Stockmarket
Stories by JONAH NWOKPOKU
Nigerians have expressed concerns over the lack of enabling laws for the protection of personal information provided for online businesses. They say there is cause for concern as there is no legislation for the protection of millions of personal information provided for online businesses on a daily basis. They fear that without such legislation, it is not certain that the online businesses will use the information for the sole purpose of business transactions and without interfering with their privacy.
Privacy fears creeping in
“Online privacy is a serious issue but no one is paying attention yet,” said Emmanuel Offie who said he uses e-commerce sites regularly.“
In fact, it is already affecting us because right now, personally I get lots of unsolicited emails and you wonder how these people get your email address. And this is not to talk of countless spam mails one receives on a daily basis,” he added.
Speaking further, he said: “If one considers the level of personal data at the disposal of these online businesses; abuse is inevitable unless there are appropriate legislations that forestall their use of these data in a certain way. But you see Nigeria likes fire brigade approach, until some very bad things begin to happen, nobody will pay attention to that sector.
For now, enacting a law is the only hope because all businesses are moving online and no one may be able to escape giving vital personal information out in the future.”
Also speaking, Kelvin Osamehon who also patronises e-commerce sites said: “Of course I do worry about the implication of those data falling into wrong hands especially in a space like the internet where regulation is almost impossible. As a matter of fact I have had to retract some of my online transactions in the past after I became concerned that leaving my personal information in their hands was risky.
So I think the bottom line is for these online business operators to do more by making sure that they remain credible and that their customers’ confidence grow in their ability to protect them even without the enabling laws.”
On his part, a Computer Scientist, Charles Edosomwan said online companies always make provision that guarantees people’s privacy and how their personal information are going to be used. He recommends that users of e-commerce sites always go through these policies before opting in.
“You know when you opt into an e-commerce company; there are always terms and conditions including their privacy policies in fine print. So, I would recommend that all those who feel concerned about their privacy and security go through the privacy policy before deciding to supply their personal information. However it is also glaring that Nigeria has not been able to come up with any cyber laws and this is because there are no regulations for the internet space.
And for you to even have a cyber law there has to be a strong government body that regulates that space and play key roles in that space. This is because it is difficult to regulate the use of these data without regulating the internet in itself. So, for the online companies, without the necessary law, it now boils down to ethics. They have to subject themselves to ethical regulations to strengthen their users’ confidence in their ability to protect them.”
However, when asked if Nigerians should have any concern for their privacy or could at any point have any reason to worry about their personal information in the hands of online businesses, an online business operator, who preferred anonymity, said privacy challenge for e-commerce is certain but that it belongs to the future.
Privacy, a challenge for the future
He said: “The issue of privacy may not seem to be an issue in our context now as a developing country but it will certainly be in the future. This is because, as the society gets more sophisticated technology wise and more people get education and escape the trap of poverty, there will increase the need for not only businesses to compete for these data not just for marketing purposes but also for profit.
The amount of data you have as a business will definitely determine your bottom line. This in turn makes these businesses very powerful. Imagine what it means to have access to names, contact address and mobile phone numbers of millions of people?
“So if you ask me, whether Nigerians should be concerned? The answer is both yes and no. Yes because at some point, giving the level of hacking these days, businesses cannot be careful enough. A server breach for instance can result to massive and injurious loss of vital personal data. But then this means that businesses have to take extra precaution to make sure this does not happen since their reputation depends on it.
“On the other hand, the answer is no because in an organised society, there is always a supreme authority that sees to everyone’s protection. And that is where the law comes in. It is important and urgent that Nigeria develops legislation to guard against any form of breach to privacy or security that may result from electronic business transactions and that these companies stick to the use of personal information for business purposes only.”
The complex issues of privacy in e-commerce
Privacy in e-commerce is a complex issue for most e-commerce ventures all over the world today. While these ventures may not be interested in profiling personal data, it is indeed impossible for them to operate without such amount of personal data that may sometimes trigger liability risks. In the developed countries where e-commerce has endured for sometimes, privacy issues resulting from gathering personal data for business purposes have
resulted to unpleasant experiences like identify theft and privacy invasion for consumers thereby throwing up bitter litigations for businesses and its resultant loss of income. These and other concerns have formed the basis for which most of these countries enacted laws to guard against unforeseen circumstances from e-commerce related activities.
E-commerce related privacy laws
Such laws include The Data Protection Directive, a European Union directive which regulates the processing of personal information within the European Union and the personal Data Privacy and Security Act US (2005 updated 2009) which provides criminal penalties for identity theft involving electronic personal data by: increasing penalties for computer fraud when such fraud involves personal data.
No e-commerce legislation in Nigeria
However, despite the growing trend of electronic commerce in Nigeria, investigation has revealed that at the moment, there is no legislation targeted at e-commerce both for consumer rights protection, personal data protection and privacy invasion resulting from unauthorised use of personal information. Over the past four years, attempts at introducing such laws have yielded little results. For instance in 2011, the electronic commerce bill was introduced at the National Assembly to cater to the exigencies of electronic transactions.
Although the bill was intended to be modelled after the United Nations model law on ecommerce, the proposed legislation had limited scope and made no specific provisions for privacy and security concerns. Instead, it made to clear the intricacies surrounding electronic contracts and signatures.
The cybercrime bill
Other legislation included the Cybercrime bill which up until 2013 was still being considered at the National Assembly. The bill sought among other things to provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria; ensure the protection of critical national information infrastructure; and promote cyber security and the protection of computer systems and networks, electronic communications; data and computer programs, intellectual property and privacy rights.
Although it made provisions along these lines, experts say, it still leaves certain loopholes that did not make for effective data protection and privacy guarantees. For instance, they argue that the bill contained no definition of what constitutes personal data, no identification of the right to privacy, no definition of what constitutes data subjects rights, and no identification of the fact that organisations can also breach data protection rules.
Others include that there was no provision for circumstances where the personal data needs to be utilised without the consent of the data subject, and no definition, or mandatory requirement of technical measures to mitigate data protection breaches.
Disclaimer
Comments expressed here do not reflect the opinions of Vanguard newspapers or any employee thereof.