Balancing Innovation and Privacy: A Framework for Personal Data Protection in AI-Enhanced Higher Education in Africa

Abstract

As African universities increasingly adopt AI technologies for teaching, research, learning, and administration, concerns arise about safeguarding the personal data and privacy of faculty, staff, and students. The adequacy of existing legal frameworks to protect personal information amidst these immersive technologies remains uncertain. This study examines how African universities can balance leveraging AI-enhanced educational opportunities while protecting data privacy rights. Using the Technology-Organization-Environment (TOE) framework, the study employed an explanatory sequential mixed-methods approach across universities in South Africa, Kenya, and Ghana. Quantitative data from 90 participants were analysed using SPSS (t-tests, regression, ANOVA, chi-square, correlation), while qualitative data from key informants were thematically analysed using NVivo. Findings indicate moderate AI adoption in African universities, with Kenya showing the highest rate, followed by South Africa and Ghana. Technological context and organisational readiness significantly influenced positive perceptions of data protection. However, weak enforcement of Ghana's Data Protection Act, South Africa's POPIA, and Kenya's Data Protection Act negatively impacted trust. Qualitative insights revealed poor policy communication, insufficient staff training, and widespread distrust in regulatory institutions. The study proposes a three-pillar framework to guide African universities towards robust data protection and ethical AI integration, focussing on institutional accountability, privacy by design, and effective legal enforcement as crucial for fostering trust in AI-driven educational systems. The research recommends strengthening institutional policies and capacity, urging universities to develop and implement comprehensive data protection policies aligned with both national and international standards.

Keywords

data protection Artificial Intelligence (AI)ethical AI privacy by design TOE framework

Get full access to this article

View all access options for this article.

References

Adetunji

(2024). Leveraging Artificial Intelligence and Adaptive Learning Platforms to Personalize Education and Improve Student Outcomes in Diverse Classrooms. International Journal of Computer Applications Technology and Research, 13(10), 134–148. https://doi.org/10.7753/IJCATR1310.1013

Adeyemo

K. S.

(2023). The status of digital innovation and data security in South African higher education. South African Journal of Higher Education, 37(2), 26–39. https://doi.org/10.20853/37-2-5001

African Union . (2014). African union convention on cyber security and personal data protection. African Union Commission.

African Union . (2020). Digital transformation strategy for Africa (2020–2030). African Union Commission. https://au.int/en/documents/20200219/digital-transformation-strategy-africa-2020-2030

Albrecht

J. P.

(2016). How the GDPR will change the world. European Data Protection Law Review, 2(3), 287–289. https://doi.org/10.21552/edpl/2016/3/4

Alsheibani

Messom

Cheung

Alhosni

(2020). Artificial intelligence beyond the hype: Exploring the organisation adoption factors. In: Proceedings of the 53rd Hawaii international conference on system sciences, Maui, Hawaii, USA, 7-10 January 2020.

Baker

(2011). The technology–organization–environment framework. In Dwivedi

Y. K.

Wade

M. R.

Schneberger

S. L.

(Eds.), Information systems theory: explaining and predicting our digital society (1, pp. 231–245). Springer.

Bervell

Umar

I. N.

(2020). Blended learning or face-to-face? Does tutor anxiety prevent the adoption of learning management systems for distance education in Ghana? Open Learning: The Journal of Open, Distance and E-Learning, 35(2), 159–177. https://doi.org/10.1080/02680513.2018.1548964

Bishop

Drevin

Futcher

Leung

W. S.

Miloslavskaya

Moore

E. L.

von Solms

(2021). A brief history and overview of WISE. In IFIP world conference on information security education (pp. 3–9). Springer International Publishing.

10.

Bouke

M. A.

Abdullah

Alshatebi

S. H.

Atigh

H. E.

Cengiz

(2023). African union convention on cyber security and personal data protection: Challenges and future directions. arXiv preprint arXiv:2307.01966.

11.

Braun

Clarke

(2006). Using thematic analysis in psychology. Qualitative research in psychology, 3(2), 77–101.

12.

Cavoukian

(2009). Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, 5(2009).

13.

Chiu

T. K.

Ahmad

Ismailov

Sanusi

I. T.

(2024). What are artificial intelligence literacy and competency? A comprehensive framework to support them. Computers and Education Open, 6, 100171. https://doi.org/10.1016/j.caeo.2024.100171

14.

Couldry

Mejias

U. A.

(2019). Data colonialism: Rethinking big data’s relation to the contemporary subject. Television & New Media, 20(4), 336–349. https://doi.org/10.1177/1527476418796632

15.

Danezis

Domingo-Ferrer

Hansen

Hoepman

J. H.

Metayer

D. L.

Tirtea

Schiffner

(2015). Privacy and data protection by design: From engineering policy. arXiv preprint arXiv:1501.03726.

16.

