June 10, 2024

Navigating data privacy challenges in Nigeria’s digital landscape

South East Development Commision

By Oluwatimilehin Folagbade

If you’re a fan of memorable quotes like I am, then you’ve likely come across the adage “Data is the new oil” coined by British Mathematician Clive Humby.

I can’t stress this enough. In today’s digital age, data is indispensable for the survival of any company, business, or entity. Even religious organizations now maintain databases of their members to better understand demographics and tailor their offerings accordingly.

That’s how crucial data has become for everyone. However, it’s essential to recognize the fine line between using data ethically and exploiting consumers’ or users’ data for personal gain. This is where data privacy challenges become a critical issue that must be addressed. Firstly, because both users and governments are concerned about it, and secondly, because any founder or product designer who takes ethics seriously should also be concerned about it.

Steve Jobs, the visionary founder of Apple Inc., articulated his views on data privacy in 2010, defining it as “…means people know what they’re signing up for, in plain English and repeatedly.” Emphasizing this further during the D8 conference, he said, “We take privacy extremely seriously,” underscoring Apple’s commitment to data privacy. Undoubtedly, if there were a Mount Rushmore for founders and product managers, Steve Jobs’s visage would be chiseled into it. Therefore, if Steve advocated for strong data privacy principles, it’s imperative for every product manager and founder to do the same.

Interestingly, in Nigeria, the exponential growth of the internet has sparked a surge in the demand for data within the Nigerian digital sphere. Over 84 million out of Nigeria’s 200 million citizens have access to the internet, hence data has become a critical asset for every business operating in Nigeria. However, the collection and storage of data present numerous challenges all over the world including Nigeria.

Data Privacy Challenges: Regulatory Compliance: In June 2023, a new data protection bill was signed into law by the Nigerian president which legalized the regulations set by the Nigeria Data Protection Regulation (NDPR). However, like most laws, these regulations are continually evolving, which can become a challenge for business and digital companies to keep up with its compliance. Interpreting and implementing these regulations can be a bit tacky even with the aid of a good lawyer, particularly for small and medium-sized companies with limited resources.

User Consent and Transparency: Ever installed an app on your phone or PC, only to be greeted by a lengthy document with an “I accept” or “I consent” button waiting below? Chances are, you didn’t bother to read through that document before clicking. If so, you’re contributing to the data privacy problem. Obtaining valid consent for data collection and processing has become increasingly challenging, especially when users often overlook the consent document outlining the information being gathered about them. Moreover, legal literacy levels in Nigeria are relatively low, making it difficult for many people to comprehend lengthy and intricate consent documents, regardless of their clarity.

Data Breachers: Arguably, this ranks among the most pressing challenges to data privacy worldwide. In Nigeria, where internet cyber fraud, commonly referred to as “Yahoo Yahoo,” has become rampant, fending off cyber-attacks has grown increasingly challenging.

Data breaches, often resulting from cyber-attacks like malware, phishing scams, and ransomware, have become all too common. Consequently, service providers and product owners bear significant financial burdens, because of the need to hire additional personnel to strengthen product security, provide comprehensive customer support to aid users in dealing with attacks and educate them on the importance of safeguarding their passwords. In essence, as long as cybercriminals persist in exploiting product vulnerabilities and taking advantage of customers’ ignorance and naivety, data privacy will continually face a formidable threat.

How to Navigate Data Privacy Challenges: While there are probably several methods to navigate these data privacy challenges, I have written below the things that come to mind with respect to the challenges I listed above.

Regulatory Compliance: Stay Informed: There is no ignorance in the law. Therefore, product managers and founders need to stay informed on any evolving data privacy regulations by monitoring the laws and regulations in case there is an update or amendment.

Implement Data Policies: There is no point in knowing the law but not obeying it. Product managers and founders need to ensure that they implement comprehensive data privacy protection policies within their organizations. These can include outlined data handling practices, privacy safeguards, and compliance measures so that no staff flaunts the policies.

• Regular Audits: I call these mock tests. Product managers and founders need to conduct audits, to ensure there are to data leakages during the collection, processing, or storage of data. Any identified gaps can be immediately spotted and corrected in time.

User Consent and Transparency: • Simplify Consent Mechanism: The impetus lies with product managers to ensure that the consent process is more user-friendly by providing very clear and concise information about the data collection process with the use of easy and plain language. I dare say options for users to read this consent mechanism in their local language be made available beyond the English language so that no user isn’t unaware of what data is being collected.

• Enhance Transparency: Product managers need to ensure that transparency is enhanced by providing full disclosure and privacy notices that outline the type of data being collected, what it is used for, how it is stored, and if any third party is involved in using them to build trust and confidence among their users.

• Educate Users: In the tech sector, it’s important for both tech founders and digital product managers to collaborate with the appropriate government bodies responsible for educating users about data privacy etiquette and laws. This collaboration ensures that users are empowered to take control of their personal information. By providing user-friendly resources like FAQs, tutorials, and interactive tools, they can enhance users’ understanding of data privacy and their rights in the digital hemisphere.

Data Breachers: • Better Cybersecurity Measures: There is no debating this, while the government works to ensure a safer internet space nationwide, it lies with product managers to ensure that their products are built with top-notch security measures which can include an encryption system, multi-factor authentication, and intrusion detection systems, to safeguard against cyber threats and prevent unauthorized access to sensitive data.

    • Employee Training: While one would expect all employees of digital companies to be trained on data sensitivity, this isn’t usually the case. Hence, it is important that digital firms conduct regular training and awareness programs to educate their employees on cyber security, data handling processes, and data protocols to prevent in-house breaches of data.

    • Incident Response Plan: Every digital firm needs to ensure that a comprehensive incident response plan is put in place to effectively detect, respond to, and mitigate data breaches in a timely manner, thereby minimizing the impact of data breaches on affected users and even the firm at large.

    In essence, navigating data privacy issues requires a collective effort beyond product managers and founders. Collaboration among tech leaders, users, and government bodies is essential to effectively address these data privacy challenges.

    And so, bringing it back home; it is noteworthy that as the Nigerian digital landscape expands, protecting our data privacy becomes a shared responsibility—one that starts with each of us united in safeguarding our personally identifiable information (PII) while also not overruling the salient fact that enterprise-wide awareness is very key in achieving this and just so every Nigerian get abreast of the need to pay rapt attention to data protection and privacy laws applicable to our country, thereby abating the data privacy challenges in Nigeria’s digital landscape.