As the new oil, Data represents a significant resource for any nation that is committed to growing its economy. In essence, every country’s economy depends on data to survive, especially in this modern, digitally connected world that we are.
According to Nigeria’s Minister of Communications and Digital Economy, Prof. Isa Pantami, “In the fourth industrial revolution, data is key. In 48 hours, the quantity of data generated globally is equal to the quantity of data that was generated within 5,000 years.”
Most of this data is in the form of personal information, which is often gathered, saved, and disseminated by organisations, governments, and people. However, the lack of clear regulation to govern its utilisation means the misuse of such data cannot be prevented.
Prior to the introduction of the Nigeria Data Protection Regulation (NDPR) on January 25, 2019, there was little to no legislation governing privacy and data protection in the country. The Nigerian Constitution, which recognised privacy as a fundamental right and specifically stated that the privacy of citizens, their homes, correspondences, telephone conversations, and telegraphic communications are guaranteed and protected, was the only piece of Nigerian legislation that addressed the issue of privacy and, by extension, data protection in Nigeria prior to this.
The core rights of data subjects under the NDPR provide that a data subject has a right to be informed, right of access, right to object, right to data portability, right to erasure, right to restriction of processing, right to rectification and rights regarding automated decision making.
From this perspective, it can be deduced that laws governing data protection are urgently needed in Nigeria as citizens have had one form of data or the other compromised without the ease of recovery, leading to huge financial losses, reputational damage, revenue losses, and other forms of abuse.
This is pertinent, especially with the growing rate of identity theft, cyberstalking, data mining, theft, Internet fraud and increasing reported cases of abuse of financial information by financial institutions, mobile service providers, telecoms companies, unregulated loan credit companies and so on.
Although the provisions of the NDPR are similar to those of the European Union General Data Protection Regulation (EU-GDPR), which was adopted on the 14th of April 2016 and became enforceable on the 25th of May 2018, the NDPR has also come up with innovations which set it apart from its European counterpart.
One such innovation is the establishment of a new class of professionals known as Data Protection Compliance Organisations (DPCOs) duly licensed by the National Information and Technology Development Agency (NITDA) to act as intermediaries between organizations (data controllers) in Nigeria, which process the personal data of customers, employees, vendors etc. (data subjects) and the regulatory authority.
DPCOs are charged with the responsibility of carrying out training, auditing, consulting and rendering services and products for the purpose of ensuring compliance by data controllers with the provisions of the NDPR as well as any foreign data protection law or regulation having effect in Nigeria.
Largely, a cursory look at other climes shows that there appears to be more seriousness in terms of data protection compared to this region.
While the United Nations Conference on Trade and Development (UNCTAD) noted that as more social and economic activities take place online, the importance of privacy and data protection is increasingly recognized. It noted that of equal concern is the collection, use and sharing of personal information to third parties without notice or consent of consumers.
Accordingly, UNCTAD revealed that 137 out of 194 countries had put in place legislation to secure the protection of data and privacy. Africa and Asia show different levels of adoption with 61 and 57 per cent of countries having adopted such legislation. The share in the least developed countries is only 48 per cent.
In Nigeria, according to Lawgically Speaking NG, the NDPR is the compliance requirement of filing by data controllers. The NDPR specifies that a data controller processing the personal data of above 1,000 data subjects within six months of the enactment of the NDPR is required to file an initial data protection audit report with NITDA. Data controllers, who process the personal data of 2,000 data subjects and above are required to file an annual data protection audit report on or before the 15th of March of the following year.
This innovation has resulted in a massive development in data protection in Nigeria as data controllers have tried to ensure compliance with the regulation thereby increasing the level of awareness of data protection in the country. In addition to the NDPR, NITDA also issued a Data Protection Implementation Framework, which offers a very in-depth explanation and expatiation of the language and application of the NDPR and contains a number of drafts of compliance documentation which are required by the NDPR.
To further demonstrate how Nigeria has fared since the inception of the NDPR, there has been a plethora of litigations on data protection, which goes to show that although slowly but surely, data protection is indeed gaining traction in the Nigerian environment and every day, data subjects are becoming more aware of their rights under the NDPR and other data protection legislation. In Paradigm Initiative for Information Technology v Nigerian Identity Management Commission (NIMC), one of the issues for determination was the right of the Respondent to process personal data without adequate security.
This case was the first time the Federal High Court took judicial notice of the NDPR as legislation on data protection in Nigeria. Subsequently, Nigerians have started enforcing their rights under the NDPR in a court of law. In Confidence Staveley v Access Bank Plc, the applicant sued the respondent for the disclosure and transmission of the applicant’s personal data to a third party without her consent or any other legal basis as provided by the NDPR, thus constituting a breach of confidentiality as well as a breach of the applicant’s rights as provided by the NDPR.
