Data & Privacy · Sierra Leone
Data protection & privacy laws in Sierra Leone (2026)
Sierra Leone shaded by its data & privacy status
As of May 2026, Sierra Leone has no enacted comprehensive data-protection statute and no dedicated data-protection authority. A GDPR- and AU Malabo Convention-aligned Data Protection and Right to Access Information Bill, 2025 has been drafted and nationally validated (final validation concluded 7 November 2025) and is awaiting Cabinet approval and parliamentary enactment. In the interim, only narrow sector provisions in the Telecommunications Act 2006 and Cyber Security and Crime Act 2021 address aspects of privacy.
Key points
Sierra Leone currently lacks a dedicated, omnibus personal-data protection statute and a standalone data-protection regulator; protection is fragmentary.
The Data Protection and Right to Access Information Bill, 2025 has been drafted and is being advanced by the Ministry of Information and Civic Education; it is intended to be Sierra Leone's first comprehensive data-protection law.
Government concluded the final national validation of the Bill on 7 November 2025; next steps are Cabinet approval followed by presentation to Parliament for enactment.
The Bill would establish a single independent commission responsible for both data protection and access to information, giving citizens rights to know how their personal data is collected, stored and used.
The draft is reported to align with the EU GDPR and the African Union's Malabo Convention on Cyber Security and Personal Data Protection, partly to support trade and data-standard interoperability.
Pending the new law, limited privacy-relevant provisions exist in the Cyber Security and Crime Act, 2021 (in force since Nov 2021) and the Telecommunications Act, 2006 covering data handled by network operators.
Sierra Leone - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →