Stakeholders task govt. on need of formulating central database for improving on security

NIGERIA as the most populous black nation, privacy is believed to be a fundamental human right as enshrined by the constitution. But, it is disheartening that comprehensive data protection legislation has yet to be enacted as one of the fundamental human rights, even as several government and private organizations routinely collect and process personal data.

According to the broadly phrased Section 37 of the constitution which applies to personal data protection, states ‘ the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected’.

However, the existing regulatory frameworks fall short of providing Nigerians with an adequate level of personal data protection as these frameworks fail to clearly define the level of protection afforded to the personal data collected , nor do they clearly state the obligations relating to how personal data should be handled.

Interestingly, checks revealed that Ghana has a data protection law, however, regrettably, so many organizations are collecting data and storing data, hence weakened the whole essence of the law.

Very recently, African internet stakeholders under the aegis of African Academic Network on Internet Policy, who converged at the International Institute for Tropical Agriculture, IITA, Ibadan, the capital of Oyo State to attend the maiden edition of Data Privacy and Protection conference, have jointly tasked the government on the urgent need to have a single authority that would be responsible for collecting, sharing and management of personal data so as to ensure its security, avoid multiplicity of data as well as waste of resources.

The stakeholders who averred that privacy is a fundamental human right guaranteed by the constitution, also called for the enactment of a data protection act that contains data protection principles consistent with those contained in the African Union Convention on Cyber Security and Personal Data Protection and the EU’s General Data Protection Regulation (GDPR).

The conference which was supported by Google had in attendance data protection and internet experts, students, professional bodies, government, civil society, private business representatives and other stakeholders who encouraged the Civil Society Organizations (CSOs) to engage in public interest litigation to protect privacy, raise consumer awareness about protecting their personal information and advocate for the use of privacy enhancing technologies.

Speaking at the two day conference (Monday December 4, 2017/ Tuesday December 5, 2017), the Executive Vice Chairman, Ibadan School of Government and Public Policy, ISGPP, Dr. Tunji Olaopa explained, ’we are informed from the recognition that the contributions of Africa to the growth of internet policy has been very weak and we narrow down to the unfortunate dimension of even the African researchers not really contributing to the global conversation and if you know the extent to which internet is impacting presently and to impact in the future. Our fear was that African must avoid going into another recolonization.

‘So, to that end, a roundtable was organized in May and the challenges were highlighted. It then became very imperative to assemble the leading African experts both in Africa and diaspora to organize a network which gave birth to African Academic Network. In trying to address the gaps (Policy and Research) militating against African’s contribution, we then highlight a whole lot of symmetric areas. We have started with data privacy and security’, he continued.

Dr. Godfred Frempong of CSIR Science and Technology and Research Institute, in his submission, emphasized on the importance of data, just as he described it as a prominent weapon.

He further observed that the way data is collected, managed in Africa must be looked at critically. Worried about poor harmonization of data by various governments’ authorities, Frempong added, ‘So many organizations are collecting the same personal data. For example if you are privileged to travel, the immigration authority will collect data on you, National Insurance Authority is collecting data on us, National Identification Authority is collecting data, Electoral Commission is collecting data, Driving and Vehicle Registration Authority is collecting data, the banks are collecting data, National Identity Management Commission, Integrated Payroll and Personnel for Public Servant, Sim card registration by NCC and anywhere you go, they ask you about your personal data’, he lamented.

Concerned about data security, Mr. John Walubengo from Multimedia Centre, University of Kenya expressed displeasure over the activities of private business players who collect information such as the telecom operators, mobile banking in which they computerize or save data in digital format without prioritizing its protection. ‘How do you protect this information to ensure that it doesn’t fall into wrong hands?’, he queried.

Similarly, he stressed on the need to have a framework forcing the data collectors or controllers to adapt to minimum standard of protection. ‘We need to look at data security as protecting citizens’ right and privacy, so that all citizens in Africa are able to enjoy that security of the data collector which the businesses may not prioritize’ said Walubengo.

Also contributing, the Senior Policy Manager, World Wide Web Foundation, Mrs. Nnenna Nwakanma, who highlighted various opportunities available on the internet, described data as the biggest economy with its ability to tailor marketing to individuals. ‘Who ever have data has wealth. If you talk about the biggest companies online today they are no longer software or hardware companies, but data companies’, said Nwakanma.

She however cautioned that while data has becomes a goldmine for the digital economy, it could also hurt if not well handled, both by the data providers and handlers.

Another contentious issue at the conference was privacy protection which Mrs. Tope Ogundipe, Director of Programs, Paradigm Initiative noted that should be seen first as human rights issue rather than been posited as an economic one. She charged Nigerians to ask questions on how the barrage of data they provide to agencies are kept and used. She therefore recommended that the use of data must be in accordance with the purpose for which it was collected, stressing that consent of the individual must be obtained prior to collecting his or her personal data.

Ogundipe finally added, ‘rights of the individual to seek legal remedies for misuse or unauthorized access to personal data must be guaranteed’.
With the huge success recorded at the just concluded conference, the network planned to involve more critical stakeholders to further discussion and create platforms for engagement and training of people.

The core objective, according to the stakeholders is to see a continental approach to the desired policies.

By Idowu Ayodele.