The Consumer Protection Act 2020 (No. 7) and the Electronic Transactions Act 2019 (No. 11) provide a comprehensive framework for consumer protection that also applies to online transactions. Although online purchases are not explicitly mentioned in the Consumer Protection Act, the law seems to apply to the supply of all goods and services in trade or commerce in the country, according to Section 1 of the Act. On the other hand, Sections 13-21 of the Electronic Transaction Act specifically make provisions for consumer protection in electronic transactions.

Section 22 of the Telecommunications Subscribers Regulations noted that subscribers' personal information may be released to law enforcement agencies with a written request from a senior officer of the security/law enforcement agency. The request has to be sent to the Commission stating the information needed and the purpose, according to Section 24. There is no specific provision that this request has to go through a judicial process.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries for copyright infringements. Section 22 of the Act exempts intermediaries from the legal responsibilities and liabilities associated with any illegal and harmful activities performed by their users on their platforms or through their networks if they are unaware of these activities, do not financially benefit from the activities, and if they remove/restrict the content within a reasonable amount of time after discovering the activities.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries beyond copyright infringements. Section 22 of the Act exempts intermediaries from the legal responsibilities and liabilities associated with any illegal and harmful activities performed by their users on their platforms or through their networks if they are unaware of these activities, do not financially benefit from the activities, and if they remove/restrict the content within a reasonable amount of time after discovering the activities.

According to Section 3 of the Telecommunications Subscribers Regulations, telecommunications service providers are required to implement a system to obtain, record, and store information about their subscribers. Moreover, according to Sections 6 and 7, telecom service providers must register subscriber details before new SIM cards or other subscription services are activated. When the regulation was implemented, existing subscribers were also required to be registered by six months from the effective date of the regulation.

According to Section 41 of the Telecommunications Licensing Regulations, type-approval certification from the Commission is required before telecommunications companies can import electronic communications equipment to be used on their networks. Companies are required to comply with the Commission's regulations in this regard. Self-certification for imported goods, including ICT goods such as radio transmission, electromagnetic interference (EMI) or electromagnetic compatibility (EMC), has not been allowed since July 2009, when the requirement for destination inspection was enacted.

All imports to Sierra Leone may be inspected by the Sierra Leone Standards Bureau (SLSB), which is the authority in charge of standards, certification, and accreditation under the Standards Act of 1996. The Bureau checks the certificate of conformity and labelling requirements and may perform field tests before issuing clearance to customs for the release of the goods.
In July 2009, a pre-shipment inspection of all imports ended. From this date, all shipments into the country are subjected to a Destination Inspection System (DIS) to test and inspect the imported goods to ensure they meet national and international environmental, health and safety standards. Third-party testing results and certifications are not accepted, and government-appointed entities must do the inspection. The government-appointed companies that conduct the inspection have been changed a couple of times. Importers are responsible for payment of the inspection fee.

Telecommunications operators are required to obtain licenses. However, approval for a license is not required for agreements between two local companies. Also, the licensing regime is reported to be restrictive, as it imposes lengthy lengthy processes on new market entrants. According to Section 20 of the Telecommunications Act, no person shall engage in any activity as a telecommunications operator unless they have been licensed for that purpose by the National Telecommunication Commission (NATCOM). Section 2 of the Telecommunications (Licensing) Regulations confirms the need for business licenses and authorisations for telecommunications, broadband communications and ancillary services in Sierra Leone.
Section 50 of the Telecommunications Act places additional scrutiny on agreements between local and foreign public telecommunications companies. It states that all agreements between local and foreign telecommunications companies should be submitted to the Commission for approval or modification of any terms. In considering the agreement for approval, the Commission shall take into account any exclusionary or discriminatory practices of the foreign-based service providers and telecommunications authorities and shall ensure that the local service providers are not subjected to unreasonable terms or discrimination.

Sierra Leone has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the National Telecommunications Commission (NATCOM), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Sections 28.3 and 34.2 of the Civil Registration Act mandate that the civil register, which contains personal data of residents, be maintained and kept at the chiefdom, district and national level. Likewise, the personal registration file should be kept in the region, district, or chiefdom of the individual. This is applicable to personal data stored in the Civil Register.

Sections 19.1 and 19.2 of the Telecommunications Subscribers Identification and Registration Management Regulation empowers the National Telecommunications Commission to establish and maintain a central electronic database of communications service subscribers, in which all subscribers' information shall be stored. The database shall be housed either within the Commission or in another location as may be determined by the Commission.
According to Sections 22.3 and 22.4, the transfer and utilisation of subscribers' data outside the country are subject to the provision of justification for the data use, the approval of the Commission, and the assurances of the security and confidentiality of the data/information.

Sierra Leone has not joined any free trade agreement committing to open transfers of cross-border data flows.

Sierra Leone does not have a comprehensive data protection law. However, there are provisions for data protection in the legal frameworks governing the operations of some sectors. For example, in the telecommunications sector, Section 78 of the Telecommunications Act makes it a criminal offence for anyone engaging in the provision of telecommunications services to disclose to any unauthorised person information or data s/he comes across as part of his lawful duty in respect of any customer or user of the telecommunications services. Also, Section 21 of the Telecommunications Subscriber Regulations states that a licensed service provider shall take reasonable steps to ensure the security and confidentiality of the subscriber’s registration and prevent corruption, loss or unauthorised disclosure of the information. There are also provisions for data protection in the financial sector. Section 35 of the Lenders and Borrowers Act states that a lender or a person who acts on behalf of a lender shall not disclose information obtained from a borrower unless the information is required under any other law or by a court of competent jurisdiction.

Section 19.4 of the Telecommunications Subscribers Regulations provides that the service provider shall, on a monthly basis or at such regular interval as the Commission may specify, transmit to the Commission all subscriber's information captured in their subscribers registers within the preceding month or such period as stipulated by the Commission in accordance with these Regulations. Section 20 of the Regulations also mandates licensed operators to capture, record and transmit to the central subscriber's information database the particulars of all its sales. The regulations do not specifically say for how long the data may be stored; they only mention the frequency at which the data should be transmitted to the Commission. However, Section 32(1-2) of the Regulations states that a subscriber intending to utilise one or more mobile universal integrated service cards, fixed telephone lines or internet connections that has been registered in its name, for allocation to a third party shall, before handing over a universal integrated service card or providing access to any telecommunication service, record the particulars and the date on which the utilisation commenced and the period for which the third party shall utilise the communications service. This information registered shall be stored for a minimum period of three years.