Data Privacy Day: Celebrating Citizen’s Right to Privacy And Protection in Nigeria
By Mubarak Umar
TECHDIGEST – 2022 marks the third year in which Nigeria will be joining the international community to celebrate the World Data Privacy Day – an international event that occurs on January 28th of every year. The purpose of Data Privacy Day is to raise awareness, promote privacy and data protection best practices. It is currently observed in the United States of America, Canada, and over 40 European countries since 2007. The international celebration offers opportunities for collaboration among governments, industries, academia, nonprofit organizations, privacy professionals, educators, etc
As a global event, Data Privacy Day encourages: compliance with Data Privacy laws and regulations; dialogues among stakeholders interested in advancing data protection and privacy and provides a robust platform for global networking and local action on mutually cherished principles of data privacy.
The initiative that was initially on raising awareness to protect information of government and private sectors’ business transactions, expanded over the years to include families, consumers and all online activities as a result of revolution brought by digital devices.Of a truth, a vast majority of our people are generally unfamiliar with the risks involved in data processing. In the same vein, they are hardly aware of what they can do if they consider that their rights have been breached. .
There are approximately 108.75 million internet users in Nigeria and the figure is projected to grow to 143.26 million by 2026. According to Statista, a leading provider of market and consumer data, internet penetration stood at 51.44% of the country’s population in 2021, and will likely reach 59.92 percent by the year 2026.
The appointment of Professor Isa Ali Ibrahim Pantami, (now Minister of Communications and Digital Economy) as the Director General, National Information Technology Development Agency (NITDA), marked a turning point in the history of data privacy in Nigeria. Under his leadership, NITDA issued the Nigeria Data Protection Regulation (NDPR) 2019. It applies to both the public and the private organizations as they process personal data of Nigerian citizens and Nigerian residents anywhere in the world. The Regulation is aimed at protecting the right to privacy, creating the right environment for digital transactions, job creation and improving information management practices in the country.
Working in concert with the Federal Ministry of Communications and Digital Economy, NITDA has sustained the momentum of data privacy protection in Nigeria. For instance, from approximately 600 organizations filing privacy audit report in 2020, Nigeria now has at least 1230 organizations in 2021.
The incumbent Director General of NITDA, Kashifu Inuwa, CCIE, memorably shared Nigeria’s strides in the international community thus: “in less than 2 years of active implementation of NDPR in Nigeria, we were admitted to the Common Thread Network (a Network of Data Protection Authorities of Commonwealth countries). We also got admitted as a full member of the Network of African Data Protection Authorities (NADPA). Our contribution at the Africa Union’s Policy and Regulatory Initiative for Digital Africa (PRIDA) Data Protection Laws’ Harmonization Work Group led to Nigeria being considered for inclusion in the list of countries where a developed framework for data laws harmonization was tested.”
The impact of NDPR on job and wealth creation is also remarkable. 7,680 jobs were created, and 5,746 Nigerians were trained on Nigeria Data Protection Regulation (NDPR) in 2021. The sector is currently valued at N4,080,000,000, using median value of audit implementation cost, according to the Director General of NITDA, Kashifu Inuwa, CCIE.
Before the introduction of the NDPR, no Nigerian entity could boast of full compliance with data protection laws. A handful of multinationals had some level of compliance imposed on them by their parent companies. The narrative changed drastically within one year. Fromzero compliance in 2018 Nigeria now has over 1230 organizations filing NDPR Compliance.
The place of NDPR in human rights jurisprudence have been litigated in our courts. Gladly, our courts, as the bastion of justice, have established a binding precedent to the effect that NDPR is rooted in the section 37 of the 1999 Constitution. The section provides thus: The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected. The implication of this is that no data controller or data processor can wish away the NDPR. See the case of Incorporated Trustees of Digital Lawyers Initiative &Ors. V. National Identity Management Commission (NIMC) CA/ IB/291/2020.
It is believed that the future of work will be fundamentally different when digital machines are deployed in virtually everything that we do. Soon, the new machines: Artificial Intelligence and Robotics will be a platform of innovation in Nigeria, especially in instrumenting, automating, tracking, and analyzing the core operations of businesses.
While exploring and utilizing these digital economy potentials, NITDA is always proactive in creating awareness on how Nigerians can protect their personal information. It is only when customers trust their activities online that digital economy will thrive.
To deter breach of data privacy, NDPR provides that: “Any person subject to the Regulation who is found to be in breach of the data privacy rights of any Data Subject shall be liable, in addition to any other criminal liability, to the following: a) in the case of a Data Controller dealing with more than 10,000 Data Subjects, payment of the fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira, whichever is greater; b) in the case of a Data Controller dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million Naira, whichever is greater.
This clearly shows that NITDA, acting as Nigeria’s data regulatory body, is committed to protecting citizens’ data to ensure that Nigerian businesses remain competitive locally and internationally.
Nigeria is the only country in Africa that dedicates a full week 24th – 28th January of every year to raise awareness on data protection with series of programmes, both physically and virtually.
NITDA is playing its role in the best possible way to attract investment, open more digital job opportunities for Nigeria’s teeming population and support the security architecture by effectively implementing its mandate of protecting peoples’ data.
The implication of the foregoing is that Nigeria with over 200 million citizens can tackle any prejudice or misgivings about digitization through a potent regulatory instrument on data privacy. The resulting effect is momentum for a sustainable digital economy. This momentum will invariable create jobs for essential public services. It is however important for Nigerians to take ownership of the legal regulatory framework on data privacy with a view to sustaining the present administration’s effort in building an inclusive and sustainable digital economy.
Mubarak Umar writes from Abuja