MEANING OF DATA PRIVACY AND PROTECTION
Data protection is the process of guarding data or important information from corruption, compromise, theft, unauthorized publication, or complete loss. Data privacy refers to the protection of personal information and the degree of control that people have over their own information. The amount of data being created and stored daily has made data protection increasingly important. Data protection laws ensure that data is collected, used, processed, transferred, and disposed of following certain set standards.
The main aim of data protection is to ensure that data stays safe and remains available to users at all times.
KEY CONCEPTS IN DATA PRIVACY
1. Consent: people must give explicit and expressed consent before their information is shared, disseminated, or even collected.
2. Transparency/Purpose: there must be transparency in data usage. the purpose that the information will be used for has to be made aware to the owners of the information, this also applies to the scope and nature of the information to be collected.
3. Minimalism/limitation: data collectors must only collect the information that is relevant and necessary for the purpose intended.
4. Accuracy: data must be accurate, up to date and kept complete to ensure that it is reliable for the intended purpose. Controllers should accurately record the information they collect or receive and the source of that information.
5. Security: data must be secured against unauthorized access, theft, or loss.
6. Retention: data must be retained for only as long as necessary and disposed of securely after its retention period has ended. The period in which data is stored should be limited to a strict minimum.
7. Compliance with the appropriate data privacy laws: while data is being collected, disseminated, and retained, it should be done in strict adherence to the provisions of the law.
8. Protection: this may be articulated in many different ways. Data should be protected and evidence of how data is provided should also be given.
9. Accountability: there should be people who are kept accountable or who are responsible directly for the protection of data collected. Controllers must take responsibility for their processing of personal data and how they comply with the rules that control that. They must also be able to demonstrate their compliance.
10. Confidentiality: data should be processed in a way that ensures security and the confidentiality of the data collected.
LAWS REGULATING DATA PROTECTION AND PRIVACY
The laws regulating data protection vary from country to country and even from state to state.
In Nigeria, the concept of data privacy and protection has come a long way. This can be attributed to the rise in technology that is happening in all areas of the world.
They include the following.
1) NIGERIAN DATA PROTECTION REGULATION(NDPR)
The NDPR is the pioneer regarding data privacy laws in Nigeria and this regulation applies to all storage and processing of personal data done regarding residents of Nigeria as well as Nigerians located abroad. Under this law, personal data must be processed following a specific, legitimate and lawful purpose consented to by the data subject. The NDPR was issued by the National Information Technology Development Agency (NITDA), And it aligns itself with the provisions of the General Data Protection Regulation (GDPR). The objectives of the NDPR include:
• The protection of personal data
• Promotion of data privacy
• Regulation of data processing
• Facilitates cross-border data transfers.
• It aims to promote transparency.
2) NIGERIAN DATA PROTECTION ACT(NDPA)
This act was enacted to safeguard the fundamental rights and interests of data subjects as contained in the constitution of the Federal Republic of Nigeria. Under this act, the Nigeria Protection Commission was established as the supervisory and regulatory body for data protection in Nigeria. The objectives of this act include.
• The protection of personal information
• To establish the Nigeria Data Protection Commission
• To promote data processing practices that safeguard the security of personal data and the privacy of data subjects.
• To protect the data subject's right
• To provide means of recourse and remedies in the event of a breach of data subjects' rights.
• Strengthening the legal foundations of the national foundations of the national digital economy
The Data Protection Act received presidential assent on the 13th day of June 2023.
Other subsidiary legislations in Nigeria regulate data privacy and protection which include:
a) Implementation Framework for the Nigeria Data Protection Regulation
b) Guidelines for the Management of Personal Date by Public Institutions in Nigeria
c) a) The Constitution of the Federal Republic of Nigeria 1999
SECTORAL LAWS ON DATA PRIVACY
Sectoral laws are those laws which guide specific industries or sectors, such as the healthcare sector, the finance sector, or even the energy sector. These laws are promulgated to address the rules, risks and also challenges affecting that area of the economy or the world.
There are also sectoral laws which include.
A) Consumer Code of Practice Regulations 2007
B) Consumer Protection Framework 2016
C) Credit Reporting Act 2017
D) Cybercrimes (Prohibition, Prevention etc.) Act 2015
E) Freedom of Information Act, 2011
F) National Identity Management Commission Act 2007
G) National Health Act 2014
H) Nigerian Communications Commission Regulation 2011
CHALLENGES/CONTROVERSIES CONCERNING DATA PROTECTION
These include the following.
1. Lack of comprehensive legislation
It will be important to note that in the last few years, Nigeria has awoken from their slumber and joined the movement of digitalization being experienced by the world. This does not mean that our existing laws cover all areas or problems with data privacy and protection.
2. Enforcement Issues
Nigeria does not have adequate enforcement agencies to ensure the enforcement of the already existing laws. Nigeria has agencies like the National Information Technology Development Agency (NITDA) that enforce the NDPR, but the resources and the effects of non-compliance do not align with the new trends and issues arising.
3. Limited Awareness
There are still various people who are not aware of the importance of data privacy and protection or that there are laws which regulate it.