Information Officers (“IOs”) and Deputy Information Officers (“DIOs”) was postponed indefinitely.
Continue Reading South Africa: Guidance on POPIA Exemptions and Registration of Information Officers