The Law No. 2019-014 on the protection of personal data provides a comprehensive regime of data protection in Togo. Law No. 2019-014 governs the collection, processing, transmission, storage, and utilisation of personal data in the country. This legislation mandates the establishment of the Togolese Data Protection Authority (IPDCP) and stipulates the appointment of data protection officers.

According to Art. 95 of Togo’s 2012 Electronic Communication Law, cryptology services providers are required to keep for one year content and data allowing the identification of anyone who has used their services and provide the technical means that enable the identification of those users.

Art. 63 of Law No. 2017-07 of June 22, 2017 on Electronic Transactions requires service providers to hold and retain, at least for a period of one year, data of such a nature as to allow the identification of anyone who has contributed to the creation of the content or any of the content of the services they provide.

Togo has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

Togo has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

Art. 94 of the Electronic Communication Law obliges encryption service providers to comply with lawful interception orders. Refusal to provide secret decryption codes to government agencies is punishable by a fine between USD 3,544 and USD 14,178. However, Art. 628 of Law No. 2015-10 of November 24, 2015 on the New Penal Code refers to the criminal offence against disclosure of information pertaining to a company's business secret.

Togo does not have comprehensive trade secret legislation. Yet, there are provisions addressing disclosure, acquisition or use of confidential information in the course of industrial or commercial activities by third parties in Art. 6 of Annex VIII of the Bangui Agreement ratified by 17 French-speaking States, including Togo, since 2002.

It is reported that there is an obligation for passive infrastructure sharing in Togo to deliver telecom services to end users. It is practised in both the mobile and fixed sectors based on commercial agreements.

The incumbent telecommunications company in Togo, TogoCom, initially fully owned by the government, underwent partial privatisation under Decree No. 2019-142/PR. This decree permitted up to 51% of the company’s shares to be transferred to the private sector, resulting in a 51% acquisition by Agou Holding consortium, made up of the Madagascan conglomerate Axian (majority) and the capital-investor Emerging Capital Partners (ECP). Although no legal framework restricts foreign capital in the telecommunications sector, the Togolese Government maintains a 49% stake.

TogoCom, the incumbent telecommunications company in Togo, has been opened to the private sector, but the State still holds 49% of the shares. TogoCom is the de facto monopoly provider of fibre backbone connectivity to ISPs and other content and data providers.

It is reported that Togo mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market.

There is no discrimination in licensing between nationals and foreigners. However, there is the possibility of limiting the number of licenses by decree of the Council of Ministers (Article 5.2 of the Law on Electronic Communications). All individual licenses are issued by order of the minister in charge of the electronic communications sector after authorisation by decree of the Council of Ministers. There is also an authorisation scheme which prevails for the establishment and operation of independent networks and the use of radio frequencies (Article 9). It is also reported that there are minimum capital requirements to obtain a license, although the amount is not specified.

Togo has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Togo has a telecommunications authority: Autorité de Régulation des Communications Électroniques et des Postes (ARCEP). However, it is reported that this entity is not fully independent.

Art. 28 of Law No. 2019-014 on the protection of personal data states that data can only be transferred abroad if the third country ensures an adequate level of privacy protection. Art. 29 permits a transfer of data provided that the transfer is one-off, not massive and that the person to whom the data relates has expressly consented to its transfer, or if the transfer is necessary under specific conditions. Moreover, according to Art. 30, the Data Protection Authority may authorise the transfer of data if the data controller provides sufficient guarantees with regard to the protection of privacy, fundamental rights and freedoms of the persons concerned and the exercise of the corresponding rights.