THE CONCEPT OF ‘PERSONAL DATA’ IN THE NIGERIAN DATA PRIVACY LAWS

Authors

Keywords:

Privacy Laws, Legislation, Personal data, Data owners, Database

Abstract

The UNCTAD in 2018 ranked Nigeria as the largest e-commerce market in Africa, in terms of number of shoppers and accruing revenue, against the observation of the World Bank Group that ‘digital financial services’ potentials remained untapped despite the large share of unbanked population. Against this background, the Nigerian government developed series of policies and strategies to harness the anticipated potentials of the Nigeria digital environment by providing personal data into various databases. This official approach triggered the need for a balancing of the equities of ‘data owners’ and ‘data collectors.’ Against this backdrop, the authors argued that dominant liberal response to the increasing discrepancy in digital power should and ought to provide a veritable plank for greater government regulation and oversight. Flowing therefore, the paper considered questions of ‘ownership and control of personal data in Nigeria,’ against the backdrop of lack of transparency in data collection, trade in personal data and power inequality in the digital economy. The authors evaluated the concept of personal data and the consequences for breach of the privacy of personal data in ‘twelve data privacy related legislative instruments in Nigeria,’ and concluded that the examination of the constitution and twelve data privacy related laws is tilted in growth in stages and that these two instruments that deal specifically with data protection are subsidiary legislations which pre-dated the specialized legislation. The authors maintained the need for a systematic alliance between legal and technical experts, in order to have effective regulations devoid of digital exploitation.

Author Biographies

Professor of Law & Doctoral Advisor, Igbinedion University

Doctoral Advisor and Head, Department of Public & International Law-Igbinedion University College of Law Okada. Author could be contacted at anya.kingsley@iuokada.edu.ng and www.anya-kingsley-anya.com  //        https://orcid.org/0009-0004-5549-1852

 

Barrister Olugbemi Jaiyebo

MPhil/Doctoral Candidate, College of Law of Igbinedion University School of Post Graduate Studies and Research Okada

References

<https://technext24.com/2021/08/26/nigerias-data-usage-hits-205880-terabytes-representing-202-rise-in-3-years/>

<https://technext24.com/2021/03/02/nigerians-consume-over-80-million-gigabytes-of-data-per-month-despite-paying-more/>

Observation made by the Nigerian Minister of Communications and Digital Economy. <https://dailytrust.com/nigeria-records-200-rise-in-data-generation/>

Preamble to the Nigeria Data Protection Regulation 2019

Preamble to the Nigeria Data protection regulations 2019

Lukman A Abdulrauf & Charles M Fombad, ‘Personal Data Protection in Nigeria: Reflections on Opportunities, Options and Challenges to Legal Reforms’ (2016) 38(2) Liverpool Law Review 1 @ 4

Adekemi Omotubora and Subhajit Basu, ‘Next Generation Privacy’ (2020) 29(2) Information & Communications Technology Law 151 @ 155 Available at: https://doi.org/10.1080/13600834.2020.1732055

[Hereafter, the NDPR] cf. to the European Union General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679

Comparing privacy laws. See GDPR v. Nigeria Data Protection Regulation. One Trust Data Guidance

Samuel D. Warren & Louis D. Brandeis The Right to Privacy Harvard Law Review, Vol. 4, No. 5 (Dec. 15, 1890), p. 193 @ 195 Available at: https://www.jstor.org/stable/1321160

National Digital Economy Policy and Strategy (2020-2030) Federal Ministry of Communications and Digital Economy Abuja. P. 33

See Paragraph 1.2 of the Guidelines for the Management of Personal Data by Public Institutions in Nigeria, NITDA 2020

Children's online privacy and freedom of expression: Industry toolkit. New York. UNICEF (2018)

Juliane Kokott and Christoph Sobotta, The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR International Data Privacy Law, 2013, Vol. 3, No. 4 p. 222

a) Safeguard the rights of natural persons to data privacy; b) foster safe conduct for transactions involving the exchange of Personal Data; c) prevent manipulation of Personal Data.

