Senegal Data Protection Law: Sectoral Exceptions Regulated by Other Laws

The factor of Sectoral Exceptions Regulated by Other Laws is used in determining the law's applicability by exempting data processing activities that are already governed by specific regulations with established data protection standards, thereby preventing duplicative regulation for sectors such as law and order, defense, and national security.

Text of Relevant Provisions

LAW N 2008-12 Art.2(5):

"Are subjected to the present law: (5) Any data processing concerning the law and order, the defense, the search and the pursuit of penal breaches or the safety of the State, even bound to an important economic or financial interest of the State, subject to the dispensations which defines the present law and specific provisions on the subject fixed by other laws."

Analysis of Provisions

The Senegal Personal Data Protection Law (LAW N 2008-12) specifies that the law applies to data processing activities concerning law and order, defense, and national security, but subject to specific provisions fixed by other laws. This means that if there are existing laws that regulate data processing in these sectors, the Personal Data Protection Law will not apply, or will apply only to the extent that it does not conflict with those specific provisions.

For example, Art.2(5) of LAW N 2008-12 states that the law applies to data processing activities concerning law and order, defense, and national security, but subject to specific provisions fixed by other laws. This indicates that the law's applicability is limited by the presence of other regulatory frameworks that govern data processing in these sectors.

Implications

The inclusion of this factor has significant implications for businesses in Senegal. For example, a government agency that processes personal data for national security purposes would be exempt from the Personal Data Protection Law to the extent that it is subject to specific provisions fixed by other laws. Similarly, a company that processes personal data for defense purposes would also be exempt from the law to the extent that it is subject to specific provisions fixed by other laws.

Conversely, a company that processes personal data for commercial purposes would not be exempt from the law, unless it can demonstrate that it is subject to specific provisions fixed by other laws that regulate data processing in its sector.

For instance, a telecommunications company that processes personal data for commercial purposes would be subject to the Personal Data Protection Law, unless it can demonstrate that it is subject to specific provisions fixed by other laws that regulate data processing in the telecommunications sector.