19th April 2020.
"Whoever Controls your Data Controls your Life": Why your Data Should be Protected?
Have you ever noticed that it is when you google something that adverts about that item starts popping up on your browser? For instance, you google airplane tickets or a phone you want to purchase and your browser subsequently recommends adverts on these things; or have you noticed that YouTube or Instagram often suggests videos you would like, keeping you engaged or hooked to the app? All these are only possible because YouTube or Google feeds off your online data or digital footprints.
More commonly, have you received unsolicited messages from strange-looking business names or the notorious NYSC benefactor who promises to connect you with his uncle who can provide you with a job at Chevron? He could only have gotten your number by exploiting the data you provided to someone. Hence, you see why it is important to understand what Data Privacy and Protection entails or why you should safeguard your personal data. If you have a smart phone, engage in the Internet of Things (IoT), maintain social media accounts or you have ever used the internet, you need to take data privacy and protection seriously.
Data, Data Privacy and Protection
Data generally means information but in relation to data privacy and protection, it means any information personal to you e.g., name, phone number, address, passwords, bank account details, national identification numbers, etc.
Data Privacy and Protection, albeit used interchangeably, are not exactly the same. The former refers to your fundamental right to control how your data is used to prevent the unauthorised access/use of your data. The latter refers to the means of protecting this information from unauthorised use.
Generally, in Nigeria, every citizen has a right to data privacy guaranteed by S.37 of the Constitution. So, you can generally sue where this right has been breached. Although only a handful, there have been successful lawsuits enforcing these rights. Some persons (2 lawyers) have successfully made money from suing Airtel and MTN for breach of these rights.2 Data Protection, on the other hand and as indicated above, deals with steps taken to protect your data either personally or at law. Aside from the government's responsibility to provide systems to protect your personal data, you also have a role to play in safeguarding your data.
Why Your Data should be Protected
Just like the pandemic is depicting, virtually every aspect of human life is migrating to the internet. The internet is slowly becoming the 'air' we breathe. Almost every transaction is done online and, it is unlikely not to find your personal information online. To show how important your data is, 5 of the 6 largest companies in the world (Apple, Amazon, Microsoft, Google and Facebook) deal in big data and profit off processing the data of their consumers.3 It would appear the world is rapidly moving away from oil to data (think machine learning, data analytics, data science, artificial intelligence).
Most companies require your data to enable them "serve you better". With your personal information in their grasp, they know what you like or what appeals to you. They can dictate what you watch or listen to and sometimes dictate how you behave or respond to situations. Virtually every App requires access to your data upon activation.
Your data reveals sensitive things about you. This means it can be maliciously exploited to harm you or wrongly processed for economic gain. Apart from these companies, there are hackers prowling the internet to scrape your data and sell on the dark web.
Consider the 2018 Facebook Cambridge Analytica scandal, the 2014 3billion Yahoo user data breach, the 2014 165 million e-Bay users data breach and even the 2016 412.2 million Adult Finder user data breach, all examples of the power of big data. A 2018 data breach study by IBM states that the global average cost of a data breach is 3.86million dollars.4 Clearly, data is serious business and should be protected and regulated, considering that a lot of money is made from processing and using personal data. By the way, it may come as a surprise to many readers of this piece that nothing really gets wiped off the Internet.
Laws Protecting your Data5
- The General Data Protection Regulation (GDPR) 2018
- Nigeria Data Protection Regulation (NDPR) 2019
- Constitution of the Federal Republic of Nigeria 1999 (as amended)
- Freedom of Information Act 2011
- The Cybercrimes (Prohibition, Prevention, etc.) Act 2015
- Child Rights Act 2003
- National Health Act 2014
- The NCC Consumer Code of Practice Regulation 2007
- The NCC Registration of Telephone Subscribers Regulation 2011
- The Consumer Protection Framework 2016
- The National Identity Management Commission (NIMC) Act 2007
- The Federal Competition and Consumer Protection Act 2019
Opportunities Open to Lawyers in Data Protection
- Legal Advisory and Compliance to companies that deal in data (especially Big Data) e.g. healthcare providers, telecoms, tech, digital companies, etc. (P.S: virtually all tech companies deal in data).
- Drafting Privacy Policies
- Data Protection Compliance Officers (DPCOs) and Data Protection Officer (DPO) services (Data Protection Audit Filings)6
- Drafting Data Protection Impact Assessments (DPIAs)
- Training company staff on Data Privacy and Protection
- Inventory Processing
- Drafting Data Regulations and Frameworks
- Cyber Insurance
- Drafting and Reviewing Third Party Processing Agreements
- Legal Research
- Sector Specific Roles
Tips on Personally Protecting your Data
- For offline data, before discarding sensitive documents e.g. receipts, bills, account statements, ensure you shred them (preferably with a shredding machine).
- Secure your Home Wi-Fi and mobile Hotspots.
- Use strong passwords or passphrases and safeguard them properly.
- Do not provide highly sensitive information online e.g., all those question games on twitter or Instagram.
- Enable passwords on your sim cards or memory cards.
- Disable your Bluetooth or Wi-Fi when inactive.
- Always endeavour to track your digital footprints.
- Be watchful of Apps you download.
- Never forget to sign out from your various online accounts!
- Beware of strange emails.
- Regularly sanitise your IoT.
- Assess your Privacy settings regularly.
- Before clicking "I agree", try to skim trough the privacy policies.
- Never use unsecured Wi-Fi especially for banking and shopping.
- Use Anti-Virus or Firewall software.
- Always endeavour to update your Apps.
- You have data privacy rights. Know them!
- Back up your data.
- Do not open unsecured emails to prevent phishing and web bugs.
2 See Godfrey Nya Eneye v MTN Nigeria Communications Ltd Appeal No: CA/A/689/2013 (Unreported).
and Ezugwu Anene v Airtel Nigeria Ltd Suit No: FCT/HC/CV/545/2015 (Unreported).
3 Erin Duffin, "Top Companies in the World by Market Value 2019" (12th August 2019) available on https://www.statista.com/statistics/263264/top-companies-in-the-world-by-market-value/ accessed on 30th March 2020.
4 Dan Swinhoe, "The 14 Biggest Data Breaches of the21st Century" (19TH March 2020) available on < https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html> accessed on 8th April 2020.
5 For more information on the Data Protection Laws in Nigeria, see the author's article, "Data Privacy and Protection under the Nigerian Law" available on http://www.spaajibade.com/resources/data-privacy-and-protection-under-the-nigerian-law-francis-ololuo/#_ftn12
6 The NDPR established this new crop of professionals.
Originally Published 19 April, 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.