Privacy Regulations in São Tomé and Príncipe

Continental framework treaty bundling data protection, cybercrime, cybersecurity, and e-commerce. Does not directly regulate websites but sets minimum standards for national laws. Took 9 years to reach the 15-ratification threshold. South Africa notably has not ratified.

Sao Tome and Principe's data protection law modeled on EU Directive 95/46/EC. The ANPDP is relatively active compared to many Central African peers. Data controllers must notify the ANPDP at least 8 days before processing begins. Separate penalty tiers apply for individuals (STN 50M-120M) and legal entities (STN 250M-500M), with criminal liability for intentional violations.