A CRITICAL STUDY OF THE LEGAL REGIME FOR DATA PROTECTION IN NIGERIA
Abstract
The thesis examines the legal protection of data privacy in Nigeria. Investigating this issue is crucial in the wake of the rise in data processing activities as a result of the relative advances in technology that challenge human rights. Generally, the right to data privacy emerged because of the need to protect individuals from risks resulting from the automated or manual processing of their personal information.
The thesis, therefore, argues that the extant legal framework in Nigeria is manifestly inadequate to effectively protect individuals from the threats resulting from the processing of their personal information. This view is held based on an analysis of the major data privacy issues in Nigeria today and a review of the current legal regime.
Thus, scholarship that contends that there is insufficient processing in the country which is a reason why data privacy right is neglected is challenged. In carrying out this study, the focus is placed on the constitutional and statutory mechanisms for data privacy protection… (Scroll down for the link to get the Complete Project Material)
INTRODUCTION
Lately, developing countries like Nigeria are beginning to experience, first-hand, the myriad issues brought about by personal information. Firstly, personal data/information is now an extremely valuable commodity which has been aptly described as the lifeblood and basic currency of the information economy. This has made it increasingly sought by various entities without, in many cases, regard to the rights of the individuals who are the subject of the data. Secondly, there is a difficulty in comprehending the exact purpose or value of data protection in African countries (in general) and Nigeria (in particular).
According to Makulilo, data protection in African countries is basically perceived as being confined to economic purposes and this has been a driving force in enacting data protection laws across Africa. This is problematic from the perspective of human rights because an individual’s personal information is an embodiment of, or a facet of, his/her personality since it is capable of telling a story about him/her.
The threats to individuals brought about by the processing of their personal information (also referred to as the personal information or data processing problem) is usually discussed in relation to technological developments, although scholars, like Purtova, contend that this problem is also motivated by institutional, market and societal developments. Without a doubt, the on-going digitalization of many African economies, especially that of Nigeria, makes this investigation focused largely on the effects of advances in technology on the data protection of individuals. This by no means, however, undermines other developments identified by Purtova.
The internet and other ICTs are now inevitable tools in the lives of many people in Nigeria. This view is justified by the fact that Nigeria has one of the highest populations of internet users in the world. The Nigerian Minister for communication technology recently stated that the country had recorded a fifty two percent (52%) internet growth rate and a rapid increase in the ‘adoption and use of ICTs to automate some operations and processes of government Ministries, Departments and Agencies.’ Similarly, Nigeria has recently been described ‘as a country with the highest potential for Information and Communication Technology. investment on the African continent.’… (Scroll down for the link to get the Complete Project Material)
Statement of Problem
Nigerian policymakers are yet to understand the human rights implications of the unfair and unlawful processing of the people’s personal information. Data protection is yet to be given significant attention in Nigeria in spite of the considerable global interest it has gained. There is still no coherent legal regime for the protection of data protection as narrowly construed. This is so in spite of the rising incidents of identity thefts and data breaches.
The extant legal framework, which merely protects secret or private information, arguably cannot cope with the modern-day ‘personal information problem’ which affects the public as much as the private information of individuals. From this perspective, while the interest of individuals in protecting ‘their hidden worlds’ cannot be undermined, there are contemporary threats to their personal information which goes beyond threats to its privacy.
Thus understood, personal information, which may not necessarily be secret or confidential, also deserves independent protection because of the power it holds over individuals. This state of affairs, therefore, calls for profound legal reforms in this area. Policymakers in Nigeria, however, appear to be at a loss as to how such reforms should take place… (Scroll down for the link to get the Complete Project Material)
Research Objective
This study acknowledges existing works on data protection in Nigeria and adds a new dimension to this literature by looking at data protection from a strictly human rights perspective (based on the value of its human right).
CONCEPTUAL REVIEW
Data Protection
A term recently increasingly being used is ‘data protection’. Although no recent data protection instrument has adopted the term, it seems that ‘data protection’ is the current preferred term as shown in the recent literature of renowned scholars, like Kuner, Bygrave, Greenleaf, Makulilo. Bygrave explains his preference for data protection over privacy or data protection. He argues that it reduces the over-inclusion problem associated with the term ‘privacy’, and it communicates better the central interests at stake.
The term ‘data protection’, furthermore, ‘provides a bridge for synresearch projecting European and non-European legal discourses’. Because of Bygrave’s logical and convincing argument, and other reasons that will emerge later, this research project adopts the term ‘data protection’ rather than ‘(information) privacy’ or ‘data protection’… (Scroll down for the link to get the Complete Project Material)
- History of Data Protection in Nigeria
The right to data protection has enjoyed a very rapid growth within a relatively short period of time and is also in a constant state of flux. It has evolved from a mere issue being considered by a few countries and international institutions to a topic that generates considerable debate worldwide. Despite its relative infancy, it has attracted significant scholarly attention.
