Democracy & ParticipationSocial Development
Home Our latest stories Social Development "Data protection for Nigerians must be first priority"

"Data protection for Nigerians must be first priority"

September 19th, 2014

Timi Olagunju

A new national identity card with links to an American credit card company raises red flags for Timi Olagunju, 28, a Commonwealth Correspondent from Lagos in Nigeria, who urges Nigeria to enact strong data and privacy protection legislation.

Recently, Nigerian President Dr. Goodluck Jonathan launched a new national e-ID card. Powered by MasterCard, it is a multi-purpose card that doubles as a national identification card and an ATM card useful for making bank deposits and withdrawals. The card will also be used for identification and electronic signatures.

With the launching of the card, arguments for and against it are ongoing. Some have argued that the logo of MasterCard on the national ID card questions the sovereignty and pride of Nigeria. They further argue that partnering to acquire biometric data of present and future Nigerians with an American firm, in an age that has seen intense data surveillance by the American National Security Agency, could spell doom for Nigeria’s territorial integrity as well compromise our security as a people and a nation in the near future. They say it could end up like the Biblical Esau and Jacob story.

On the other hand, the proponents for the card argue that a Nigerian ID card is of no value outside Nigeria unless it is authenticated by an internationally reputable establishment like MasterCard. On this, rather than ‘comment my reserve’, I would reserve my comments, because my question is based largely on legal considerations and less on socio-economic juxtapositions.

Firstly, why would the President and the National Assembly happily authorize the handover of biometric data of millions of citizens to a “foreign private firm”, without first engineering the existence of a very detailed and structured legal framework to address issues of data protection and privacy? Remember how oil rights were given to Shell in the early 1900s at the expense of Nigeria’s interest? The same problem of poor regulatory framework haunted the power sector, until the Electricity Power Sector Reform Act 2005 and the Nigerian Electricity Regulatory Commission surfaced. In the words of its chairman, Dr. Sam Amadi ‘… failure in the electricity industry in Nigeria is, at heart, a failure of law. Law is the principal instrument of social development”.

Secondly, how would a country like Nigeria not have data protection and privacy laws, in an age where information and communication technology and human rights are quick to clash?

Thirdly, in the course of brokering the deal with MasterCard, did the Nigerian government do thorough due diligence? Did those involved get technical expertise to review the privacy policy of MasterCard and its host country, and see where it conflicts with Nigeria’s interest?

Out of the over one hundred countries with national identity cards, not a single one has ever partnered with any local or foreign organization to produce the cards, complete with company logo. So why Nigeria? We may argue it is the first of its kind, but we should also not be quick to forget that Malaysia has an integrated national e-identity card done by Malaysia without foreign interference, for Malaysians.

On the need for a comprehensive Data and Privacy Protection laws, it is important to state that data and privacy laws exist to strike a balance between the rights of individuals’ privacy and the ability of organizations to use data for their personal business. Many countries have taken proactive measures to protect the fundamental human rights of its citizens in this age. For example, Zimbabwe has a comprehensive Access to Information and Protection of Privacy Act, Singapore has a Personal Data Protection Act, UK has a Data Protection Act 1998 coupled with other laws within the UK and the European Union protecting data and privacy, and Ireland has its Data Protection (Amendment) Act 2003. When would Nigeria get hers? Is there a body that ensures that MasterCard or any other holder of data on such national scale uses it properly? What actions would be taken if data protection and privacy is breached? These are key issues that should have been considered within a regulatory framework. In fact, aside the traditional roles of Nigerian Communications Commission (NCC), one wonders what legal framework enforces a check on Nigeria’s telecommunication companies with regards to data and privacy? These days unsubscribed text messages bombard one’s phones about unsolicited lotteries from the network providers; even at midnight. If we have not gotten data and privacy right on a local scale, I wonder what it would be with MasterCard.

It is obvious that with this deal between Nigeria and MasterCard, all the present and future generations of data go to the American payment platform. Therefore, with no explicit Nigerian data and privacy laws, the implication is that Nigeria is left to the mercy of the data and privacy laws in the United States. Would that be sufficient to protect Nigerians? To date, the US has no single data protection law comparable to the EU’s Data Protection Directive. Privacy legislation in the United States tends to be adopted on an ad hoc basis, with different legislation arising when certain sectors and circumstances require.

The 1999 Constitution of Nigeria guarantees the right to privacy of Nigerian citizens. I strongly advocate that this fundamental human right be given zeal of implementation by the National Assembly and the office of the President. There should be up to four independent and co-existing aspects to the Freedom of Information act, with clear legislation covering data protection, computer misuse, information security and lawful interception.

photo credit: Yuri Yu. Samoilov via photopin cc

————————————————————————————-

About me: I give leverage to your voice in the Courts of Law and in the Courts of Public Opinion.  I do this as a Legal Practitioner, Public Policy analyst and as an author, majoring in human rights, public policy and information technology law.

I am a graduate of the University of and the Nigerian Law School. An avid public policy analyst and advocate of change, I speak and write about legal and socio-economic topics, entrepreneurship and IT law. LinkedIn: Timi Olagunju etimithelaw@gmail.com t: @timithelaw  #TACTS

————————————————————————————-

Opinions expressed in this article are those of the author and do not necessarily represent the views of the Commonwealth Youth Programme. Articles are published in a spirit of dialogue, respect and understanding. If you disagree, why not submit a response?

