Data protection & privacy laws in Côte d'Ivoire (2026)

Law No. 2013-450 of 19 June 2013 is the comprehensive statute governing collection, processing, storage, and transfer of personal data by any public or private entity operating in Côte d'Ivoire; it establishes core principles of fairness, purpose limitation, data minimisation, and storage limitation.

ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) is the designated data protection authority, operating as an independent administrative body with legal personality and financial autonomy; its data protection functions are accessible at autoritedeprotection.ci.

Organisations must declare processing activities to ARTCI or obtain prior authorisation before processing personal data; ARTCI launched a National Registry of Data Protection Correspondents with a registration deadline of 31 January 2026, requiring designated in-house data protection contacts.

Individuals hold rights to access, rectification, deletion, objection (including for direct marketing), and the right not to be subject to decisions based solely on automated processing that produce significant or adverse legal effects.

Transfers to non-ECOWAS countries require prior ARTCI authorisation and are only permitted where the recipient country provides an equivalent or higher level of data protection (Articles 7 and 26 of Law No. 2013-450); intra-ECOWAS transfers benefit from freer flow under the ECOWAS Supplementary Act.

ARTCI may impose fines up to 10,000,000 CFA francs for violations; repeat breaches within five years attract fines up to 100,000,000 CFA francs or 5% of pre-tax annual turnover, capped at 500,000,000 CFA francs; criminal sanctions (imprisonment and higher fines) apply to the most serious offences.