Dn an increasingly digitalized world, the protection of personal data has become a major issue for States and businesses. In Morocco, law 09-08 has regulated the processing of personal data since 2009.
It made it possible to provide Morocco with a legal framework for the protection of personal data. It defines the rights of data subjects, imposes obligations on data controllers, and establishes sanctions in the event of non-compliance.
With the current version of 09-08, there are already many positive things,” observes the president of the CNDP, Omar Seghrouchni “But there are still things to be clarified and completed”
“With the current version of 09-08, there are already a lot of positive things,” observes the president of the CNDP, Omar Seghrouchni. But faced with technological developments and the new challenges that result from them, an overhaul of this legislation now seems necessary, in the opinion of specialists.
“We’re not really saying we’re missing things”specifies our interlocutor. But still? “There are rather things to clarify and complete.”
The challenges posed by new technologies
The rise of technologies such as artificial intelligence, big data and the Internet of Things has profoundly changed the way personal data is collected, processed and used. These technological developments, while offering numerous opportunities, also raise new questions regarding the protection of privacy.
Law 09-08, designed before the emergence of these technologies, does not sufficiently take these new issues into account. This discrepancy creates a legal gap which could expose Moroccan citizens to increased risks in terms of the protection of their personal data.
Harmonization of national legislation with international standards would strengthen the confidence of investors and international partners in the Moroccan digital ecosystem.
In a context of globalization of data exchanges, the harmonization of national legislation with international standards has become crucial. The European General Data Protection Regulation (GDPR), which came into force in 2018, is now a global benchmark in this area.
Omar Seghrouchni is categorical: “We must act to make the law compatible with the international context.” This harmonization is essential for several reasons. On the one hand, it would make it possible to secure data exchanges with the European Union, a major economic partner for Morocco. On the other hand, it would strengthen the confidence of international investors and partners in the Moroccan digital ecosystem.
The president of the CNDP agrees: “By getting closer to the international context, we are helping to strengthen Morocco’s capacities to consolidate its position as a digital hub, particularly between Europe and Africa.”
This ambition to position Morocco as a major digital player requires a regulatory framework aligned with best international practices. The other continents, the two Americas and Asia, are not forgotten.
Towards increased corporate responsibility
The evolution of Law 09-08 should also aim to involve Moroccan companies more in the protection of personal data. It is no longer simply a question of complying with legal obligations, but of making data protection a real strategic issue and a lever for competitiveness.
In the opinion of several specialists, companies must be encouraged to invest in robust security infrastructures and to put in place clear internal policies regarding the management of personal data.
This proactive approach would not only better protect citizens, but also strengthen the confidence of consumers and business partners. As the president of the CNDP points out, “trust is essential for users and for the market.”
Indeed, in a digital world where data has become the new black gold, user trust is a key success factor for businesses. It is in this sense that one of the key points in the evolution of Law 09-08 concerns the strengthening of the control and sanctions system.
More dissuasive sanctions could thus help create a safer digital environment for Moroccan citizens”
The president of the CNDP insists on the need to “strengthen the control and sanctions system to reach a dissuasive level.” This development would ensure better enforcement of the law and provide stronger incentives for businesses to comply with data protection requirements.
More dissuasive sanctions could thus help create a safer digital environment for Moroccan citizens. Alongside the strengthening of sanctions, the president of the CNDP evokes the need to “reduce the processing of files, a priori upstream”.
Enough to make the system more flexible and responsive, allowing companies to implement their data processing more quickly, while maintaining rigorous a posteriori control.
This would make it possible to instill a logic of accountability among stakeholders, while preserving the capacity of the CNDP to exercise effective control over practices regarding the processing of personal data.
Restoring trust
The president of the CNDP also underlines the importance of “highlighting the independence of the Commission, even if it already operates independently”
The president of the CNDP also underlines the importance of “highlight the independence of the Commission, even if it already operates independently”. This clarification in the law would strengthen the legitimacy and credibility of the CNDP in the eyes of citizens and economic actors.
It goes without saying that an independent supervisory authority is indeed essential to guarantee impartial and effective application of the law on the protection of personal data. This independence is also an important criterion for alignment with international standards, in particular the European GDPR.
Confidence also requires a change in the law perceived, not as an additional constraint, but as an opportunity to accelerate Morocco’s digital transformation. By strengthening user and investor confidence, a modernized legal framework can stimulate innovation and the adoption of new technologies.
In the opinion of our interlocutor, this trust is a prerequisite for the development of new digital services and for the emergence of a dynamic and innovative digital ecosystem in Morocco.
The president of the CNDP insists on this point, stressing that strengthening data protection contributes to consolidating Morocco’s position as a digital hub, particularly between the two continents.
Because, by strengthening the protection of personal data, Morocco is not only protecting its citizens, but it is also laying the foundations for a trusted digital economy, capable of attracting investments and establishing itself at the forefront of the international scene.
