The purpose of this paper is to provide a critical assessment of the legal and institutional frameworks on data protection in Mauritius. The focus is on the Data Protection Act and the Data Protection Office and the extent to which they are effective in fostering a culture of data protection in relevant organisations.
This paper adopts the doctrinal legal research as a methodology which is characterised by the analysis of legal rules including constitutional, legislative provisions, judicial precedents as well as other legal norms relevant to the issue of data protection. An analytical and interpretive approach is undertaken to address the question of this research.
Mauritius’ data protection framework, while aligning with international best practices, has several deficiencies that hinder effective enforcement of privacy rights. The DPA (2017) lacks a structured enforcement regime, weakening the long-term sustainability of data protection efforts. The lack of awareness among data subjects and organisations’ failure to prioritise compliance also contributes to a culture of regulatory inertia. The question remains whether Mauritius’ data protection laws are truly capable of ensuring privacy is respected, protected and upheld in practice, rather than just a regulatory foundation.
This paper contributes to the academic and practical debate on data protection from a legal perspective. This is an area in which there is a dearth of research specifically focusing on the data protection legislation and the related institutions. It has the potential of contributing towards further research by Mauritian and foreign scholars and students.
