The digital birthday

By Judith Ama AFENYI-DONKOR Esq.,

From the moment we are born, our identity begins to take shape marked by names, fingerprints, and faces that distinguish us in the physical world. Yet in today’s interconnected age, another version of us is born a digital self-composed of data, profiles, and interactions.

Every post, search, or upload becomes a lasting trace, a static reflection of who we once were. This digital identity cannot be touched or seen, but it carries immense influence over how we live, work, and are perceived.

From Physical Identity to Digital Existence

In the past, identity was verified through physical documents, a passport, a voter ID, or a birth certificate. Today, it is validated through data: usernames, passwords, and online activity. The two are now inseparably linked.

Just as we depend on a national ID to confirm citizenship, we rely on digital credentials to prove our existence online. Losing control of either can be disastrous, but the theft of one’s digital identity can destroy reputations, finances, and trust within seconds.

Legal Recognition of Digital Identity

Article 18(2) of the 1992 Constitution, guarantees the right to privacy of communication, stating that no person shall be subjected to interference except as permitted by law. This establishes privacy as a constitutional right and extends naturally to personal data in the digital age.

The Electronic Transactions Act, 2008 (Act 772), the Electronic Communications Act, 2008 (Act 775), the Data Protection Act, 2012 (Act 843), and the Cybersecurity Act, 2020 (Act 1038) translate this right into practice. Act 772 gives legal recognition to electronic records and signatures once they reflect genuine consent, Act 775 safeguards user privacy by requiring service providers to protect subscriber information and maintain the confidentiality of communications while Act 843 ensures personal data is collected and processed fairly, lawfully, and securely.

Complementing these, Act 1038 establishes a central authority to oversee cybersecurity, prevent cybercrimes, and protect Critical Information Infrastructure, thereby creating a safer ecosystem for digital identities to exist. Together, these Acts form Ghana’s digital rights architecture protecting how citizens communicate, transact, and exist online.

Consent and Digital Agreements

Consent lies at the heart of data protection. In the digital space, it often appears through clickwrap, shrinkwrap, and browsewrap agreements. Though not expressly mentioned in Ghanaian law, these forms align with the Electronic Transactions Act, 2008 (Act 772), which gives legal effect to electronic records, contracts, and signatures. Clickwrap agreements, where users actively click “I agree,” represent clear consent. Shrinkwrap agreements imply consent through product use, while browsewrap agreements, based on mere website visits are harder to enforce.

The Canadian case South West Terminal Ltd v. Achter Land & Cattle Ltd (2023 SKKB 116) illustrates this evolving concept, holding that a thumbs-up emoji could serve as a valid e-signature. It shows that what matters is not the form of the signature but the intent it conveys.

Similarly, Act 772 per Section 10 recognizes that electronic signatures are valid if they reliably identify the signatory and demonstrate intent. This includes methods like biometrics or digital keys. An electronic signature is vital to digital identity because it verifies who a person is and confirms their intent in online transactions. It provides legal validity and security, ensuring that digital actions genuinely represent the individual. By doing so, it builds trust and accountability in the digital space.Top of FormBottom of Form

Identity Theft and the Ghanaian Experience

The case of Justice Noah Adade v. Bolt Ghana Limited & Bolt Holding OU (C11/003/2023) highlights the dangers of identity misuse. Justice Adade discovered his name and photo were used on the Bolt App to register a driver account without his consent. His employee, Peter Walker, admitted to the impersonation. The court held the defendants liable, emphasizing that data controllers must protect users’ personal data. The plaintiff was entitled to compensation for distress and breach of privacy.

This case underscores that data protection is not just administrative compliance, it is the protection of personhood. Losing control of digital identity can damage reputation, finances, and dignity.

Ethical and Social Dimensions

Beyond legal duties, our digital identity raises deeper ethical and social questions. Each photo, comment, or click shapes how others see us; it becomes part of who we are. Being truthful, respectful, and thoughtful online is therefore not just good behaviour; it is a moral responsibility. When we act responsibly in digital spaces, we help preserve trust, dignity, and the sense of community that technology should promote. In essence, the same values that guide us in the physical world must follow us into the digital one.

Comparative Lessons

Globally, digital identity is recognized as central to individual autonomy. The European Union’s GDPR grants citizens the “right to be forgotten,” allowing deletion of personal data that no longer serves a lawful purpose. South Africa’s POPIA enforces transparency and accountability in data handling. Ghana’s framework aligns with these principles but needs stronger enforcement and public awareness. A more empowered Data Protection Commission and continuous education are vital for realizing these rights.

The Way Forward

To ensure a secure digital ecosystem, Ghana aligns with key continental and regional frameworks, including the ECOWAS Supplementary Act on Personal Data Protection A/SA.6/12/2018, the African Union, Digital Transformation Strategy for Africa (2020–2030) (African Union Commission 2020), and the AfCFTA Protocol on Digital Trade. These instruments emphasize harmonized standards, cross-border cooperation, and digital trust elements essential for securing data across African digital markets.

Safeguarding digital identity requires collective responsibility among the state, corporate entities, and individuals. The state must take the lead by enforcing existing laws, particularly the Data Protection Act, through strict oversight and meaningful sanctions for violations.

The Data Protection Commission must be adequately empowered to ensure compliance and hold both public and private institutions accountable for mishandling personal data while the Cyber Security Authority protects digital systems and coordinates responses to cyber threats

At the same time, public education is crucial. Citizens need to understand their data rights, recognize the value of their personal information, and learn simple protective habits such as verifying digital platforms before sharing sensitive details.

Institutions, for their part, must strengthen transparency by openly reporting how personal data is collected, stored, and used. On a broader level, international collaboration is indispensable; data flows freely across borders, and so must the legal safeguards.

Ultimately, every individual also bears personal responsibility by using strong passwords, enabling two-factor authentication, and limiting the personal information shared online. These measures, though simple, form the foundation of a secure and trustworthy digital society.

Conclusion

We now exist in two intertwined worlds, the physical and the digital. While our physical selves change with time, our digital profiles remain fixed unless the law and society recognize our right to evolve. Protecting personal data is, therefore, not just a technical task but a constitutional and moral duty. It is an assertion of personhood in the digital realm. Our data is an extension of ourselves, and its protection safeguards our dignity, trust, and belonging in an increasingly digital society. To be whole in the 21st century is to exist securely in both worlds; physical and digital ensuring that who we are remains ours, in every sense.

The writer is a Lawyer at Ghartey & Ghartey Law Firm, specializing in Information Technology Law, Human Rights Law, and Family Law