While the NDPR is gaining traction, the menace of breach of privacy is still very prevalent, especially from loan shark companies, which has become a serious issue for urgent attention.
For some Nigerians, the existence of online lending platforms has caused more harm than good. One of the reasons people borrow money from these lending platforms is to grant them relief at a point they need money. Many have been faced with loan sharks, harassment, and disgrace. A loan shark is a person who – or an entity that – loans money at extremely high-interest rates and often uses threats of violence to collect debts. Interest rates of loan sharks are generally well above an established legal rate.
This unpleasant trend of citizens abjectly borrowing for basic consumption from unscrupulous loan firms, who mete out degrading treatment to them when they default, comes from privation among the populace.
Already, the Central Bank of Nigeria (CBN) Governor, Godwin Emefiele has said that those who collect loans from places other than microfinance banks or recognised institutions are at bigger risk. Tackling this challenge, the Federal Government approved 173 digital lending applications to operate in the country. The approval of the digital lending platforms by the Federal Competition and Consumer Protection Commission (FCCPC) followed the harassment of Nigerians by digital lenders. This prompted the FCCPC to begin a registration drive to protect citizens from the atrocities of these apps.
Of the 173, 119 have full approvals and 54 have conditional approvals. Despite the approval of these digital lenders, some Nigerians are still faced with threats from loan sharks. But to further bring sanity to the sub-sector, loan apps on Play Store will lose their ability to access their users’ contacts or photos from May 31, 2023.
This came as the Federal Government said it would enforce the latest policy by Google, saying the action was consistent with the Nigerian authorities’ move to curtail the invasion of customers’ privacy by loan app firms. The Federal Government had in recent times taken major decisions aimed at tackling the violation of customers’ privacy by loan apps.
Google, in its April 2023 policy updates, said the new policy would provide respite for loan app users in Nigeria and other places that have become accustomed to crude loan retrieval methods employed by many loan apps.
Loan sharks may start out appearing friendly. And if you keep up your repayments, they might stay that way. But the reality is, even if you do, any money you borrow will come at a high price.
These loan sharks often use intimidation and threats to frighten people into paying back their loan. Some even become violent towards their victims if they fail to pay. They often use illegal and unconventional methods, which most times come with huge collateral damage to the integrity and character of the borrowers, with some customers developing emotional problems after such encounters.
Many of the borrowers never envisaged the aftermath of their decision to patronise some unprofessional online lenders. They make matters worse by sending broadcast message, such as this, “Be advised! Mr. XYZ with phone number 08000000000 is a chronic debtor, who borrowed funds and is cunningly avoiding repayment despite several calls and messages sent to him. Do not trust such a person with funds as he/she is a financial liability and has proved to be a credit risk. We can send you the proof.”
Indeed, Google stated, “Policy preview (effective May 31, 2023): This article previews changes included in our April 2023 policy updates.
“We are updating our personal loans policy to state that apps aiming to provide or facilitate personal loans may not access user contacts or photos.
“We are introducing additional requirements for personal loan apps targeting users in Pakistan. Personal loan apps in Pakistan must submit country-specific licensing documentation to prove their ability to provide or facilitate personal loans.”
Read also: Technology, data, consumer behaviour driving future of marketing – Experts
This new policy is coming after the firm announced updates to its Developer Programme Policy, mandating digital money lenders in Nigeria, India, Indonesia, the Philippines, and Kenya to conform to regulatory rules or be taken down by January 31.
According to the firm, only digital money lenders that have adhered to and completed the Limited Interim Regulatory/Registration Framework and Guidelines for Digital Lending, 2022 (as may be amended from time to time) by the FCCPC with a verifiable approval will be allowed on Play Store in Nigeria.
In all and to bring sanity into the polity, which would prevent exploitations by loan sharks and the likes and tackle economic challenges, it has become very important that the government should adopt short, medium and long-term policies to alleviate poverty, boost SMEs and start-ups, tame inflation and interest rates.
Being an import-dependent country, the CBN needs to work much more creatively and harder to effectively manage the naira exchange rate and halt its free fall. All tiers of government must aggressively stimulate productive activities. The surest way to stamp out the extortionists from the system is by creating socioeconomic conditions that deny loan sharks the vacuum of lack of access to credit at affordable rates.
.Ujam, Ph.D, is an ICT and Security expert. He is also Government Affairs Policy Advisor; former deputy chair on Telecommunications, House of Reps; Sole Sponsor of the Digital Rights Bill and CEO, Nina JOJER Ltd.
