Information Technology

DATA PRIVACY LAWS AND REGULATIONS IN NIGERIA:A NECESSITY MADE BY THE RAPID TECHNOLOGICAL GROWTH

Sixtus Obiagwu
| August 26th, 2024

Data in the general parlance are facts and statistics collected together for reference and analysis but for the purpose of this work, the meaning is restricted to the concept of “Personal Data”. “Personal Data” refers to any information relating to an identified or identifiable person by which such person can be identified with. Conversely, Privacy as used here underpins the ability of a person to determine for themselves when,how and to what extent personal information about them is shared with or communicated to others.

Human being is an embodiment of data. These data ranges from their name,age, medical records, residential address, mobile number, educational address and every other information about an individual which is too personal to that individual. These data have formed a part of our existence as it is an element of an individual’s life which makes such person unique and distinguishable from another. It forms part of an individual’s identity,exists contemporaneously with the individual and even lives after them. The explosion of the technological grenade has nursed the need to protect these important aspect of human existence against the digital illegal hunters who poaches for personal data for their selfish and dubious purposes and this has necessitated different legal frameworks which operates for reasons of guaranteeing data privacy and protection. From a collective point of view on these Laws and regulations on data privacy,one can be sure to say that these regulatory and legal frameworks are built on the ideology of fostering Fairness and transparency,trust, accountability, General confidentiality,respect for humanity and protection of intellectual properties. They're put in place to give an assurance of data safety and protection of an individual's fundamental human rights. A person's data is part of his life, tampering illegally with the data is as same as tampering with the person's life because when a person's personal information gets into the wrong hands,it can be useful in perpetrating a lot of dubious acts against the person even to the extent of using it to ploy for the person's death. If so, should it not be right if I say that a protection of the Personal Data Privacy right is an assurance of a Person's Right to Life in a way no matter how minute?

LEGAL FRAMEWORKS ON DATA PRIVACY IN NIGERIA.

Law is said generally to be a tool for social engineering. This is raising the opinion that the law exists in a contemporary pace with the society. The Law should remain stagnant if the society is stagnant but the law should not be left behind by the society;it is bound to grow with the society. The growth of the society introduced the emergence of technology. Technology is a great tool for innovation as long as it is used in a right way but this tool can serve a negative purpose if wrongly used and data privacy is one of the areas where technology can work awesomely distasteful. Technology in the data sector is commendable for its contribution to making data collection,data processing and analysis and data storage easy and dependable but with it,a great harm can be done to personal data. In the bid to manage and curtail the damages done on individual’s data with the help of technology, different regulatory and legal frameworks have been put in place to regularize the use and handling of an individual's data and these Legal frameworks includes:

THE CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIA 1999 (As Amended)(Herein referred to as “The Constitution”):

The Constitution has been described as the grund norm of the federation. It is the font et Origo and just as Dragne. L. described it in his work “Supremacy of the Constitution”,it is the law at the top of the pyramid and it is the source of all other documents and legal regulations. This nature of the Constitution has places it at a very respectable perspective and has empowered it to lay a foundation from which every other laws can be built. Data privacy is not left out on this extractive opportunity and foundational privilege given to the Constitution as Sec. 37 of the Constitution provided the Right to Private and Family Life as a fundamental human Right. It is from this foundational feet of the Constitution that every other laws and regulations on Data Privacy and Protection evolved.

There were however controversies as to whether “Personal Data” is part of the subjects afforded Privacy right by the Constitution. These controversies were sparked by the consideration of the Canon of interpretation which opined that the express mention of one thing is the exclusion of the other. In applying this Canon to the Provisions of Sec. 37 of the Constitution,elements mentioned by it includes “Home”, “telephone conversation”, and “Telegraphic Communication”. The concept of “Personal Data was not even mentioned. This concern is understandable to an extent but an introspective view of the Court of Appeal into this legal problem in the case of Incorporated Trustees of Digital Right Lawyers Initiative V National Identity Management Commission (2021) LPELR-55623(CA)supplants that opinion and buried the controversy. While relying on the Case of  Nwali V EBSIEC(2014) LPELR-23614(CA), the Court Per Mohammed JCA emphasized heavily that the trial Court was right when it held that the “Right to Privacy” as used in the Constitution is not restricted to citizen’s home but extends to anything that is Private and personal to him including his personal Data. From the foregoing,one will find it easy to believe that the Constitution is the principal legislation on Data privacy in Nigeria.

NIGERIA DATA PROTECTION REGULATIONS,(2019)-NDPR.

The Constitution in a very tremendous way has made provision recognizing the need to protect personal data yet, there is still a loop in that protection afforded by the Constitution through which the greatest thing feared to be a threat to personal data can infiltrate. There was no legal or regulatory framework on data Privacy. Although prior to this technological advancement and explosion, absence of this regulatory framework was not really felt. The risks were manageable up until technology happened. In order to ensure that the spirit of the Constitution is preserved, the National Information Technology Development Agency (NITDE) made a regulation in 2019. This regulation is christened Nigeria Data Protection Regulation. This regulation spelt out a guideline which regulates the handling of personal data of a Nigerian citizen whether in Nigeria or outside Nigeria. This regulation is a subsidiary legislation since it was not made by a body responsible for making laws in Nigeria which is the legislature but an Act made by the Legislature which established the National Information Technology Development Agency vis; National Information Technology Development Agency Act,2007(As amended 2022) authorized the National Information Technology Development Agency to make regulations on Data Privacy. This regulation is enforceable but it made no provision for a regulatory body which will monitor the enforcement of the regulation. In order to meet this demand for a regulatory body,the erstwhile President of Nigeria,Mohammadu Buhari in 2022 constituted a committee known with Nigerian data protection Bureau to carryout the role of supervision of the enforcement of the regulation but the problem with this committee is that it lacked a Legislative backing,being a law establishing the committee.

Not minding this deficiency,it is paramount to know that under the Nigeria Data Protection Regulation,2019, the concept of data processing is construed to mean data collection and data analysis. It places a responsibility on the data collector to seek and obtain consent of the data subject before processing the data, otherwise it becomes unauthorized data usage. This is clearly captured by Paragraph 5 of the NDPR,2019. It also imposes on a data collector the responsibility of ensuring that collected data is accurately secured by putting in place security measures which will help to protect information from unauthorized Access. The regulation mandates every organization dealing with individual's data to appoint a Data Protection Officer who shall oversee data protection compliance in the company, assess data protection impact and inform appropriate authorities in case of a breach. This appointment function is housed by paragraph 3.4 of the NDPR.

NATIONAL INFORMATION TECHNOLOGY DEVELOPMENT AGENCY ACT,2007.

This Act precedes the NIGERIA DATA PROTECTION REGULATION,2019 as it is an enabling Act to the said regulation. The primary aim of this Act is the establishment of the National Information Technology Development Agency which regulates the information and telecommunication sector including Personal Data in Nigeria. It further mandates the National Information Technology Development Agency to regulate Data Collection,Data processing and Data storage. This charge on this agency yielded the Nigeria Data Protection Regulation (NDPR),2019 which we already discussed above. This Act was however amended recently in 2022.

CYBERCRIME(PROHIBITION , PREVENTION E.TC)ACT,2015.

This was enacted in 2015 with aim of regulating the Cyber environment and to ensure that the technology which came to salvage humanity from the shackles of obsoletion does not become an instrument of fraud and a tool of threat to the Cyber safety of individuals. This Act is built on the core principles of Protection of personal data and information, Prevention of Cybercrime and cyber attacks, assuring the privacy rights of citizens, technology neutrality, international cooperation, National security and guaranteeing human rights.

However,it plays a significant card in the data Privacy regulations as it made beautiful and handsome provisions which ensures that personal data is not abused in the Cyber space. Sec. 1 of the Act while outlining the objectives of the Act made particular reference to the protection of data and privacy rights of individuals as one of the foundational objectives of the Act. This is factual enough to tell us that data privacy and protection is one of the primary considerations of the Act. In furtherance of this objective, Sec. 3 of the Act gives a direction on the protection and privacy of National data as it prohibits unauthorized access to devices and systems housing personal or National data. Sec. 12 on the other hand made provision for unlawful interception. This Section criminalizes the Act of unlawfully intercepting any data and this is an advancement made to further the objectives of the Act in protection of personal data. So many other provisions of the Act together with the mentioned ones works in unity to ensure that personal data and privacy rights which its origin is traceable to the Constitution is adequately safeguarded.

NIGERIA DATA PROTECTION ACT,2023.

This Act is considered as a primary legislation made on data protection and Data Privacy. This consideration is made due to its particularity to Data Privacy and Protection. From the objectives of the Act clearly spelt out in Sec. 1,it has come to array the problem of Data insecurity as it serves as an augmentation to the Constitutional assurance of data Privacy. The subsequent sections however made provisions for the scope of application of the Act. One of the significant milestones of this Act is the creation of a regulatory body,backed by the statute, responsible for monitoring the implementation of Data Privacy and Protection Regulations and Laws in Nigeria. Sec. 4,5,6 & 7 of the Act establishes the commission,outlined their responsibilities and powers. Following the provisions of this Act,the regulatory body in charge of data Privacy and Protection in Nigeria is the “Data Protection Commission”. This Act has given a great assurance of data security in Nigeria. It is noteworthy that this Act was signed into Law by President Bola Ahmed Tinubu. There are other regulations and laws that made particular provisions on Data Privacy such as FREEDOM OF INFORMATION ACT which grants citizens the right to access information held by public institutions while also protecting personal information,The CONSUMER CODE OF PRACTICE REGULATIONS  which regulates the telecommunication companies and makes provisions for consumer Data Protection, NIGERIA COMMUNICATIONS ACT,2003 and a litany of regulations made in furtherance of data protection.

CONCLUSION:

Personal Data is one of the deciding factors of an individual. All our lives are governed by our individual data. Take that away,many things will fall off the coast. Our personal data is a means of identification. It builds our identity and makes us unique. It is called personal data due to how valuable it is to our person and existence. Such information about us if not managed with care can cause financial, social, emotional and some personal consequences and adverse impacts. It can in most cases cost us our lives. On this basis and being so much conscious about the development brought about by technology and the potential harms it can bring, there's a need to ensure Data Security and this can be achieved through strict and stringent compliance to the regulations and laws put in place to regulate Data usage and management. Individuals whose consent is sought for the usage of their personal data should ensure that the purpose for which the data is required is adequately spelt out to them and communicated to them in a better language which they can easily comprehend. Through public enlightenment, individuals Should be informed that the privacy of their personal data is a fundamental human rights which is adequately safeguarded by the Constitution and also enforceable. They shouldn't hesitate to go against anyone who infringes this right. By doing so,a sense of responsibility is instilled in Data subjects as they'll see this data safety as not only the duties of the regulatory bodies thereby keeping them on the lookout for their personal data. Personal Data also should be encrypted with passwords to restrict unauthorized access. We shall not decry technology for the pain it's capable of causing us neglecting its contributions in making our world habitable. It is our collective responsibility to build a barrier against these adverse impacts of technology but while building this barrier, always ensure that there's an accessible and a well guarded loop through which you can exploit the glories of technology. Your personal data is your property,guard it as you guard your life.


Sixtus Obiagwu
Author

Sign up for our Newsletter

Join our newsletter and get resources, curated content, and design inspiration delivered straight to your inbox.

Related Post