Senegal Recording Laws: All-Party Consent Rules and Penalties (2026)

How Senegal Regulates Recording: An All-Party Consent System

Senegal is among a relatively small group of countries that require the consent of every participant before a conversation can be legally recorded. The legal framework draws from four main sources: the national constitution, the Penal Code (as amended in 2016), the cybercrime statute of 2008, and a dedicated personal data protection law.

For anyone doing business in Dakar, conducting journalism in Senegal, or simply traveling through West Africa, the rules are clear. You cannot record a phone call, capture a private conversation, or intercept electronic communications without either the consent of all parties or a court order. Violations carry real prison time.

This framework reflects a legal tradition shaped by French civil law, where privacy rights carry significant weight. But Senegal has also built its own statutory architecture in response to the growth of mobile telecommunications and digital surveillance across the region.

Constitutional Foundation: Article 13

The bedrock of Senegal's recording laws is Article 13 of the Constitution, adopted on January 22, 2001. The provision reads:

"Le secret de la correspondance, des communications postales, telegraphiques, telephoniques et electroniques est inviolable. Il ne peut etre ordonne de restriction a cette inviolabilite qu'en application de la loi."

Translated: "The secrecy of correspondence and of postal, telegraphic, telephonic, and electronic communications is inviolable. Restrictions to this inviolability may only be ordered through application of the law."

This is not a general privacy aspiration. It is a constitutional mandate. The drafters chose the word "inviolable," which in the French legal tradition signals the highest level of protection. Any law that permits interception or recording must satisfy a specific legal basis. Without that basis, the act is unconstitutional.

Article 13 covers every form of communication: physical mail, telegraphs, telephone calls, and electronic messages including email, messaging apps, and internet-based voice calls. Courts in Senegal interpret this provision broadly. When technology evolves, the constitutional protection extends to cover new forms of communication.

The Penal Code: Article 363 bis

What the Law Prohibits

The core criminal provision governing unauthorized recording in Senegal is Article 363 bis of the Penal Code, introduced by Law No. 2016-29 of November 8, 2016. This law substantially amended the original 1965 Penal Code (Law No. 65-60) to address modern privacy threats.

Article 363 bis criminalizes anyone who, by any means whatsoever, voluntarily violates the intimacy of another person's private life. The specific prohibited acts include:

• Capturing, recording, or transmitting words spoken in a private or confidential setting without the speaker's consent
• Fixing, recording, or transmitting the image of a person who is in a private place, without that person's consent
• Disseminating or distributing recordings or images obtained through the acts above

The language is deliberately broad. "By any means whatsoever" covers smartphones, hidden microphones, recording apps, body cameras, drones, and any other device capable of capturing audio or visual content. The law does not distinguish between analog and digital methods.

Penalties

Anyone convicted under Article 363 bis faces:

• Imprisonment of one to five years
• A fine of 500,000 to 5,000,000 CFA francs (approximately USD $810 to $8,100)
• Or both imprisonment and a fine

These penalties apply to each distinct act. Recording, transmitting, and disseminating are treated as separate offenses. A person who secretly records a conversation and then posts it on social media could face charges on multiple counts.

Scope of "Private" Under Senegalese Law

Senegalese courts follow the French legal tradition in defining what constitutes a "private" conversation or setting. A conversation is private when the participants have a reasonable expectation that their words will not be heard by outsiders. This includes:

• Telephone calls (landline, mobile, VoIP)
• Face-to-face conversations in homes, offices, restaurants, and vehicles
• Discussions during meetings where participants expect confidentiality
• Electronic communications such as email, text messages, and voice notes

A conversation held in a public square where anyone can overhear it may not qualify as private. But a conversation between two people at a table in a restaurant, conducted at a normal volume, generally does.

Cybercrime Law: Interception of Electronic Data

Article 431-12 of the Penal Code

Senegal enacted Law No. 2008-11 on January 25, 2008, as the country's first dedicated cybercrime statute. The provisions of this law were later incorporated into the Penal Code through the 2016 amendment (Law No. 2016-29).

Article 431-12 targets the fraudulent interception of computerized data during transmission. The provision states that anyone who intercepts or attempts to intercept, by technical means, data or information during non-public transmission to, from, or within a computer system faces criminal penalties.

This article covers a wide range of digital interception, including:

• Intercepting email communications in transit
• Capturing data packets on a network
• Using malware or spyware to monitor electronic communications
• Deploying IMSI catchers or similar devices to intercept mobile signals
• Tapping into VoIP conversations

Penalties for Electronic Interception

Violations of Article 431-12 carry:

• Imprisonment of one to five years
• A fine of 5,000,000 to 10,000,000 CFA francs (approximately USD $8,100 to $16,200)
• Or one of these penalties only

The fines are notably higher than those under Article 363 bis, reflecting the legislature's view that electronic interception involves more sophisticated methods and potentially broader harm.

Personal Data Protection: Law No. 2008-12

Overview

Senegal was one of the first countries in West Africa to adopt comprehensive data protection legislation. Law No. 2008-12 of January 25, 2008, established a legal framework for the protection of personal data and created the Commission de Protection des Donnees Personnelles (CDP) as the independent supervisory authority.

The law entered into force in 2014 and governs how personal data, including audio recordings, video footage, and photographs, may be collected, processed, stored, and transmitted.

Consent Requirements Under Article 33

Article 33 of Law 2008-12 establishes that the processing of personal data is legitimate only when the person concerned gives their consent. A recording of someone's voice or image constitutes personal data under the law, which means that recording falls within the scope of data protection requirements.

Consent can be waived only in limited circumstances:

• Compliance with a legal obligation
• Execution of a task in the public interest or exercise of public authority
• Performance of a contract to which the data subject is a party
• Protection of the data subject's vital interests or fundamental rights

None of these exceptions gives private individuals or businesses a general right to record without consent.

Penalties for Data Protection Violations

The Penal Code, as amended by Law 2016-29, contains a series of articles (431-17 through 431-27) that impose criminal penalties for violations of the data protection law. The penalties are severe:

• Article 431-17: Processing personal data without required formalities carries one to seven years in prison and fines of 500,000 to 10,000,000 CFA francs
• Article 431-22: Collecting personal data by fraudulent, disloyal, or unlawful means carries the same penalties
• Article 431-27: Collecting personal data that could damage a person's reputation or privacy and transmitting it without authorization carries one to seven years in prison and fines of 500,000 to 10,000,000 CFA francs

These provisions apply directly to unauthorized recording. A voice recording is personal data. Capturing it without consent is fraudulent collection. Sharing it is unauthorized transmission. Each step triggers separate criminal liability.

Judicial Interception: When the Government Can Listen

The Authorization Process

Senegalese law permits lawful interception of communications, but only under strict judicial oversight. The Code of Criminal Procedure, as amended by the cybercrime reforms, grants investigating magistrates the authority to order interception of communications when the necessities of a criminal investigation require it.

The process works as follows:

1. An investigating judge must issue a written order authorizing the interception
2. The order must specify the target, the means of interception, and the duration
3. The authorization is limited to a period of two to four months
4. Renewal requires a new case-by-case determination and cannot be granted automatically
5. The order is not subject to appeal

Article 677-38 of the Code of Criminal Procedure

Article 677-38 allows magistrates to use appropriate technical means to collect or record, in real time, data relating to the content of communications transmitted by computer systems within Senegalese territory. The article also empowers judges to compel service providers to assist in collecting or recording the relevant data, within their technical capabilities.

Telecommunications operators and internet service providers are required to cooperate with judicial interception orders. The formal request comes from the public prosecutor (procureur de la Republique) and is directed to the operators.

Limits on Government Surveillance

Despite these powers, Senegalese law imposes constraints. Interception orders cannot be open-ended. The two-to-four-month window forces investigators to justify continued surveillance at regular intervals. Judges must also order intermediaries to preserve data integrity and, under Article 677-35, can require data preservation for up to two years when there is reason to believe stored data may be lost or modified.

Article 677-37 addresses what happens when seizure of physical storage media is not desirable. In those cases, the judge may use technical means to secure or isolate data within a system rather than confiscating the hardware.

Phone Calls vs. In-Person Conversations

Recording Phone Calls

Recording phone calls in Senegal without the consent of all parties is illegal. This applies to:

• Personal mobile and landline calls
• Business telephone conversations
• VoIP calls through WhatsApp, Zoom, Teams, and similar platforms
• Call center recordings and automated systems

There is no one-party consent exception. Even if you are a participant in the conversation, you cannot record it without informing and obtaining the agreement of the other person. Businesses that record customer service calls must provide clear notice and obtain affirmative consent before the recording begins.

Recording In-Person Conversations

The same prohibition applies to face-to-face conversations. Article 363 bis covers words spoken in a private or confidential setting. Wearing a hidden microphone to a meeting, leaving a voice recorder running in your pocket, or using a smartwatch to capture audio all constitute criminal conduct.

The key question is whether the conversation is "private." If two people are having a quiet discussion in an office, a home, or even a secluded corner of a cafe, that conversation is private. Recording it without both parties' knowledge triggers criminal liability.

Public Spaces and Photography

Senegalese law does not create a blanket prohibition on recording in public spaces. The restriction under Article 363 bis applies to "private places" and "private or confidential" words. Filming a public event, a street scene, or a political rally does not automatically violate the law.

However, there are important boundaries:

• Focusing a camera on a specific individual and recording their words or image in a way that invades their privacy can still violate Article 363 bis, even in a public location
• Under the data protection law, capturing someone's image constitutes collecting personal data, which requires a legitimate basis
• Publishing or distributing someone's image without their consent can trigger liability under Article 431-27 of the Penal Code

Photographing or filming government buildings, military installations, and certain sensitive infrastructure may also be restricted under separate national security provisions.

