Newsletter – April, 2021
The world has rapidly approached the digital age, where technology dominates almost every aspect of human interaction. Technology is massively involved in every human’s day to day interaction that it seems as though Ray Kurzweil might have been right when he mentioned that Technology is part of humanity. Almost all of these interactions involve the transfer of data and Personal, private/sensitive data is being transmitted on a daily basis across various platforms, you are most likely sharing sensitive information on your device every time you access an unregulated web platform.
Protection of personal data has become a very sensitive issue, with the European Union [EU] adopting its General Data Protection Regulation of 2018 in response to various instances of personal data breach by major corporations. The most notable example is the Facebook-Cambridge Analytica scandal which shook the world.
Under Nigerian laws the right to privacy is protected under the constitution in Section 37 (Constitution of the Federal Republic of Nigeria 1999), and the law that most specifically deals with Data privacy and protection in Nigeria is the Nigeria Data Protection Regulations (NDPR) 2019. The regulation has been established with the primary objective of safeguarding data privacy; fostering safe conduct of transactions involving personal data and to make Nigerian institutions globally competitive and relevant. Several other Nigerian regulations deal with data protection to a limited extent such as the Freedom of Information Act (2011), The Cyber Crimes (Prohibition, Prevention Etc) Act 2015, the Consumer Protection Framework 2016 etc. But none most particularly deals with data protection like the NDPR.
The NDPR has set out a list of guidelines and requirements for all corporate organizations to follow, breach of these regulations are taken rather seriously. In 2018 for instance, Facebook was allegedly involved in a breach of data protection laws in the United Kingdom, by granting third party access to user information without sufficient consent. As a result of this allegation, a fine of £500, 000 (Five Hundred Thousand British Pounds) was imposed on Facebook by the United Kingdom Information Commissioner’s Office and its Chief Executive Officer, (CEO) Mark Zuckerberg appeared before US Congressional Committees to answer questions on the extent and implications of the breach with Congress option to explore several options including stricter legal regulations, sanctions and a possible dissolution of the company. Similarly the NDPR stipulates fines for noncompliance that rise up to N10,000,000 (ten million naira). Typically almost all corporation who deal with third party data are required to comply with the NDPR with the annual deadline for compliance being March 15th yearly [although the deadline for filing the 2021 mandatory Data Protection Audit Report by Data Controllers has been extended from 15th March 2021 to 30th June 2021 as a response to the current economic realities – covid etc] Read more