By Mubarak Umar
2022 marks the third year Nigeria joined the international community to celebrate the World Data Privacy Day, an event that occurs every January 28th. The Day is used to raise awareness, promote privacy and data protection best practices. It is observed in the United States of America, Canada, and over 40 European countries since 2007.
The commemoration offers opportunities for collaboration among governments, industries, academia, nonprofit organizations, privacy professionals, educators, etc. The Day encourages compliance with data privacy laws and regulations, dialogue between stakeholders and provides a platform for global networking and local action.
The initiative, initially raised to protect government information and private sector transactions, expanded over the years to include families, consumers and all online activities after the revolution brought by digital devices. A vast majority of the people are unfamiliar with the risks involved in data processing and hardly aware of what they can do if their rights are breached.
There are approximately 108.75 million internet users in Nigeria and the figure is projected to grow to 143.26 million by 2026. According to Statista, a leading provider of market and consumer data, internet penetration stood at 51.44% of the country’s population in 2021, and will likely reach 59.92 percent by the year 2026.
The appointment of Prof Isa Ali Ibrahim Pantami (Minister of Communications and Digital Economy) as the Director General, National Information Technology Development Agency (NITDA), marked a turning point in the nation’s history of data privacy. Under his leadership, NITDA issued the Nigeria Data Protection Regulation (NDPR) 2019 applicable to public and private organizationsas to process personal data of Nigerians home and abroad.
The Regulation protects the right to privacy, ensures the right environment for digital transactions, creates jobs and improves information management practices. Working in concert with the Ministry of Communications and Digital Economy, NITDA has sustained the momentum of data privacy protection. For instance, from approximately 600 organizations that filed privacy audit report in 2020, the figure grew to at least 1230 in 2021.
NITDA DG, Kashifu Inuwa said: “In less than 2 years of active implementation of NDPR in Nigeria, we were admitted to the Common Thread Network (a Network of Data Protection Authorities of Commonwealth countries). We also got admitted as a full member of the Network of African Data Protection Authorities (NADPA). Our contribution at the Africa Union’s Policy and Regulatory Initiative for Digital Africa (PRIDA) Data Protection Laws’ Harmonization Work Group led to Nigeria being considered for inclusion in the list of countries where a developed framework for data laws harmonization was tested.”
The impact of NDPR on job and wealth creation is also remarkable. More than 7,680 jobs were created, and 5,746 Nigerians trained on NDPR in 2021. The sector is currently valued at over N4billion, using median value of audit implementation cost, according Inuwa.
Before NDPR introduction, no Nigerian entity could boast of full compliance with data protection laws. A handful of multinationals had some level of compliance imposed on them by their parent companies. The narrative changed drastically within one year. From zero compliance in 2018, Nigeria now has over 1230 organizations filing NDPR Compliance.
The place of NDPR in human rights jurisprudence have been litigated. Gladly, our courts, as the bastion of justice, have established a binding precedent to the effect that NDPR is rooted in the section 37 of the 1999 Constitution. The section provides thus: “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.”
The implication is that no data controller or data processor can shun the NDPR. See the case of Incorporated Trustees of Digital Lawyers Initiative & Ors. V. National Identity Management Commission (NIMC) CA/ IB/291/2020. It is believed that the future of work will be fundamentally different when digital machines are deployed in virtually everything that we do. Soon, Artificial Intelligence and Robotics will be a platform of innovation in Nigeria, especially in instrumenting, automating, tracking, and analyzing the core operations of businesses.
While exploring and utilizing these digital economy potentials, NITDA is always proactive in creating awareness on how Nigerians can protect their personal information. It is only when customers trust their activities online that digital economy will thrive.
To deter breach, the NDPR provides that: “Any person subject to the Regulation who is found to be in breach of the data privacy rights of any Data Subject shall be liable, in addition to any other criminal liability, to the following: a) in the case of a Data Controller dealing with more than 10,000 Data Subjects, payment of the fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira, whichever is greater; b) in the case of a Data Controller dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of N2million, whichever is greater.”
This clearly shows that NITDA, the regulatory body, is committed to protecting citizens’ data to ensure that businesses remain competitive locally and internationally. Nigeria is the only country in Africa that dedicates a full week (24th – 28th January) every year to raise awareness on data protection with series of programmes, both physically and virtually.
NITDA is playing its role in the best possible way to attract investment, open more digital job opportunities for the teeming population and support the security architecture by effectively implementing its mandate of protecting peoples’ data. With over 200 million citizens, Nigeria can tackle any prejudice or misgivings about digitization through a potent regulatory instrument on data privacy.
The effect is momentum for a sustainable digital economy. This will invariable create jobs for essential public services. It is however important for Nigerians to take ownership of the legal regulatory framework on data privacy with a view to sustaining the present administration’s effort in building an inclusive and sustainable digital economy.
Mubarak Umar writes from Abuja