Data protection & privacy laws in Sudan (2026)

Sudan has not enacted a general personal-data protection statute; data-protection trackers classify it as having 'no data protection legislation, although various sectoral laws are of relevance.'

Article 54 of the 2019 Constitutional Charter for the Transitional Period protects privacy, providing that no one's privacy may be violated nor their private/family life, home, or correspondence interfered with except by law.

Relevant provisions sit in the Electronic Transactions Act 2007, the Cybercrime (Information Technology Crime) Act 2007, and the 2020 Cybercrime amendment — addressing unauthorized access and interception rather than systematic personal-data protection.

Sudan has no independent data-protection authority (DPA); there is no body providing oversight of how government or private entities process personal data, which is widely cited as a key enforcement gap.

A draft Data Protection Bill proposed around 2018 sought to set rules for collection, storage, processing, and sharing of personal data, but it has never been passed and remains dormant amid political upheaval and the post-2023 conflict.

Vague terms such as 'competent authority' in cybercrime law allow telecom operators to disclose user data to security agencies without a court order, and weak resources undermine any privacy protection in practice.