Lee A. Bygrave, Privacy and Data Protection in an International Perspective, Stockholm Institute for Scandinavian Law & Lee A Bygrave 2010 p. 168

Uche Val Obi, et al An overview of data privacy and data protection law in Nigeria. The Gravitas Review of Business & Property Law 2019 Volume 10 Issue 4 Page 1 @3

Lee A. Bygrave, op. cit. @ p. 168

Alex B. Makulilo “A Person Is a Person through Other Persons”—A Critical Analysis of Privacy and Culture in Africa. Beijing Law Review, 2016, 7, 192 @ 196 Published Online September 2016 in SciRes. http://www.scirp.org/journal/blr http://dx.doi.org/10.4236/blr.2016.73020

Adekemi Omotubora and Subhajit Basu, op. cit. @ 157

Jeffrey Ritter & Anna Mayer, 'Regulating Data as Property: A New Construct for Moving Forward' (2017-2018) 16 Duke L & Tech Rev 220 @ 222

Jessica Litman, 'Information Privacy/Information Property' (2000) 52 Stan L Rev 1283 @ 1288

Ibid.

Jeffrey Ritter & Anna Mayer, op. cit.

Lukman A Abdulrauf and Charles M Fombad, ‘Personal Data Protection in Nigeria: Reflections on Opportunities, Options and Challenges to Legal Reforms’ (2016) 38(2) Liverpool Law Review 1 @ 7

Olomojobi, Yinka, Right to Privacy in Nigeria (October 31, 2017). Available at SSRN: https://ssrn.com/abstract=3062603 or http://dx.doi.org/10.2139/ssrn.3062603

Section 3 (2) (2) of the Registration of Persons and Contents of the National Identity Database Regulations, 2017

Sections 4 & 5 of the Nigerian Communications Commission (Registration of Telephone Subscribers) Regulations, 2011

[Hereafter, the Prohibition, Prevention, Etc. Act 2015]. See particularly section 3.

Article 2 (1) (a) (i) of the Regulation

Article 9 (1) of the Nigerian Communications Commission (Registration of Telephone Subscribers) Regulations, 2011

Jeffrey Ritter & Anna Mayer, 'Regulating Data as Property: A New Construct for Moving Forward' (2017-2018) 16 Duke L & Tech Rev 220 @ 227

Article 2(1)(a)(ii) of the Regulation

Paragraph 2.7 of the Regulation

“A party” shall include directors, shareholders, servants and privies of the contracting party. See Article 2.4 © of the Regulation

Record shall include report of public records and reports in credible news media. See Article 2.4 © of the Regulation.

NITDA and the Attorney General of the Federation are to supervise transfer of personal data to foreign countries and international organizations. Where no decision is made by either supervisory agent, the transfer could still occur in one of six instances. See Article 2.11 and 2.12 of the Regulation.

Paragraph 2.4 of the Regulation

See section 10 (2)(3) of the Nigerian Communications Commission (Registration of Telephone Subscribers) Regulations, 2011

This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. See Paragraph 3.1 (15) of the Regulation

NIGERIA Digital Economy Diagnostic Report. The World Bank Group Washington DC 2019 p. 14

Alfred Mavedzenge The Right to Privacy v National Security in Africa: Towards a Legislative Framework which Guarantees Proportionality in Communications Surveillance. African Journal of Legal Studies , Volume 12(3), 2020, Pp 360 @375. Available at: https://brill.com/view/journals/ajls/12/3-4/article-p360_7.xml

Paul Galinje JCA (as he then was) in Tega Esabunor (Suing by his next friend Mrs. Rita Esabunor) v. Dr. Tunde Faweya & Ors. [2008] 12 NWLR (Pt. 1102) 794 @ 810, quoting Ayoola JSC in Medical and Dental Practitioners Disciplinary Tribunal v. Okonkwo (2001) 7 NWLR (Pt.711) 206

Deborah Lupton How do data come to matter? Living and becoming with personal data. Big Data & Society July–December 2018: 1–11 Available at: DOI: 10.1177/2053951718786314 journals.sagepub.com/home/bds

Duty as a matter of fact, implies the obligation imposed on and not necessarily the sanction aspect. However, the sanction aspect of duty is reflected in most of the legislations appertaining to privacy and protection of data.

