Burundi adopts data protection law
Burundi’s parliament has unanimously approved a new legal framework governing the collection and use of personal data, as public authorities accelerate the digitisation of administrative systems. The legislation establishes an independent oversight body and introduces penalties for misuse, marking a significant development in the country’s digital governance landscape.
Lawmakers in the National Assembly of Burundi adopted the bill during a plenary session held on 15 January in Kigobe. The law regulates how personal data may be collected, processed, and exploited across public and private sectors, at a time when digital tools are increasingly embedded in government operations and everyday services in Burundi.
The legislation was sponsored by the Ministry of Interior, Community Development, and Public Security, which identified gaps in existing law as digitalisation expanded. Authorities cited the digitisation of the voter register, the expansion of computerised public administration, and preparations for a biometric national identity card as factors that have increased the volume and sensitivity of personal data handled by institutions.
Under the new framework, core principles for data protection are defined, with an emphasis on privacy and respect for fundamental rights and freedoms. The law also creates an independent administrative authority responsible for monitoring compliance and enforcement. In addition, it introduces specific criminal penalties for violations, complementing existing cybercrime provisions.
During parliamentary debates, lawmakers linked these measures to concerns about data security and misuse, presenting the framework as a means to strengthen public confidence in digital systems. The reform is also expected to support the rollout of the biometric national identity card, with officials indicating that pilot testing is already underway in several communes ahead of a phased national deployment.
