Data Protection in Ghana

Data protection laws in Ghana

The primary legislation governing privacy / data protection in Ghana is the Data Protection Act, 2012 (Act 843).

Other laws, examples of which are set out below, contain some privacy/data protection provisions:

1992 Constitution

Article 18(2) provides citizens with a fundamental right to privacy. The Article provides that “no person shall be subjected to interference with the privacy of his home, property, correspondence or communication except in accordance with law and as may be necessary in a free and democratic society for public safety or the economic well-being of the country, for the protection of health or morals, for the prevention of disorder or crime or for the protection of the rights or freedoms of others.”

Electronic Communications Act, 2008 (Act 775)

A network operator or a service provider who is a holder of a Class Licence shall not use or permit another person to use or disclose confidential, personal or proprietary information of a user, another network operator or service provider without lawful authority unless the use or disclosure is necessary for the operation of the network or service, the billing and collection of charges, the protection of the rights or property of the operator or provider, or the protection of the users or other network operators or service providers from the fraudulent use of the network or service.

A person who intentionally uses or discloses personal information in contravention of the Act commits an offence and is liable on summary conviction to a fine of not more than one thousand five hundred penalty units or to a term of imprisonment of not more than four years or both.

Act 775 defines a Class Licence as “a licence, other than an individual licence, granted on the same terms to each applicant in respect to a class of electronic communications networks or services or radio-communication services.”

Electronic Communications Regulations, 2011 (L.I. 1991)

The principle of privacy and secrecy in electronic communications applies to the National Communications Authority, operators of electronic communications networks and providers of electronic communications services.

The operator is required to comply with international best practices in the industry to promote privacy, secrecy and security of communications carried or transmitted by the operator or through the communications system of the operator, and the personal and accounts data related to subscribers.

Credit Reporting Act, 2007 (Act 726)

The Bank of Ghana has the overall supervisory and regulatory authority under the Act to: (a) register, license and regulate bureaus, data providers and credit information recipients and their agents; and (b) control and supervise activities of the credit bureaus, data providers, credit information recipients and their agents.

The Act requires the recipient of a credit report to keep such report confidential while ensuring that the information contained in it is used solely for its specified purpose. A credit bureau, data provider or credit information recipient is required to observe the principles of: (a) equality of credit information subjects; (b) confidentiality of information; (c) non-interference in the private life of citizens; (d) respect for the rights, liberties and lawful interests of persons and legal entities; (e) accuracy and transparency of information; and (f) `privacy and secrecy of communication.

Credit Reporting Regulations, 2020 (L.I. 2394) 

These regulations made pursuant to the Credit Reporting Act, 2007 (Act 726), set standards for the safety and security of credit information, standards for data submission by data providers as well as standards for privacy and data security which are to be observed credit bureaus. These include:

  • Confidentiality of credit information;
  • Controls and security measures to be taken by credit bureaus; and
  • Standards to be observed in the processing of data submitted. 

*A penalty unit is equivalent to GHS12 ( approximately USD11.6 as at 22 December 2023).

Public Health Act, 2012 (Act 851)

Article 45 of the International Health Regulations (2005) of World Health Organisation Regulations which is annexed to Act 851 as the Seventh Schedule provides that “health information collected or received by a State Party pursuant to these Regulations from another State Party or from WHO which refers to an identified or identifiable person shall be kept confidential and processed anonymously as required by national law.”

Children’s Act, 1998 (Act 560)

The purpose of this Act is to reform and consolidate the law relating to children, to provide for the rights of the child, maintenance and adoption, regulate child labour and apprenticeship, and provide for ancillary matters concerning children generally.

Act 560 provides that “a child’s right to privacy must be respected throughout the proceedings at a Family Tribunal”. In furtherance of this, the Act restricts participants to the sittings of the Family Tribunal to persons with an interest in the matter including parents of the child and officers of the Tribunal.

Act 560 further provides that it is an offence for any person to “publish any information that may lead to the identification of a child in any matter before a Family Tribunal except with the permission of the Family Tribunal.”


Cybersecurity Act, 2020 (Act 1038)

The purpose of this Act is to regulate cybersecurity activities in Ghana, promote the development of cybersecurity and to provide for other related matters. This Act permits interception of data under limited circumstances.

Act 1038 makes provision for certain authorized persons to apply to the courts for a production order to collect subscriber information or for an interception warrant to collect or record traffic data or content data stored in real time.

Applications made in this regard must indicate the measures to be taken to ensure that the data will be procured:

  • whilst maintaining the privacy of other users, customers and third parties; and
  • without the disclosure of the traffic data of any party not part of the investigation.

Continue reading

  • no results

Back to top