Latest Headlines
Principal Data Protection Law: What Nigeria Stands to Gain
Samuel Ohwovoriole posits that in line with global best practice, Nigeria must have a data protection law in place to attract interventions that are of benefit to the country
For a nation seeking to deepen global competitiveness, investment in data economy is vital. This explains why economic experts now refer to data as the new oil, since crude oil itself literally belongs to yesterday. The Minister of Communications and Digital Economy, Isa Ali Pantami, at the maiden edition of the ‘Digital Economy Regional Conference’ where he spoke on the theme, “Positioning West Africa’s Digital Economy for the Future,” submitted thus: “In the fourth industrial revolution, data is key.”
According to him, the future is data and that Nigeria must not lag behind. “Today, it is a global best practice to have a data protection law in place, otherwise you will find it difficult to attract so many interventions that are of benefit to your country. Even potential investors may ask questions to know whether you have data protection laws in your country or not?
“If you don’t have any data protection law in place, they will feel uncomfortable to invest because today, data is critical. Whenever we engage with potential investors, we try to convince them of the need to come to Nigeria to invest, and they always ask if we have a data protection law? “But we have subsidiary law. Many of them do agree with subsidiary law, at the same time, many disagree that subsidiary law is insufficient for them, but in Nigeria it is sufficient,” Pantami urged.
On the strength of these issues, the Federal Minsitrry of Communications and Digital Economy (FMCDE) proposed the esatblismnet of a full-fledged data protection institution and also principal legislation for data protection related issues in Nigeria to President Muhammadu Buhari and sunsequantly obtained the approval for the establishment of the Nigeria Data Protection Bureau.(NDPB). Over the years. Pantami used the annual observance of the World Data Privacy Day on the 28th of January- to raise awareness on privacy – coincides with the anniversary of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) which was opened for signature on the 28th of January 1981. He noted that Nigeria foremost in Africa when it comes to creating awareness through Data Privacy. Without this awareness, citizens would not be able to demand for and enforce their data protection rights. Data protection law is not crafted in any way to punish citizens, rather to create awareness protection, protect citizens data. And also for all to be accountable to one another whether as data controllers or as data processors. Pantami also advocated for a culture of compliance by design and by default. Some experts and people in the private sector are still anxious notwithstanding the optimism in the public sector. The prevailing view amongst these experts is that without a principal law, it may be difficult to guarantee stability of the gains already recorded. For them, it is also important to attract investment (foreign in particular) through strong institutions and legislations.
Analysts insists that the current National Assembly, though in its twilight, should urgently transmit the data protection bill to President Buhari for assent before May 29, 2023. This, they note, will provide an additional layer of protection for the nation’s digital identity ecosystem and ultimately safeguard Nigeria’s digital economy, boost investor’s confidence, grow foreign direct investment, improve the Gross Domestic Product (GDP) and ensure robust protection of personal information. Also, businesses and organisations will be held accountable for any data breach or privacy violation, which will encourage them to take data protection seriously and implement adequate technological and organisational measures in order to protect personal data. The Chief Executive Officer of Jidaw Systems, an ICT Consulting Firm, Mr. Jide Awe, in an interface with Nairametrics, said that Nigeria needs to have a strong data protection law as more Nigerians use different AI tools, which expose their data. According to him, data protection has now gone beyond having a regulatory agency. There must be a strong law that can be enforced to protect the privacy of citizens data.
“While Nigeria has a national data protection regulatory agency, the Nigeria Data Protection Bureau (NDPB)) responsible for regulating data protection and ensuring compliance with the Nigerian Data Protection Regulation (NDPR), protecting data privacy rights may require more than just having a regulatory agency. It is hoped that Nigeria and other countries in a similar situation would enact comprehensive national data protection legislation to provide stronger legal and regulatory backing to data protection regulation and help to ensure consistency and effectiveness in addressing data privacy concerns”, he explained.
For investors, a data-secured environment is a major attraction. It is an assurance that their information is safe and secure and not subject to abuse. It also explains why many developed countries do not toy with data protection. In fact, many development partners, international financial institutions, critical stakeholders in the digital economy space and even potential investors today have continued to ask questions as to why Nigeria does not have a data protection law in place. Interestingly, Data Protection Law is constitutionally endorsed n Nigeria’s constitution; Section 37 of the 1999 Constitution as amended provides that: “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.” In the same vein, the core rights of data subjects under the Nigeria Data Protection Regulation provide a data subject have a right to be informed, right of access, right to object, right to data portability, right to erasure, right to restriction of processing, rights to rectification and rights regarding automated decision making. Having such a law in place will align the country with scores of other nations around the globe and make Nigeria a global player and the lack thereof is economically injurious. The activities of the Bureau since establishment in February 2022 shows it’s strongly aware of what is at stake.
According to the NDPB’s National Commissioner and CEO, Dr Vincent Olatunji, the risk of not having a principal act is enormous not least because the legal reliefs enforceable by citizens could be extremely difficult to obtain.
“First, it is about our reputation as a country. Individuals and organizations are moving almost everything in to digital platforms. The foundation to anything you do online is your digital identity. You must have an identity. This identity is your personally identifiable information and it is the gate, the wall and the foundation of all your transactions. Your name, telephone number, IP address or anything that identifies you. Clearly we cannot overemphasize the primacy of protection your identifiers in this regards.
“Furthermore, there are some countries that are regarded as whitelist countries. Mostly, these are countries that have their laws and supervisory authorities in place. And there are some things you need to put in place to be able to qualify to get to that level. The opposite of white list is black list. This implies that countries who are not on the whitelist do not have adequate regulatory framework in place and they do not have independent supervisory authorities. Similarly, we have to address privacy breaches, which result in identity theft and other abuses online. These are issues, which are really important to any digital economy. But when you have a law in place, and you have a supervisory authority, there is a reasonable assurance that the rights and bona fide interests of all parties will be protected. “
There are strong signs that Nigeria will get it right eventually. The Nigeria data Protection Bill has been transmitted to the National Assembly. ICT and Cybersecurity Committees members of both the Senate and House of Representatives have shown strong commitments to the passage of the Bill. Nigerians will continue to keep their fingers crossed as stakeholders collaborate in ensuring that data privacy takes firm root in the overall interest of sustainable development in Nigeria.