No other time is more apt to espouse the question of how Nigeria has fared so far in keeping up with the dynamics of data protection other than now, when digitisation has become an inevitable reality world over. The changing dynamics of digitization is moving at a fast-paced level such that countries of the world have had to fasten their seatbelts and be in top gear to be able to keep up with the trends and pace with which digitization is moving.
With the internet, the world is indeed at our fingertips. Hence, the virtual world feeds largely on the personal data of individuals (i.e names, birth details, address, pictures, email address, bank details, or medical information) which are available online to work. The principle of data protection seeks to protect these data which reveals sensitive personal information from being indiscriminately exploited to harm users and data subjects in the bid for economic gain or other related purposes.
If anything, data protection is a global and topical issue of discourse. This is because, in the wake of technological advancements, there is constant data generation and processing activities by individuals, governments, and corporate bodies alike across the globe. Data protection is a human right issue. Data protection as a legal issue of human rights stems from the right to privacy as a fundamental human right recognised across national, regional, and international legal instruments. For example, the International Covenant on Political and Civil Rights (ICCPR) recognised the need for data protection laws to safeguard the fundamental right to privacy1. In the same vein, the Nigerian Constitution which is the fons et origo of all laws in the country guarantees the right to privacy of its citizens.2
Invariably, protecting privacy and data in the digital age is pivotal to effective and good democratic governance. However, despite increasing recognition and awareness of data protection and the right to privacy across the world, there is still a lack of sufficient legal and institutional frameworks, processes and infrastructures to support the protection of data and privacy rights.
This article attempts to answer the question of how Nigeria has fared in keeping up with the dynamics of data protection, it is envisaged in the end that the right peg would have been placed in the right hole.3
The Dynamics of Data Protection and Law; The Nigerian Situation
The collection and processing of personal data raise significant privacy and data protection concerns for every citizen. The digital and information age has seen data exchange become a common feature and an integral part of commercial transactions.4 Considering that five of the six largest companies in the world (Apple, Microsoft, Amazon, Google and Facebook) deal in data and profit off processing the data of its consumers,5 it has become imperative to regulate how that vast amount of personally identifiable data is managed.
To paint a picture of the dynamics of data protection, every time you use a service, buy a product online, register for email, go to your doctor, pay your taxes, or enter into any contract or service request, you have to hand over some of your data. Even without your knowledge, data and information about you are being generated and captured by companies and agencies that you are likely to have never knowingly interacted with.6
As simple as it seems, this can expose you to identity theft, unlawful profiling and cybercrimes amongst several other results of bad data protection. Perceptibly, new and varied threats to privacy have emerged with the growth of the digital universe. Government surveillance is exponentially easier and cheaper, painting a detailed picture of individuals' communications, movements and browsing habits.7 The only way citizens and consumers can have confidence in both government and business are through strong data protection practices, with effective legislation to help minimise incessant and indiscriminate state and corporate surveillance and data exploitation.
Before January 2019 which saw the birth of the Nigeria Data Protection Regulation (NDPR) as issued by the National Information Technology Development Agency (NITDA), the Nigerian framework for data protection was quite sketchy and grossly inadequate to address the trending needs of data protection. L. A. Abdulrauf 8 submitted that:
'The activities of various entities with regard to the personal information of individuals, aided by advances in technology, amounted to a violation of data privacy. The extant legal framework in Nigeria is manifestly inadequate to effectively protect individuals from the threats resulting from the processing of their personal information."
Other pundits, scholars and researchers have since been calling for a definite and well-streamlined legal framework in the form of an act of the National Assembly. No doubt the issuance of the NDPR, although a subsidiary legislation is a step in the right direction which could in the end see to the allayment of these scholarly concerns.
The constitutionally recognised and enforceable right to privacy lays the foundation upon which other laws and regulations on data protection and privacy is built. This position has been judicially explicated in the cases of EMERGING MARKET TELECOMMUNICATION SERVICES V. BARR GODFREY NYA ENEYE9 and BARR. EZUGWU EMMANUEL ANENE V. AIRTEL NIGERIA LTD.10 The NCC Consumer Code of Practice Regulation deals with the protection of consumers' data in the telecoms sector.
It for example requires all licensees to take reasonable steps to protect the information of their customers against improper or accidental disclosures.11 The freedom of Information Act also protects personal data. It restricts the disclosure of information which contains personal information by public institutions except where the involved data subject consents to its disclosure or where the information is publicly available. It also provides that a public institution may deny the application for disclosure of information that is deemed privileged by law (e.g. Attorney-client privilege, doctor-client privilege).12 In the same token, the Cybercrimes (Prohibition, Prevention, etc) Act (the Act) criminalizes data privacy breaches while mandating persons and organisation in possession of data to take appropriate measures towards safeguarding such data.13
Other laws and regulatory frameworks including but not limited to; the National Identity Management Commission (NIMC) Act, National Health Act (NHA), Federal Competition and Consumer Protection Act, Consumer Protection Framework, Child Rights Act, etc. It can be gleaned from the foregoing that most of these laws and regulatory frameworks are industries-based which gives room for a lot of speculations.
