Senegal Law 2008-12

Law 2008-12 on the Protection of Personal Data

Senegal's data protection law requiring prior authorization for health data processing with fines up to CFA 100 million.

Jurisdiction

Senegal

Enacted

Jan 25, 2008

Effective

Jan 1, 2014

Enforcement

Commission de Protection des Données Personnelles (CDP)

African Legal Factory Analysis

Why It Matters

Senegal's prior authorization requirement for health data creates significant compliance barrier for mental health chatbots and crisis support apps serving Senegalese users.

At a Glance

Applies to

Mental Health AppGeneral Chatbot

Requires

Transparency User Rights

Who Must Comply

Data controllers and processors in Senegal
Entities processing health or sensitive data
Cross-border data transfers from Senegal

Obligations fall on:

Safety Provisions

Health data requires prior authorization from CDP
Registration requirement for data processing
Security measures proportionate to risk
Cross-border transfer restrictions
Right to access and correction

Compliance & Enforcement

Penalties

XOF 100M

Primary Source

African Legal Factory Analysis

https://africanlegalfactory.com/2024/01/30/understanding-personal-data-protection-in-senegal/

View on map

Senegal

Focus Areas

Mental health & crisis

Cite This

APA

Senegal. (2008). Law 2008-12 on the Protection of Personal Data.

Related Regulations

In Effect ZM

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

Proposed KE

Kenya AI Bill

First comprehensive AI bill in Sub-Saharan Africa. Proposes creation of AI Commissioner, AI Authority, and Advisory Committee. Establishes risk-based regulatory model aligned with EU AI Act framework, criminalizes harmful deepfakes, and mandates AI content labeling.

In Effect US

White House AI Legislative Framework

Non-binding White House framework outlining seven legislative pillars for Congress, including child safety protections, federal preemption of state AI laws, liability limitations for AI developers, intellectual property protections, free speech safeguards, AI infrastructure investment, and workforce development. Calls for a unified national standard superseding state AI regulations while preserving state child safety, consumer protection, and anti-fraud laws.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.