Several instruments at various levels have helped shape the different aspects of the right to data protection. Paradoxically, most of these instruments are ‘mere’ soft laws. This part of the chapter considers these instruments. It also presents an updated discussion on recent developments with regard to these instruments. The intention is not to consider all the available legal instruments on data protection. Rather, instruments that have played the most significant role in the emergence and development of the right to data protection will be discussed.
A detailed analysis of the provisions of these instruments will also not be carried out as that is beyond the scope of this chapter. The significant role played by Europe is particularly noted hence the bulk of this section will focus on the European initiatives.
Forms of Data Protection
For the purpose of realizing the right to data protection, four main forms, identified by scholars, have been adopted in different jurisdictions. They are the comprehensive, the sectoral and the self-regulation approaches as well as the use of Privacy by Design (Ph.D)… (Scroll down for the link to get the Complete Project Material)
- Comprehensive approach or government regulatory approach
In a comprehensive approach, the government plays the major role in the regulation of data processing activities. An omnibus law which regulates the processing of personal data is enacted by the state. The law is made in such a way that it provides for very broad principles which cover all sectors of processing of personal data. The provisions of the law are enforced by a particular institutional body, usually, a public authority generically referred to as a DPA.
This body performs an array of functions which include enforcement, oversight, investigatory and monitoring function. The DPA in most jurisdictions that adopt the comprehensive approach is also responsible for educating and enlightening the public on various data protection issues. The role of a DPA in a comprehensive approach is indeed crucial… (Scroll down for the link to get the Complete Project Material)
METHODOLOGY
In an attempt to answer the main objective of this study, a desk research or ‘library-based’ method is adopted. This means that both primary and secondary sources will be used for the purpose of the study. Primary sources that will be consulted are international and regional data protection instruments, constitutional provisions… (Scroll down for the link to get the Complete Project Material)
DATA ANALYSIS AND DISCUSSION
Introduction
Apart from the above stated laws that partially regulate the processing of personal data, other laws also have provisions which protect data protection. These laws are, however, of very limited application as they apply only to particular sectors or specific activities of data processing. Some of these statutes include: the Evidence Act, the Nigeria Postal Service (NIPOST) Act, Wireless Telegraphy Act and the Telecommunications and Postal Offences Act. This section will not consider the provisions of these laws in detail for two reasons. Firstly, they are of extremely limited application and secondly… (Scroll down for the link to get the Complete Project Material)
Freedom of Information Act (FOIA) 2011
In a bid to ensure greater transparency and accountability in governance, the Nigerian government enacted the Freedom of Information Act 2011 (FOIA). The FOIA makes public records and information available and provides public access to records and information. The Act protects public records in a way consistent with public interest and protection of personal privacy. In relation to data protection, the FOIA provides that a public institution must deny an application for information that contains personal information. The provision further gives examples of such personal information which should not be accessible to the general public… (Scroll down for the link to get the Complete Project Material)
Gaps and Challenges in Protection of Data in Nigeria
In discussing the extant legal and institutional framework on data privacy protection in Nigeria, some specific issues and challenges associated with them were analysed. This section takes the discussion further by considering the general challenges of data privacy protection in Nigeria. The issues and challenges considered in this section are of a more practical nature and constitute a summary of the reasons for the deficient legal regime in Nigeria.
SUMMARY, RECOMMENDATIONS AND CONCLUSION
This study has basically investigated how data privacy can be protected effectively in Nigeria. The issue is topical in the wake of the rapid advances in Information and Communication Technology (ICT) in Nigeria and its desire to take human rights protection to the next level because of its maturing democracy. The study, therefore, proceeded from certain key assumptions based on the current data privacy literature. One such assumption is that data privacy is a fundamental human right which is beginning to distinguish itself as an independent human right… (Scroll down for the link to get the Complete Project Material)
In light of the various issues on data privacy protection raised in chapters one, two and three, and based on lessons obtained, the research recommends several measures as the way forward for the effective protection of data privacy in Nigeria. These measures are:
- The need for data privacy to be recognized as a human right and to be constitutionally entrenched
The first and indeed most important way in which effective data privacy can be realised in Nigeria is that data privacy should be recognised as a human right. It has been stated in the previous chapters that, although data privacy has its commercial dimension, the human rights perspective appears to be dominating contemporary discourse on the subject. With all these debates and the fact that even key officials of the UN have recognised data privacy as a human right, the Nigerian government needs to approach data privacy from this standpoint… (Scroll down for the link to get the Complete Project Material)