TELECOMUNICATIONS/ICT REGULATIONS AND MOBILE INSURANCE Abidjan, May 2016 Presented by Stephan Ahoussou K. Legal Council – ARTCI

CONTENTS I. INTRODUCTION II. ELECTRONIC TRANSACTIONS AND MOBILE INSURANCE III. PERSONAL DATA AND MOBILE INSURANCE IV. CONCLUSION AND RECOMMENDATIONS 2

3 INTRODUCTION  The high penetration rate of smartphones in African countries and the development of ICTs has led to a new era of innovation in all sectors, including Telecommunications/ICTs and Insurance.  The cooperation between telecom operators and the insurance industry has given birth to new insurance products, among which mobile insurance.  In Côte d'Ivoire, several actors are involved in the mobile insurance ecosystem; these services are offered by three (3) mobile network operators (MNOs)—ORANGE, MTN and MOOV.  Using Orange Money, ORANGE clients can buy insurance: SUNU ASSURANCES.  Using MTN Mobile Money, MTN allows its subscribers to pay insurance savings plan and funeral insurance premiums (ALLIANZ EPARGNE, OBSEQUES & NAF MOBILE).  Using FLOOZ, MOOV allows its subscribers to pay insurance premiums for GTA C2A- VIE.

INTRODUCTION  These bilateral activities are covered by several bodies of legislation, including that on electronic transactions and the protection of personal data.  In Côte d'Ivoire, the legal framework on Electronic Transactions and the protection of personal data is composed of:  Law No of 30 July 2013, on Electronic Transactions;  Law No of 19 June 2013, on the Protection of Personal data;  Law No of 19 June 2013, on the fight against Cybercrime;  Decree No of 21 December 2011, on the Identification of Subscribers to Telecommunication Services open to the public;  Decree No of 12 March 2014, on the Provision of Cryptology Services; and  Decree No of 12 March 2014, on the Conditions for Establishing and Conserving written and signatures in electronic format. 4

 Electronic transactions are exchanges or transactions of any nature that take the form of a message or digital document.  Mobile insurance is attached to mobile money because it uses the rails set up by the said service for the payment of premiums or claims.  Therefore, mobile insurance is a mobile financial service that falls under the scope of Law No of 20 July 2013 on Electronic Transactions.  According to the Alliance for Financial Inclusion (AFI), mobile financial services (MFSs) refer to the use of mobile phones to access financial services and make financial transactions. 5 ELECTRONIC TRANSACTIONS AND MOBILE INSURANCE

 LAW ON ELECTRONIC TRANSACTIONS  Regulates the Exercise of E-Trade, notably by obliging sellers to inform their clientele of their identity. Failure to comply is punished by a prison sentence of 1 to 5 years and a fine of 1 to 10 million CFA francs. Identical sentence:  for failure to comply with rules on digital advertising (fine print, identification of the advertisement and the party for whom the advertisement is made)  applicable to all parties sending direct offers via messages sent through automatic calling or SMS systems without the consent of the recipient. 6 ELECTRONIC TRANSACTIONS AND MOBILE INSURANCE

 Recognises the legal value of e-signatures and electronic messages when they guarantee with certainty the identification of the signatories and message authentication.  Safeguards the confidentiality of communications through message encryption. 7 ELECTRONIC TRANSACTIONS AND MOBILE INSURANCE

 The ARTCI’s role in electronic transactions: In this area, ARTCI acts as the Certification Authority. As such, it:  audits and certifies the computer systems of businesses established in Côte d'Ivoire that conduct electronic transaction activities;  delivers electronic certificates; and  accredits electronic certification service-providers (ECSPs). 8 ELECTRONIC TRANSACTIONS AND MOBILE INSURANCE

 Law No of 19 June 2013 on the protection of personal data stipulates that all information on a physical person identified or able to be identified, directly or indirectly, whether by reference to an identification number or not, is personal data. (Concrete examples: name, address, phone number, etc.)  Mobile insurance is a means of payment for insurance products that relate to physical persons; the handling of information on policyholders is subject to the above-mentioned law.  The law on the protection of personal data sets the legal regime applicable to all handling of personal data, notably declaration and authorisation (Art. 5 to 13);  As such, it obliges both parties (telecom operator and insurance company) to request authorisation from ARTCI acting as Protection Authority prior to handling these data, and notably data on phone numbers (Art. 7). 9 PERSONAL DATA AND MOBILE INSURANCE

 All of the operations to be done in the framework of mobile insurance are subject to the fundamental principles of data handling (principles of correctness, legitimacy, finality, confidentiality and proportionality, transparency).  Establishments operating in the field of mobile insurance must designate a contact point for personal data protection. The Protection Authority is notified of the designated contact point. 10 PERSONAL DATA AND MOBILE INSURANCE

In addition to what is mentioned above, the law on the protection of personal data:  provides for penal sanctions against any Head of Data Handling that fails to comply with these provisions (Art. 14 to 25);  recognises several rights for the people whose data are handled (the right to be informed, the right to consult the data, the right to object, and the right to correct or remove data);  provides for penal sanctions for handling sensitive data (filiation, genetic data, sexual orientation) and direct prospecting without the prior consent of the people concerned (Art. 21 and 22). 11 PERSONAL DATA AND MOBILE INSURANCE

CONCLUSION AND RECOMMENDATIONS  The risks involved in electronic transactions and handling of personal data are inherent in cyberspace. The parties involved are therefore obliged to ensure the safety of transactions and the data handled.  The second risks is being sanctioned by the ARTCI, as Certification or Protection Authority depending on the field, in the event of failure to comply with the provisions of the laws.  In regard to the above and prior to being adopted, any regulations on mobile insurance must be submitted for opinion to the various Personal Data Protection and Electronic Certification Authorities of CIMA member states. 12

13 Thank you for your kind attention! Stephan Ahoussou K. Legal Affairs Department, ARTCI Stephan Ahoussou K. Legal Affairs Department, ARTCI