Keeping Up With the Dynamics: How Far So Far?
The Nigerian society as we know has a lot of lapses/shortcomings. Apart from the fact that the environment is not enabling, numerous issues and challenges stare it in the face. A developing country and the powerhouse of Africa with the largest economy in the continent has its average citizen living below the poverty line. Because of the peculiarity of the Nigerian society, laws, policies, and frameworks hardly work as they should. In the discourse of data protection in Nigeria, the situation is nothing to write home about. Even though the legal and regulatory framework for data protection and privacy is sketchy, there is a wild berth between it (the frameworks) and the reality.
The trite and orthodox principles of data privacy are grossly not complied with by individuals, corporate bodies and even the government and its agencies. Personal data of Nigerian are being processed every day in carefree manners. From community associations to schools to banks to companies to government agencies, data protection is the least of concerns of individuals in possession of these data.
A typical Nigerian would have had to submit their data to banks, schools, exam bodies, National Identity Commission, Electoral Commission; these data are processed, duplicated and even in some cases sold for gains. The telecommunication industries in Nigerian also breach the data protection principles by sending unwarranted/unsolicited messages to their subscribers and in the worst case call them incessantly with silly promotional offers and packages.
Olasupo H.M.14 expressed concerns on how the right to privacy of Nigerians are being toyed within the wake of COVID-19 given that almost every Nigerian received text messages from the Nigeria Centre for Disease Control (NCDC) an agency of the Federal Government which has "apparently" processed data of Nigerians without due process and one would have thought that the Government would use the same method of eliciting data of Nigerians to get bank account details where monetary palliatives would have been deposited.
Conclusion: Which Way Forward?
If anything, data protection should be taken seriously by individuals, government, and corporate entities. Its protection should be ensured willy-nilly. The right of an individual to determine how his or her data or information is processed falls within the purview of human rights which is sui generis. This right is being threatened especially in developing countries like Nigeria. Even though the country is keeping up with the trends of ICT and digitization, the legal system is lag in grappling with the novel realities of such technological advancement. The problem is further compounded by the Nigerian factor, situation and mind-set which breed a wide gap between theories and practice. To this end, there is a need to activate the law in its sociological context which should address the societal need appositely in consideration of its realities. Concerted efforts should be made to see that the draft Data Protection Bill sees the light of day in no distant time. No doubt, if the right steps are taken towards the right direction as regards data protection in Nigeria, then the pilots, cabin crew, passengers can fasten their seatbelt as the Nigerian plane has just begun to taxi along the tarmac on its way to keeping up with dynamics of data protection
1. See Article 17 of The International Covenant on Political and Civil Rights (ICCPR)
2. See Section 37 of The Constitution of The Federal Republic of Nigeria (CFRN) 1999 as amended 20011
3. Privacy International "The Keys To Data Protection" August 2018. Available online at (https://privacyinternational.org/sites/default/files/2018-09/Data%20Protection%20COMPLETE.pdf) accessed 15th September 2020
4. Francis Ololuo (2020) "Data Privacy and Protection Under the Nigerian Law" SPA Ajbade & Co. available at (https://www.mondaq.com/nigeria/privacy-protection/895320/data-privacy-and-protection-under-the-nigerian-law#_ftn3) accessed 15th September 2020.
5. Statistica.com (2020) "The 100 Largest Companies In The World By Market Capitalization In 2020" available at (https://www.statista.com/statistics/263264/top-companies-in-the-world-by-market-capitalization/) accessed 17th September 2020.
6. Ibid Privacy International p.9
7. Carly Nyst "Children's Rights and Business in a Digital World" UNICEF Child Rights & Business Unit.
8. L.A Abdulrauf "The Legal Protection of Data Privacy in Nigeria: Lessons From Canada And South Africa" PHD. Thesis Faculty of Law, University of Pretoria, South Africa, 2015
9. (2018) LPELR-46193
10. Suit No: FCT/HC/CV/545/2015 (Unreported).
11. See regulation 35 of the Regulation
12. See Section 14 and 15 of the Act
13. See Section 21 of the Act
14. Olasupo H.M (2020) "Rights To Privacy, Data Protection And The COVID 19 Syndrome In Nigeria: An Analytical Discourse" https://newswirelawandevents.com/rights-to-privacy-data-protection-and-the-covid-19-sydrome-in-nigeria-an-analytical-discourse-by-olasupo-habeebulah-morakinyo/#_ftn7 Accessed 10th September 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.