Data & Privacy · Côte d'Ivoire
Data protection & privacy law in Côte d'Ivoire (2026)
Côte d'Ivoire shaded by its data & privacy status
Data protection in Côte d'Ivoire: comprehensive law, under Law No. 2013-450 of 19 June 2013 on the Protection of Personal Data; supervised by ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) via its dedicated DPA portal autoritedeprotection.ci.
Côte d'Ivoire enacted a comprehensive personal data protection law in 2013 (Law No. 2013-450), modelled on the ECOWAS Supplementary Act on Personal Data framework. ARTCI functions as the independent supervisory authority with regulatory, investigative, and sanctioning powers. The law remains in force as of 2026, with ARTCI issuing updated biometrics guidance in 2024 and operating a National Registry of Data Protection Correspondents with a January 2026 registration deadline.
Key points
Law No. 2013-450 of 19 June 2013 is the comprehensive statute governing collection, processing, storage, and transfer of personal data by any public or private entity operating in Côte d'Ivoire; it establishes core principles of fairness, purpose limitation, data minimisation, and storage limitation.
ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) is the designated data protection authority, operating as an independent administrative body with legal personality and financial autonomy; its data protection functions are accessible at autoritedeprotection.ci.
Organisations must declare processing activities to ARTCI or obtain prior authorisation before processing personal data; ARTCI launched a National Registry of Data Protection Correspondents with a registration deadline of 31 January 2026, requiring designated in-house data protection contacts.
Individuals hold rights to access, rectification, deletion, objection (including for direct marketing), and the right not to be subject to decisions based solely on automated processing that produce significant or adverse legal effects.
Transfers to non-ECOWAS countries require prior ARTCI authorisation and are only permitted where the recipient country provides an equivalent or higher level of data protection (Articles 7 and 26 of Law No. 2013-450); intra-ECOWAS transfers benefit from freer flow under the ECOWAS Supplementary Act.
ARTCI may impose fines up to 10,000,000 CFA francs for violations; repeat breaches within five years attract fines up to 100,000,000 CFA francs or 5% of pre-tax annual turnover, capped at 500,000,000 CFA francs; criminal sanctions (imprisonment and higher fines) apply to the most serious offences.
Timeline - major decisions & events
African data protection authorities from 24 countries convened in Abidjan for the 9th RAPDP conference hosted by ARTCI, adopting a 2026–2030 continental roadmap targeting AI, digital platforms, and biometric data. The Declaration frames personal data protection as a pillar of state sovereignty and economic attractiveness across Africa.
Financial Afrik ↗A comprehensive 252-article electronic communications law restructured ARTCI's oversight of operators, embedding explicit data-related obligations for telecoms providers and strengthening consumer protections for digital services. It replaces the prior sector framework and operationalises data protection within the communications regulatory regime.
ARTCI ↗After 10 named mobile lending applications failed to respond to ARTCI's August 2023 compliance ultimatum, ARTCI published a second communiqué exposing the apps by name and confirming formal mise en demeure notices — the most significant public enforcement action taken under Law No. 2013-450 to date, targeting systematic data misuse for blackmail and extortion.
ARTCI ↗ARTCI issued a public communiqué alerting citizens to serious data protection violations by mobile lending apps — including harvesting contacts and photos for blackmail — and gave operators 10 days to comply with Law No. 2013-450; the first major regulatory alert specifically enforcing the 2013 data protection statute.
ARTCI ↗The African Union's Malabo Convention entered into force 30 days after Mauritania became the 15th ratifying state, with Côte d'Ivoire among the ratifiers; the Convention creates binding continental standards on data protection and cybercrime that legally supplement Côte d'Ivoire's domestic Law No. 2013-450.
Data Protection Africa ↗The Ivorian Council of Ministers adopted the bill authorising ratification of the 2014 African Union Convention on Cyber Security and Personal Data Protection; the instrument was formally deposited with the AU in April 2023, making Côte d'Ivoire one of the 15 states that triggered the Convention's entry into force.
KOACI ↗Adopted by referendum on 30 October 2016, the new Ivorian Constitution enshrines the right to privacy, including protection of personal data, under Article 8, providing explicit constitutional foundation for data protection legislation and entrenching it against ordinary legislative repeal.
Constitute Project ↗Enacted the same day as Law No. 2013-450, this cybercrime law criminalises unauthorised access, data interception, digital fraud, and online privacy violations, providing the criminal-law complement to the administrative data protection regime and addressing cyber-enabled personal data breaches.
Droit-Afrique ↗Côte d'Ivoire's primary data protection law, implementing the ECOWAS 2010 Supplementary Act, establishes consent-based processing rules, data subject rights (access, rectification, erasure, objection), mandatory prior declaration or authorisation with ARTCI, restrictions on sensitive data and cross-border transfers, and criminal penalties — designating ARTCI as the independent supervisory authority and making Côte d'Ivoire among the earliest West African states with a comprehensive data protection law.
ARTCI ↗All 15 ECOWAS member states — including Côte d'Ivoire — became bound by this regional framework requiring national data protection laws and independent supervisory authorities built on the principles of legality, purpose limitation, proportionality, and data subject rights; it directly triggered Côte d'Ivoire's subsequent enactment of Law No. 2013-450.
GhaLII / ECOWAS ↗Côte d'Ivoire - other topics
Data & Privacy in other countries
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →