By Na’ankwat Dariem
Globally, human activities have continued to be digitized, with almost all processes integrated into computer technology solutions. In this digitally-driven world, where personal data has become the new currency of the digital economy, the need for robust data protection measures has become critical.
In Nigeria, the journey towards inclusive data protection regulatory policies has been marked by significant milestones and determined efforts. Policies have also been formulated to ensure that the country maintains its space in the race for digitization.
The implementation framework began with the Nigeria Data Protection Regulation (NDPR) of 2019. This was followed by the establishment of the Nigeria Data Protection Bureau (NDPB) in 2022 as a subsidiary of the National Information Technology Development Agency, NITDA. These were crucial steps in the right direction.
Meanwhile, stakeholders have long anticipated more robust and enforceable legislation to regulate and address the challenges of data protection and privacy.
With increasing and evolving methods of cybercrime, alongside a corresponding increase in the use of digital platforms for daily activities, attendant risk of identity theft, piracy, cyber bullying, sextortion, hacking, among other issues, an ever-present danger has arisen.
With personal data protection laws in place, and a society that understands its implications, individuals would be greatly protected from the negative vices of the digital world.
In line with this, Nigeria’s President, Bola Tinubu, on the 14th of June, 2023, signed into law, the Nigeria Data Protection Act, 2023.
Now backed by law, the Nigeria Data Protection Commission, NDPC, replaces the Nigeria Data Protection Bureau (NDPB). The Commission has the responsibility to regulate the processing and protection of personal information of Nigerian citizens and residents.
The objective of the law is to safeguard the fundamental rights and freedoms as well as interests of data subjects as guaranteed under the 1999 Constitution of Nigeria, amongst others.
The Nigeria Data Protection Law, 2023 provides a legal framework for the protection of personal information, and the practice of data protection in Nigeria, in line with international best practices.
It focuses on such critical aspects as the processing of personal data, protection of data subjects’ rights, the establishment of a Data Protection Commission, data security, cross-border data transfers and the breach of data management.
The powers of the NDPR applied to all transactions where the processing of personal data of any Nigerian citizen residing in Nigeria or outside the country.
The enactment of a substantive agency has actually portrayed Nigeria as a country that is taking data privacy seriously. This has become more pertinent now that data privacy policies of a country are critical considerations for foreign investors.
In respect of this, the data privacy regulatory authorities of many countries including the General Data Protection, GDPR, an important component of EU privacy law and of human rights law now prohibits their private and corporate citizens from transferring or sharing data collected within their shores with countries with non-existent or ineffective data privacy laws.
The absences of stiff penalties to serve as deterrence to data breaches were also inadequate before now.
NDPC predicts an astronomical growth of the nation’s economy through its operation in Nigeria. This would increase far above its current stands of N 5.5billion naira especially in a country of over 200 million people.
Already the Commission has identified over 500,000 job opportunities in the Data Protection and Privacy ecosystem, which would ensure increased jobs creation in the digital economy sector when implemented in Nigeria.
The Nigeria Data Protection Commission, NDPC, has the mandate to check all violators, including government agencies.
This will also boost market confidence and strengthen trust, especially as the recent surge of privacy infractions and data breaches by large internet companies and loan apps in the world.
Data is evidently driving the world towards the 4th industrial Revolution with emerging technologies like Artificial Intelligence, AI, giving room for data manipulation. Strong data protection laws are needed for responsible AI development and deployment.
There is the need for sustained and effective citizens’ mobilization, advocacy and sensitization for citizens and residents of Nigeria to understand the essence of protecting their data.
This awareness could be through interpretation and translation of data privacy rights, obligations and regulations into local Nigerian languages.
The sensitization campaigns should be targeted at data subjects to educate them on their rights, and data processors to enlighten them on their respective obligations and penalties for non- compliance under the Nigeria Data Protection Act.
It is salient to partner with the National Universities Commission, NUC, and other stakeholders in the education sector to integrate the Nigeria Data Protection into the tertiary institutions curriculum for major field of study and research both at the undergraduate and post graduate levels.
NDPC should also partner with the media as well as utilize social media effectively.
Increased Funding and governmental support for the Commission as an Independent Regulatory Commission is also crucial, while it strengthens training and retraining for key players in the eco-system.
The gains and successes recorded by it can be of immense value to the country and will certainly help deepen the practice of data privacy in Nigeria for the benefits of all.