To learn more about becoming a Commonwealth Correspondent please visit: http://www.yourcommonwealth.org/submit-articles/commonwealthcorrespondents/

————————————————————————————-

Share

About the author

Related articles

Book ReviewEditor's PickHistoryHuman Rights
CultureDemocracy & ParticipationHealth, Safety & WellbeingPeace BuildingTechnology
View all

Submit your content

Submit a video
Submit an article

Timi Olagunju

A new national identity card with links to an American credit card company raises red flags for Timi Olagunju, 28, a Commonwealth Correspondent from Lagos in Nigeria, who urges Nigeria to enact strong data and privacy protection legislation.

Recently, Nigerian President Dr. Goodluck Jonathan launched a new national e-ID card. Powered by MasterCard, it is a multi-purpose card that doubles as a national identification card and an ATM card useful for making bank deposits and withdrawals. The card will also be used for identification and electronic signatures.

With the launching of the card, arguments for and against it are ongoing. Some have argued that the logo of MasterCard on the national ID card questions the sovereignty and pride of Nigeria. They further argue that partnering to acquire biometric data of present and future Nigerians with an American firm, in an age that has seen intense data surveillance by the American National Security Agency, could spell doom for Nigeria’s territorial integrity as well compromise our security as a people and a nation in the near future. They say it could end up like the Biblical Esau and Jacob story.

On the other hand, the proponents for the card argue that a Nigerian ID card is of no value outside Nigeria unless it is authenticated by an internationally reputable establishment like MasterCard. On this, rather than ‘comment my reserve’, I would reserve my comments, because my question is based largely on legal considerations and less on socio-economic juxtapositions.

Firstly, why would the President and the National Assembly happily authorize the handover of biometric data of millions of citizens to a “foreign private firm”, without first engineering the existence of a very detailed and structured legal framework to address issues of data protection and privacy? Remember how oil rights were given to Shell in the early 1900s at the expense of Nigeria’s interest? The same problem of poor regulatory framework haunted the power sector, until the Electricity Power Sector Reform Act 2005 and the Nigerian Electricity Regulatory Commission surfaced. In the words of its chairman, Dr. Sam Amadi ‘… failure in the electricity industry in Nigeria is, at heart, a failure of law. Law is the principal instrument of social development”.

Secondly, how would a country like Nigeria not have data protection and privacy laws, in an age where information and communication technology and human rights are quick to clash?

Thirdly, in the course of brokering the deal with MasterCard, did the Nigerian government do thorough due diligence? Did those involved get technical expertise to review the privacy policy of MasterCard and its host country, and see where it conflicts with Nigeria’s interest?

Out of the over one hundred countries with national identity cards, not a single one has ever partnered with any local or foreign organization to produce the cards, complete with company logo. So why Nigeria? We may argue it is the first of its kind, but we should also not be quick to forget that Malaysia has an integrated national e-identity card done by Malaysia without foreign interference, for Malaysians.

On the need for a comprehensive Data and Privacy Protection laws, it is important to state that data and privacy laws exist to strike a balance between the rights of individuals’ privacy and the ability of organizations to use data for their personal business. Many countries have taken proactive measures to protect the fundamental human rights of its citizens in this age. For example, Zimbabwe has a comprehensive Access to Information and Protection of Privacy Act, Singapore has a Personal Data Protection Act, UK has a Data Protection Act 1998 coupled with other laws within the UK and the European Union protecting data and privacy, and Ireland has its Data Protection (Amendment) Act 2003. When would Nigeria get hers? Is there a body that ensures that MasterCard or any other holder of data on such national scale uses it properly? What actions would be taken if data protection and privacy is breached? These are key issues that should have been considered within a regulatory framework. In fact, aside the traditional roles of Nigerian Communications Commission (NCC), one wonders what legal framework enforces a check on Nigeria’s telecommunication companies with regards to data and privacy? These days unsubscribed text messages bombard one’s phones about unsolicited lotteries from the network providers; even at midnight. If we have not gotten data and privacy right on a local scale, I wonder what it would be with MasterCard.

It is obvious that with this deal between Nigeria and MasterCard, all the present and future generations of data go to the American payment platform. Therefore, with no explicit Nigerian data and privacy laws, the implication is that Nigeria is left to the mercy of the data and privacy laws in the United States. Would that be sufficient to protect Nigerians? To date, the US has no single data protection law comparable to the EU’s Data Protection Directive. Privacy legislation in the United States tends to be adopted on an ad hoc basis, with different legislation arising when certain sectors and circumstances require.

The 1999 Constitution of Nigeria guarantees the right to privacy of Nigerian citizens. I strongly advocate that this fundamental human right be given zeal of implementation by the National Assembly and the office of the President. There should be up to four independent and co-existing aspects to the Freedom of Information act, with clear legislation covering data protection, computer misuse, information security and lawful interception.

photo credit: Yuri Yu. Samoilov via photopin cc

————————————————————————————-

About me: I give leverage to your voice in the Courts of Law and in the Courts of Public Opinion.  I do this as a Legal Practitioner, Public Policy analyst and as an author, majoring in human rights, public policy and information technology law.

I am a graduate of the University of and the Nigerian Law School. An avid public policy analyst and advocate of change, I speak and write about legal and socio-economic topics, entrepreneurship and IT law. LinkedIn: Timi Olagunju etimithelaw@gmail.com t: @timithelaw  #TACTS

————————————————————————————-

Opinions expressed in this article are those of the author and do not necessarily represent the views of the Commonwealth Youth Programme. Articles are published in a spirit of dialogue, respect and understanding. If you disagree, why not submit a response?

To learn more about becoming a Commonwealth Correspondent please visit: http://www.yourcommonwealth.org/submit-articles/commonwealthcorrespondents/

————————————————————————————-