Article 2 (2) of the NDPR

a) With the express permission of the customer, b) As required by the CBN and other regulatory bodies; c) Where there is a court order; d) In pursuance of public duty/interest. See Paragraph 2 of the CBN Consumer Protection Framework 2016

(2001) 7 NWLR (Pt.711) 206 @ 237

Jessica Litman, 'Information Privacy/Information Property' (2000) 52 Stan L Rev 1283 @ 1312

Everyone has the right to the protection of personal data concerning him or her.

Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.

Compliance with these rules shall be subject to control by an independent authority.

Section 46 (2) of the Constitution provides: Subject to the provisions of this Constitution, a High Court shall have original jurisdiction to hear and determine any application made to it…may make such orders, issue such writs and give such directions as it may consider appropriate for the purpose of enforcement or securing the enforcing within that State of any right to which the person who makes the application may be entitled under this Chapter.

See Lee A. Bygrave, Privacy and Data Protection in an International Perspective, Stockholm Institute for Scandinavian Law & Lee A Bygrave 2010 p. 169

Lee A. Bygrave, Privacy and Data Protection in an International Perspective, Stockholm Institute for Scandinavian Law & Lee A Bygrave 2010 pp. 170/171

Paragraph 2.10 of the Regulation

% of global annual turnover or €10 million, whichever is higher; or 4% of global annual turnover or €20 million, whichever is higher

Comparing privacy laws: GDPR v. Nigeria Data Protection Regulation. OneTrust DataGuidance Available at: https://www.dataguidance.com/sites/default/files/gdpr_v._nigeria.pdf

Article 4.2 of the Regulation

Paragraph 5.4 of the CBN Consumer Protection Regulations 2020

Ibid, Paragraph 7.2.

Section 7 of the Cybercrimes Act, 2015

Ibid, S. 8

Section 28 NIMC Act, 2007

Section 17 (4) NITDA provides: Where a person or body corporate fails to comply with the guidelines and standards prescribed by the Agency in the discharge of its duties under this Act, such person or body corporate commits and offence. See also Paragraph 7.0 (a) of the Guideline

Section 16 (1) of the National Health Act

Section 6 (1) Cybercrime (Prohibition & Prevention Act) 2015 and S. 28 (3) NIMC Act & Regulations

Section 28 (1) (A) & (2) NIMC Act and Section 13 Cybercrime (Prohibition & Prevention) Act 2015

(1)(c) & (2) NIMC Act

Lee A. Bygrave, Data Protection by Design and by Default in S. Garben, L. Gromley, K. Purnhagen (eds.), Oxford Online Encyclopedia of European Union Law (Oxford University Press 2022

Wolff, A., Gooch, D., Cavero Montaner, J.J, Rashid, U., Kortuem, G., (2016). Creating an understanding of data literacy for a data-driven society. The Journal of Community Informatics, 12(3), 9-26. Available at: www.ci-journal.net/index.php/ciej/article/view/1286.

Downloads

Published

2024-02-26

How to Cite

Anya, A. K., & Jaiyebo, O. O. (2024). THE CONCEPT OF ‘PERSONAL DATA’ IN THE NIGERIAN DATA PRIVACY LAWS. KB Law Scholars Journal, 1(2), 59–78. Retrieved from https://www.kblsp.org.ng/index.php/kblsp/article/view/19

Issue

Vol. 1 No. 2 (2024): KB Law Scholars Journal

Section

Articles

License

Copyright (c) 2024 KB Law Scholars Journal

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.