“The biggest violators of data rights in Nigeria are the government agencies”, – ‘Gbénga Ṣẹ̀san.
Paradigm Initiatives (PIN) has welcomed the President’s assent to the Nigeria Data Protection Bill, thereby establishing the Nigeria Data Protection Act 2023.
TechEconomy reported in its June 14, 2023 edition that President Bola Tinubu has officially signed the Nigeria Data Protection Act 2023 into law which serves as a comprehensive framework for safeguarding personal information and promoting data protection practices within Nigeria.
The bill underwent deliberation and review in the Senate and House of Representatives and was presented on April 4, 2023, through a letter from former President Muhammadu Buhari.
Already, there are contentious issues and/or provisions in the new ‘Law’. First, the Civil Society Organisations (CSOs) are not happy with the removing of a provision for ‘CSO representative’ on the board of the Nigeria Data Protection Commission (NDPC).
Paradigm Initiative first expressed the concerns when they paid a courtesy call to the (then) Nigeria Data Protection Bureau in Abuja.
Reechoing the concerns, ‘Gbénga Ṣẹ̀san, the Executive Director of PIN told TechEconomy that the immediate past Minister of Communications and Digital Economy, Prof. Isa Pantami, should be blamed for this:
How did Paradigm Initiative (PIN) receive the news of the President’s Assent to the Data Protection Bill?
“We knew it was coming; we felt it was coming in the last days of the previous administration so everybody was expectant. I think the surprise is that there are not so many precedents to this sort of case where an old National Assembly gets their bill signed by a new executive. It doesn’t happen a lot but it is interesting this has now happened setting a precedent.
“So, there will be expectations moving forward that until the National Assembly changes hands anything can still happen even with the new president. I was sort of expecting it. I received this good news with a pinch of salt. It’s not a perfect bill, there are things we worry about in the bill now a law.
PIN raised searing questions why the CSOs were excluded from the provisions of the Act which now institutes a board for the National Data Protection Commission. What does it entail for Nigeria, and particularly the citizens?
“Let me start by looking at what this means for businesses. It is about responsible use of data. The regime where anyone could do anything is gone because there were many warnings against it before but definitely, it’s a call for responsible use of data. But for citizens I mean the objects of the Bill are quite clear: it’s to regulate the processing of personal data but also to safeguard the security and privacy of citizens whose data you know is being used.
So, things around data rights; to make sure that the data owner (citizen) has rights over their data, that is the main thrust of the law, and the establishment of an independent commission.
“And when we talk about our worries with data, I’ll come back to that again; an independent regulator who can ask questions.
“The biggest violators of data rights in Nigeria are the government agencies. So, it is important to have an independent agency that can question anyone, not just companies but also governments who violate the rights of citizens. The law provides for the Protection of Data Rights and the independent commission can help citizens seek redress when data protection is threatened.
Okay, let’s go back to the point you raised earlier about the exclusion of CSOs in the build up to the National Data Protection Commission; why do we need CSOs’ representative(s) on the board?
It’s definitely unfortunate and an indication of the government not open to oversights. Like I said to the current CEO of Nigeria Data protection Bureau, this is wrong. They shouldn’t have removed this from the initial Bill sent to the National Assembly. Nevertheless, it doesn’t stop us from providing data oversight. Indeed, we will become more cautious of the fact that we would have independent oversight of this and I’m saying this publicly – we would put their feet to the fire. We would watch out more because now we know there’s a temptation for them to just act recklessly to disregard the kind of caution that CSO oversight could have brought. I suspect this was deliberate on the part of the former Minister (sic: of Communications and Digital Economy, Prof. Isa Pantami).
“But that’s not the only challenge with the law. There’s also the fact that even section 7 says that the commission shall be independent in the discharge of its function under this act. Then, section 55 surprisingly says that the Minister would be able to control the independent regulator. That’s weird; that’s what Pantami was doing and it’s a shame that’s it’s eventually made it to the final law; that’s something that’s definitely we’ll be on red alert.
“If any Minister in charge of the digital economy tries to do that, we would use the same instrument of the law that they’ve passed in section 7 which is a major objective to challenge that action.
“They won’t claim that they have section 55 but then that would now be our opportunity to ask the court to interpret what that contradiction should mean, and I believe it would be the need to expunge section 55. It is contradictory to the spirit of the establishment of an independent agency; that why we said that CSOs should not have been removed from the Commission’s Board composition”.
Having said that, Ṣẹ̀san said they are not saddened as it were “because it’s possible for them to put CSOs and then register their own CSOs and put their own person there.
“They were not going to put someone very critical of their maladministration; that is the reality”, he said.
