Skip to content
World Watch/Côte d'Ivoire/Data & Privacy

Data & Privacy · Côte d'Ivoire

Data protection & privacy law in Côte d'Ivoire (2026)

Comprehensive lawLaw No. 2013-450 of 19 June 2013 on the Protection of Personal Data; supervised by ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) via its dedicated DPA portal autoritedeprotection.ciCountry index 76 · B+

Côte d'Ivoire shaded by its data & privacy status

Data protection in Côte d'Ivoire: comprehensive law, under Law No. 2013-450 of 19 June 2013 on the Protection of Personal Data; supervised by ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) via its dedicated DPA portal autoritedeprotection.ci.

Côte d'Ivoire enacted a comprehensive personal data protection law in 2013 (Law No. 2013-450), modelled on the ECOWAS Supplementary Act on Personal Data framework. ARTCI functions as the independent supervisory authority with regulatory, investigative, and sanctioning powers. The law remains in force as of 2026, with ARTCI issuing updated biometrics guidance in 2024 and operating a National Registry of Data Protection Correspondents with a January 2026 registration deadline.

Key points

Primary legislation

Law No. 2013-450 of 19 June 2013 is the comprehensive statute governing collection, processing, storage, and transfer of personal data by any public or private entity operating in Côte d'Ivoire; it establishes core principles of fairness, purpose limitation, data minimisation, and storage limitation.

Supervisory authority

ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) is the designated data protection authority, operating as an independent administrative body with legal personality and financial autonomy; its data protection functions are accessible at autoritedeprotection.ci.

Registration obligation

Organisations must declare processing activities to ARTCI or obtain prior authorisation before processing personal data; ARTCI launched a National Registry of Data Protection Correspondents with a registration deadline of 31 January 2026, requiring designated in-house data protection contacts.

Data subject rights

Individuals hold rights to access, rectification, deletion, objection (including for direct marketing), and the right not to be subject to decisions based solely on automated processing that produce significant or adverse legal effects.

Cross-border transfers

Transfers to non-ECOWAS countries require prior ARTCI authorisation and are only permitted where the recipient country provides an equivalent or higher level of data protection (Articles 7 and 26 of Law No. 2013-450); intra-ECOWAS transfers benefit from freer flow under the ECOWAS Supplementary Act.

Sanctions

ARTCI may impose fines up to 10,000,000 CFA francs for violations; repeat breaches within five years attract fines up to 100,000,000 CFA francs or 5% of pre-tax annual turnover, capped at 500,000,000 CFA francs; criminal sanctions (imprisonment and higher fines) apply to the most serious offences.

Timeline - major decisions & events

May 18, 2026guidance
9th RAPDP Conference in Abidjan Adopts 2026–2030 Abidjan Declaration on Data Governance

African data protection authorities from 24 countries convened in Abidjan for the 9th RAPDP conference hosted by ARTCI, adopting a 2026–2030 continental roadmap targeting AI, digital platforms, and biometric data. The Declaration frames personal data protection as a pillar of state sovereignty and economic attractiveness across Africa.

Financial Afrik
Jun 6, 2024lawofficial
Law No. 2024-352 on Electronic Communications Enacted

A comprehensive 252-article electronic communications law restructured ARTCI's oversight of operators, embedding explicit data-related obligations for telecoms providers and strengthening consumer protections for digital services. It replaces the prior sector framework and operationalises data protection within the communications regulatory regime.

ARTCI
Sep 4, 2023enforcementofficial
ARTCI Issues Formal Enforcement Notices Against Predatory Mobile Lending Apps

After 10 named mobile lending applications failed to respond to ARTCI's August 2023 compliance ultimatum, ARTCI published a second communiqué exposing the apps by name and confirming formal mise en demeure notices — the most significant public enforcement action taken under Law No. 2013-450 to date, targeting systematic data misuse for blackmail and extortion.

ARTCI
Aug 8, 2023guidanceofficial
ARTCI Public Warning on Personal Data Abuse by Online Lending Applications

ARTCI issued a public communiqué alerting citizens to serious data protection violations by mobile lending apps — including harvesting contacts and photos for blackmail — and gave operators 10 days to comply with Law No. 2013-450; the first major regulatory alert specifically enforcing the 2013 data protection statute.

ARTCI
Jun 8, 2023law
AU Malabo Convention on Cybersecurity and Personal Data Protection Enters into Force

The African Union's Malabo Convention entered into force 30 days after Mauritania became the 15th ratifying state, with Côte d'Ivoire among the ratifiers; the Convention creates binding continental standards on data protection and cybercrime that legally supplement Côte d'Ivoire's domestic Law No. 2013-450.

Data Protection Africa
Feb 15, 2023law
Côte d'Ivoire Cabinet Approves Ratification of the AU Malabo Convention

The Ivorian Council of Ministers adopted the bill authorising ratification of the 2014 African Union Convention on Cyber Security and Personal Data Protection; the instrument was formally deposited with the AU in April 2023, making Côte d'Ivoire one of the 15 states that triggered the Convention's entry into force.

KOACI
Oct 30, 2016law
New Constitution of Côte d'Ivoire Adopted — Privacy Right Constitutionalised

Adopted by referendum on 30 October 2016, the new Ivorian Constitution enshrines the right to privacy, including protection of personal data, under Article 8, providing explicit constitutional foundation for data protection legislation and entrenching it against ordinary legislative repeal.

Constitute Project
Jun 19, 2013law
Law No. 2013-451 on Cybercrime Enacted Alongside Data Protection Law

Enacted the same day as Law No. 2013-450, this cybercrime law criminalises unauthorised access, data interception, digital fraud, and online privacy violations, providing the criminal-law complement to the administrative data protection regime and addressing cyber-enabled personal data breaches.

Droit-Afrique
Jun 19, 2013lawofficial
Law No. 2013-450 on Personal Data Protection — Côte d'Ivoire's Founding Data Protection Statute

Côte d'Ivoire's primary data protection law, implementing the ECOWAS 2010 Supplementary Act, establishes consent-based processing rules, data subject rights (access, rectification, erasure, objection), mandatory prior declaration or authorisation with ARTCI, restrictions on sensitive data and cross-border transfers, and criminal penalties — designating ARTCI as the independent supervisory authority and making Côte d'Ivoire among the earliest West African states with a comprehensive data protection law.

ARTCI
Feb 16, 2010law
ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection Adopted

All 15 ECOWAS member states — including Côte d'Ivoire — became bound by this regional framework requiring national data protection laws and independent supervisory authorities built on the principles of legality, purpose limitation, proportionality, and data subject rights; it directly triggered Côte d'Ivoire's subsequent enactment of Law No. 2013-450.

GhaLII / ECOWAS

Côte d'Ivoire - other topics

Data & Privacy in other countries

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →