GDPR study exposes exploitative conditions of African content moderators

In a landmark study accepted at ACM FAccT 2026, researchers led by Mariame Tighanimine audited the working conditions of content moderators in Kenya and Nigeria who work for business process outsourcing (BPO) companies. By invoking the European General Data Protection Regulation (GDPR), they forced BPOs to release employment contracts and non-disclosure agreements that moderators themselves had never been allowed to see. The data provides legally grounded evidence of systematic exploitation—including low wages, grueling hours, psychological harm from violent content, and suppressed unionization—all of which violate fundamental workers' rights.

The study argues that tech companies use BPOs to externalize labor costs and accountability while claiming their products and business models are legally unprecedented. By deploying GDPR's extraterritorial provisions, the authors demonstrate that existing frameworks can regulate outsourced labor in the Global South. This challenges the industry's narrative of exceptionalism and shows that data protection law can serve as a tool for social justice, not just privacy.