We are living in an information age where everyone owns a computer. If someone doesn’t have a desktop computer, chances are they have a smartphone, and the core technology used by these devices is the internet.
We can now communicate online, buy products, learn new things, connect with other people, and so much more. However, many of these actions require personal data, which means that various services and companies get our personal data when we use their websites, tools, apps, or services.
This personal data can be abused and used for marketing or any other purpose. It’s vital to protect this information and give internet users the option to decide whether they will let someone use their data for whatever reason. Here’s how Nigeria regulates data privacy and data laws for its citizens.
National Information Technology Agency & NDPR
The National Informational Technology Agency of Nigeria is in charge of bringing new laws and regulations related to computers and the internet. In 2019, the NITDA released the Nigeria Data Protection Regulations for the whole country.
The regulations were established by looking at the General Data Protection Regulation in Europe. NDPR has a series of regulations concerning data protection and data privacy. It addresses data processing, makes compliance mandatory, and explains that organizations need consent to process and collect data.
READ ALSO: CYBERCRIME: NCC to regulate use of internet
However, many companies in Nigeria have found it difficult to follow the new rules. NITDA has issued warnings to 100 companies, urging them to start complying with the policy. Enterprises had to supply their new privacy policies by the given deadline. However, many companies involved in aviation, betting sectors, and financial technology struggled to do this.
The new regulation also outlines all the penalties organizations face if they fail to comply with the regulations. Nevertheless, this isn’t the only policy for online data in the country, as many other laws affect data protection and privacy.
The Constitution of Nigeria
Nigeria’s constitution was created in 1999, and in section 37, it addresses data privacy and data protection foundations. It talks about the right to privacy Nigerians have in their homes, during telephone conversations, in telegraph communications, and during correspondence.
This section states that privacy is one of the most critical human rights of the Nigerian people and that all of the courts in the country should enforce laws against people when breaching privacy.
Even though the internet wasn’t widespread in Nigeria during that time, the constitution clearly says that privacy is very important, including the digital world. Before the NDPR was created, most of the data breaches both online and in the physical world were managed through this part of the constitution.
The Nigerian Communications Commission Regulation
The NCC Consumer Code of Practice has section VI, which refers to protecting consumer data within the telecommunication domain. It also says that all companies should take the necessary steps to protect their customer information against accidental and improper disclosures.
All this information shouldn’t be given to a third party unless the consumer has granted permission for this or a commission or some legal body was regulating the switch. At the same time, all of the data needs to be collected for business reasons and shouldn’t be kept any longer than required.
Cybercrimes (Prohibition, Prevention, etc.) Act
This act was introduced in 2015. It’s the foundational law for cybercrime and criminalization of privacy breaches in Nigeria. There are many things outlined within this act, but in general, it prohibits cybercrime, outlines punishments for these crimes, and gives further information on how to prevent them. It says that every service provider with consumer data at their disposal should take the necessary steps to protect it and use it responsibly.
Nigerian Freedom of Information Act
The act was introduced in 2011. In its 14th section, it talks about personal data protection. It prohibits public institutions from giving personal information to any party or individual.
The information can only be shared if the owner of that data consents to it or has previously accepted the terms of this information being public.
At the same time, this act also says that public institutions can deny access to personal information if this piece of information is privileged in some way in the eyes of the law.
The Bottom Line
Nigeria has made tremendous strides in shaping new laws and regulations for privacy and data protection. Still, even though many laws and regulations complement this protection, the only law specific for this domain is the NDPR.
All the other laws and regulations are specific to different industries, and there are many gray areas. NITDA and NDPR have made great results in terms of compliance for data privacy and protection. However, there is more work to be done.
For the most part, users protect their data themselves. In some cases, they might opt for services that require less data or have not been involved in breaches. For the overall security, many choose a VPN for anonymity.
It encrypts all web traffic, making it nearly impossible for hackers or vicious marketers to get their data. Since companies are yet to become vigilant about cybersecurity, it is best to take matters into your own hands.