Denhere

Moloi

(2021). Readiness of public TVET for the fourth industrial revolution: The case of South Africa. In: Proceedings of the international conference on business and management dynamics, Singapore, 08 June 2021.

17.

Dhirani

L. L.

Mukhtiar

Chowdhry

B. S.

Newe

(2023). Ethical dilemmas and privacy issues in emerging technologies: A review. Sensors, 23(3), 1151. https://doi.org/10.3390/s23031151

18.

Erdmann

Toro-Dupouy

(2025). The influence of the institutional environment on AI adoption in universities: Identifying value drivers and necessary conditions. European Journal of Innovation Management, 28(9), 4365–4398.

19.

Gaisie

Owusu-Boateng

Yidana

Ghansah

(2025). Ethical considerations and data privacy in artificial intelligence. In Unlocking the potential: Artificial intelligence in education (p. 58). Springer.

20.

Gangwar

Date

Ramaswamy

(2015). Understanding determinants of cloud computing adoption using an integrated TAM-TOE model. Journal of Enterprise Information Management, 28(1), 107–130. https://doi.org/10.1108/jeim-08-2013-0065

21.

Greenleaf

(2012). The influence of European data privacy standards outside Europe: Implications for globalisation of convention 108. International Data Privacy Law, 2(2), 68–92. https://doi.org/10.1093/idpl/ips006

22.

Greenleaf

Cottier

(2020). 2020 marks the end of a decade of 62 new data privacy laws. Privacy Laws & Business International Report, (169), 1–10. https://www5.austlii.edu.au/au/journals/UNSWLRS/2020/39.pdf

23.

Guadu

(2025). Artificial intelligence in African higher education: Uses, misuses, and ethical dilemmas. Advances in Artificial Intelligence and Machine Learning, 5(3), 4196–422. https://doi.org/10.54364/AAIML.2025.53234

24.

Gwagwa

Kraemer-Mbula

Rizk

Rutenberg

De Beer

(2020). Artificial intelligence (AI) deployments in Africa: Benefits, challenges and policy dimensions. The African Journal of Information and Communication, [Preprint](26), 1–28. https://doi.org/10.23962/10539/30361

25.

Hoofnagle

C. J.

Van Der Sloot

Borgesius

F. Z.

(2019). The European Union general data protection regulation: What it is and what it means. Information and Communications Technology Law, 28(1), 65–98. https://doi.org/10.1080/13600834.2019.1573501

26.

Hwang

T. J.

Rabheru

Peisah

Reichman

Ikeda

(2020). Loneliness and social isolation during the COVID-19 pandemic. International Psychogeriatrics, 32(10), 1217–1220. https://doi.org/10.1017/S1041610220000988

27.

Iacovou

C. L.

Benbasat

Dexter

A. S.

(1995). Electronic data interchange and small organizations: Adoption and impact of technology. MIS Quarterly, 19(4), 465–485. https://doi.org/10.2307/249629

28.

Ifenthaler

Yau

J. Y. K.

(2020). Utilising learning analytics to support study success in higher education: A systematic review. Educational Technology Research & Development, 68(4), 1961–1990. https://doi.org/10.1007/s11423-020-09788-z

29.

Ikejiaku

B. V.

(2018). The role of law and the rule of law in the economic development process: Quest for new directions and approaches in international development law regime. Denver Journal of International Law and policy, 47(1), 51. https://digitalcommons.du.edu/djilp/vol47/iss1/3

30.

Joseph Mbembe

(2016). Decolonizing the university: New directions. Arts and Humanities in Higher Education, 15(1), 29–45. https://doi.org/10.1177/1474022215618513

31.

Khoalenyane

N. B.

Ajani

O. A.

(2024). A systematic review of artificial intelligence in higher education, South Africa. Social Sciences and Education Research Review, 11(1), 17–26. https://doi.org/10.5281/zenodo.15258127

32.

Knox

(2020). Artificial intelligence and education in China. Learning, Media and Technology, 45(3), 298–311. https://doi.org/10.1080/17439884.2020.1754236

33.

Kuner

(2017). The internet and the global reach of EU law. In Cremona

Scott

(Eds.), EU law beyond EU borders: The extraterritorial reach of EU law (pp. 112–145). Oxford University Press.

34.

Kwao

G. P.

Kanubala

D. D.

Sonna

(2023). AI ethics education for future African leaders. In AI ethics in higher education: Insights from Africa and beyond (p. 87). Springer.

35.

(2022). Data privacy, human rights, and algorithmic opacity. California Law Review, 110(6), 2087–2147. https://doi.org/10.15779/Z38804XM07

36.

Luckin

Cukurova

Kent

Du Boulay

(2022). Empowering educators to be AI-ready. Computers and Education: Artificial Intelligence, 3, 100076. https://doi.org/10.1016/j.caeai.2022.100076

37.