Workplace Recording and Employee Surveillance

Employer Obligations

Senegalese employers who wish to implement surveillance systems in the workplace must comply with the data protection framework overseen by the CDP. The requirements include:

• Informing employees before any surveillance system is implemented
• Consulting with employee committees regarding monitoring devices
• Completing prior formalities with the CDP for surveillance cameras, biometric systems, and entry/exit tracking
• Providing employees access to their personal data upon request

Employers cannot secretly record employees' conversations, monitor personal phone calls, or install hidden cameras. Surveillance must be proportionate to the legitimate purpose it serves, and employees must know about it in advance.

CCTV and Surveillance Camera Requirements

Workplaces that install CCTV systems must display visible notices indicating that the area is under surveillance. Footage captured by surveillance cameras that lack proper signage is inadmissible in court proceedings. This rule directly incentivizes transparency.

The CDP has taken the position that it must authorize the processing of personal data through surveillance devices before they are deployed. Failure to obtain this authorization constitutes a violation of Law 2008-12 and can trigger criminal penalties under Articles 431-17 through 431-22.

Employee Consent and Power Imbalance

Consent from employees is complicated by the inherent power imbalance in an employment relationship. An employee who is told to consent to monitoring may feel they have no genuine choice. Senegalese law addresses this by requiring that surveillance serve a legitimate, documented purpose beyond mere monitoring of employee behavior.

Acceptable purposes include physical security of premises, protection of sensitive assets, and prevention of criminal activity. General performance monitoring through audio or video recording is far more difficult to justify.

Enforcement: The CDP and Its Limitations

How the CDP Operates

The Commission de Protection des Donnees Personnelles, established by Law 2008-12, functions as an independent administrative authority. Its mandate includes:

• Receiving and processing complaints about data protection violations
• Conducting inquiries and investigations
• Issuing warnings and notices to data controllers
• Imposing sanctions for violations of the data protection law
• Advising the government on data protection policy

The CDP has the power to enter premises, examine records, and require data controllers to provide information about their processing activities.

Enforcement Challenges

In practice, the CDP has favored warnings and notices over formal sanctions. Data controllers who receive a notice generally comply, according to the commission's own reporting. This approach reflects the reality of limited enforcement resources in a country where digital literacy and awareness of data protection rights are still developing.

Critics have pointed out that Senegal's data protection framework, while strong on paper, faces gaps in implementation. The CDP operates with limited staff and budget. Many businesses, particularly small and medium enterprises, are unaware of their obligations under Law 2008-12. And individuals who have their conversations recorded without consent may not know that legal remedies exist.

The proposed Personal Data Protection Bill of 2019, published for public comment in early 2020 as part of the Digital Senegal 2016-2025 Strategic Plan, aimed to modernize the framework and address emerging issues like artificial intelligence, cloud computing, and biometric data. As of 2026, that bill has not advanced through the legislative process.

Penalties Summary

Offense	Legal Basis	Maximum Prison	Maximum Fine
Recording private conversations without consent	Penal Code Art. 363 bis	5 years	5,000,000 FCFA (~$8,100)
Intercepting electronic data in transmission	Penal Code Art. 431-12	5 years	10,000,000 FCFA (~$16,200)
Unlawful collection of personal data	Penal Code Art. 431-22	7 years	10,000,000 FCFA (~$16,200)
Processing personal data without authorization	Penal Code Art. 431-17	7 years	10,000,000 FCFA (~$16,200)
Transmitting damaging personal data without authorization	Penal Code Art. 431-27	7 years	10,000,000 FCFA (~$16,200)

Business Compliance Checklist

Organizations operating in Senegal should take the following steps to comply with the country's recording and data protection laws:

• Register with the CDP. Any entity that processes personal data must complete prior formalities with the Commission de Protection des Donnees Personnelles before deploying recording or surveillance systems.
• Obtain explicit consent for call recording. Before recording any business call, secure clear consent from all parties. Automated systems must include a consent prompt at the beginning of the call.
• Post surveillance notices. Display visible signage in all areas covered by CCTV or audio recording systems. Footage from unsigned locations is inadmissible in court.
• Inform employees. Brief all staff about surveillance systems before implementation. Consult with employee representatives where required.
• Limit data collection. Collect only the personal data necessary for a documented, legitimate purpose. Do not record conversations or capture images beyond what the stated purpose requires.
• Secure stored recordings. Implement technical and organizational measures to protect recorded data from unauthorized access, as required by Article 71 of Law 2008-12.
• Train personnel. Ensure that employees who handle recording equipment or personal data understand their obligations under Senegalese law.
• Monitor legal developments. Track the status of the proposed Personal Data Protection Bill and any amendments to the Penal Code or cybercrime legislation.