2. Methodology and limitations The report uses a mixed methods approach of desk review and key informant interviews from specific countries as it relates to emerging and thematic issues that require the intervention of DPAs. The report builds on some of the extensive findings and recommendations from reports such as the Report on the Establishment, Independence, Impartiality and Efficiency of Data Protection Supervisory Authorities in the Two Decades of their Existence on the Continent (Paradigm 2021) and the Understanding the Challenges Data Protection Regulators Face: A Global Struggle Towards Implementation, Independence, & Enforcement Introduction (Internews 2022). In addition to desk review, the report utilised interview materials from a different key informant in the SADC region and beyond, who shared expert opinion on the state of data protection, challenges, and opportunities. The report does not conduct a full country investigation or complete analysis of all the laws concerned with data protection in each country.2 The report revisits law provisions and contextual practices that affect DPA; cross border data transfers; automated processing; processing of sensitive personal data; and digital identities with an intention of highlighting the many emerging and continuing challenges. 3. Contextual introduction Most African countries have adopted data protection laws.3 And in the SADC region, the adoption of these laws was due to the partnership of SADC, the European Union (EU) and International Telecommunications Unions (ITU) through the Harmonisation Policies for the ICT Market in the African Caribbean and Pacific; for southern Africa, this project was called Support for Harmonization of ICT Policies in Sub-Sahara Africa (HIPSSA).4 Through HIPSSA, a model data protection law was adopted which has informed most data protections laws in the SADC region. The SADC Model Law on Data protection is currently being revised by SADC, as it clearly has several shortcomings, one of which is that it is not binding on member states in comparison to other regions such as Economic Community of West African States (ECOWAS) established by the Treaty of Lagos on 28 May 1975 designed to promote regional cooperation and integration. ECOWAS adopted a binding Supplementary Act on personal data protection at the 37th session of For different countries, there are specific and detailed analysis of each data protection law and in some instances, handbooks and guides for users and practitioners. According to UNCTAD as of February of the African countries had legislation in place; had draft Legislation: no legislation and there was no data for . Of the African countries of which in the SADC region of the member states only have pending drafts or are in the process of drafting laws. The majority of countries with data protection laws are therefore in the SADC region. Interview Nigeria respondent indicated that the DP laws are sometimes pursued for political interests and political points. Other countries might pass these laws but still concerned that they constrain their future interests. PAGE