Macharia

J. K.

Pelser

T. G.

(2014). Key factors influencing the diffusion and adoption of information and communication technologies in Kenyan higher education. Studies in Higher Education, 39(4), 695–709. https://doi.org/10.1080/03075079.2012.729033

38.

Makulilo

A. B.

(2016). The context of data privacy in Africa. In Makulilo

A. B.

(Ed.), African data privacy laws (pp. 3–23). Springer International Publishing.

39.

Mannion

(2020). Data imperialism: The GDPR’s disastrous impact on Africa’s e-commerce markets. Vanderbilt Journal of Transnational Law, 53(2), 685. https://scholarship.law.vanderbilt.edu/vjtl/vol53/iss2/6

40.

Martins

Oliveira

Thomas

Tomás

(2019). Firms’ continuance intention on SaaS use–an empirical study. Information Technology & People, 32(1), 189–216. https://doi.org/10.1108/itp-01-2018-0027

41.

Miao

Holmes

(2021). AI and education: A guide for policymakers. UNESCO Publishing.

42.

Mukhongo

P. D.

(2021). An analysis of the determinants of implementation of information technology projects by commercial banks in Kenya. Doctoral dissertation. Jomo Kenyatta University of Agriculture and Technology.

43.

Munung

N. S.

Staunton

Mazibuko

Wall

P. J.

Wonkam

(2024). Data protection legislation in Africa and pathways for enhancing compliance in considerable data health research. Health Research Policy and Systems, 22(1), 145. https://doi.org/10.1186/s12961-024-01230-7

44.

Ndalila

M. N.

Lala

Makindi

S. M.

(2024). Community perceptions on wildfires in Mount Kenya forest: Implications for fire preparedness and community wildfire management. Fire Ecology, 20(1), 92. https://doi.org/10.1186/s42408-024-00326-3

45.

Owan

V. J.

Abang

K. B.

Idika

D. O.

Etta

E. O.

Bassey

B. A.

(2023). Exploring the potential of artificial intelligence tools in educational measurement and assessment. Eurasia Journal of Mathematics, Science and Technology Education, 19(8), em2307. https://doi.org/10.29333/ejmste/13428

46.

Prinsloo

Kaliisa

(2022). Data privacy on the African continent: Opportunities, challenges and implications for learning analytics. British Journal of Educational Technology, 53(4), 894–913. https://doi.org/10.1111/bjet.13226

47.

Prinsloo

Slade

(2016). Student vulnerability, agency and learning analytics: An exploration. Journal of Learning Analytics, 3(1), 159–182. https://doi.org/10.18608/jla.2016.31.10

48.

Sangwa

Ngobi

Ekosse

Mutabazi

(2025). AI governance in African higher education: Status, challenges, and a future-proof policy framework. SSRN. https://ssrn.com/abstract=5386204

49.

Selwyn

(2019). What’s the problem with learning analytics? Journal of Learning Analytics, 6(3), 11–19. https://doi.org/10.18608/jla.2019.63.3

50.

Slade

Prinsloo

(2013). Learning analytics: Ethical issues and dilemmas. American Behavioral Scientist, 57(10), 1510–1529. https://doi.org/10.1177/0002764213479366

51.

Tornatzky

L. G.

Fleischer

(1990). The Processes of Technological Innovation. Lexington: Lexington Books.

52.

Veale

Binns

(2017). Fairer machine learning in the real world: Mitigating discrimination without collecting sensitive data. Big Data & Society, 4(2), 2053951717743530. https://doi.org/10.1177/2053951717743530

53.

Voigt

von dem Bussche

(2017). The EU general data protection regulation (GDPR): A practical guide. Springer International Publishing.

54.

Wang

Gao

Huang

Liu

Chandak

Liu

Van Katwyk

Deac

Anandkumar

Bergen

Gomes

C. P.

Kohli

Lasenby

Leskovec

Liu

T.-Y.

Manrai

Zitnik

(2023). Scientific discovery in the age of artificial intelligence. Nature, 620(7972), 47–60. https://doi.org/10.1038/s41586-023-06221-2

55.

Williamson

(2021). Making markets through digital platforms: Pearson, edu-business, and the (e)valuation of higher education. Critical Studies in Education, 62(1), 50–66. https://doi.org/10.1080/17508487.2020.1737556

56.

Zawacki-Richter

Marín

V. I.

Bond

Gouverneur

(2019). Systematic review of research on artificial intelligence applications in higher education–where are the educators? International Journal of Educational Technology in Higher Education, 16(1), 1–27. https://doi.org/10.1186/s41239-019-0171-0

57.

Zhu

Dong

S. X.

Kraemer

K. L.

(2006). Innovation diffusion in global contexts: Determinants of post-adoption digital transformation of European companies. European Journal of Information Systems, 15(6), 601–616. https://doi.org/10.1057/palgrave.ejis.3000650