INTRODUCTION
The rapid growth of technology and internet usage, particularly among children, has become a global phenomenon. Nigeria is no exception, with a significant increase in online activities among children, a trend which poses significant risks to their online safety and data privacy.
Recent studies have shown that a staggering 93% of Nigerian children between 11 years and 16 years old access the internet via mobile phones without proper safeguards. Furthermore, another survey revealed that 45% of children aged 4-10 years old also own mobile phones and go online, highlighting a concerning trend of unsupervised internet access among minors. While the growth of technology in Nigeria has contributed to economic development, it also raises serious data privacy and protection concerns about the potential for exploitation of children’s personal information. Therefore, it is crucial for Nigeria to prioritize the protection and enhancement of children’s data privacy in this technological era.
It is against this background that this article aims at examining the legal considerations surrounding children’s data privacy in Nigeria, while analysing the current legal framework as well as highlighting the need for a more robust legislative and regulatory framework to safeguard children’s data in the face of rapid technological innovation.
WHO IS A CHILD?
Many sources have ascribed several meanings to who a child is or ought to be. According to the Oxford Advanced Learner’s Dictionary, a child is a human being below the age of puberty or below the legal age.
By virtue of Section 29(4) of the 1999 Constitution of the Federal Republic of Nigeria, a child is defined as a person below full age and “full age” means the age of 18 years and above.
Under Article 2 of the United Nations Convention on the Rights of a child, 1989, a child is defined to be every human being below the age of 18 years.
Generally, it is necessary to point out that the age of a child is usually determined by the government or society where a child is, giving considerations to local peculiarities and circumstances. In Nigeria, the Child Rights Act adopts the age of 18, which has further been adopted by the Nigeria Data Protection Act, 2023 in its interpretation section. This must be kept in perspective while expending efforts to ensure that they are adequately granted protection from every possible form of abuse which could come in form of data privacy breaches.
WHAT IS DATA PRIVACY?
Data privacy generally means the ability of a person to determine for themselves when, how and to what extent personal information about them is shared with or communicated to others. This personal information can be one’s name, location, contact information, or online or real-world behaviour.
Data privacy is generally considered as a fundamental human right. In Nigeria, it is seen as an offshoot of the right to privacy as enshrined in the Constitution especially in light of the decision of the Court of Appeal in the case of Digital Rights Lawyers Initiative v. National Identity Management Commission where it was held that data privacy rights are an offshoot of the right to privacy guaranteed and protected under Section 37 of the 1999 Constitution of the Federal Republic of Nigeria.
Essentially, data privacy relates to the proper handling of personal data or personally identifiable information, such as names, addresses, social security numbers and credit card numbers. It is not a single concept or approach. Instead, it is a discipline involving rules, practices, guidelines and tools to help organizations establish and maintain required levels of privacy compliance.
OVERVIEW OF THE LEGAL FRAMEWORK FOR CHILDREN’S DATA PRIVACY IN NIGERIA
The Nigeria data privacy landscape is fraught with quite a number of legislations which directly or indirectly regulate the privacy of children. Generally, these laws could be seen as deriving their validity from the grundnorm – The Constitution of the Federal Republic of Nigeria. Under this part, we shall take a cursory look at some of them.
Though it could be argued that some of the laws do not specifically provide the needed framework for the protection of children’s personal information, yet given that legal authority may be express or implied, it may be reasonably argued that they provide implied authority to that effect. These laws include:
- The 1999 Constitution of the Federal Republic of Nigeria as Amended: This is the bedrock upon which every other law is founded. In other words, it is the fountain from which they derive their validity. The constitution provides – “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”. Here, citizens could still be stretched to include children as well, hence, guaranteeing their right to privacy as well.
- Nigeria Data Protection Act, 2023: Prior to the enactment of this legislation, the Nigeria Data Protection Regulation and its implementation framework merely governed the processing of child personal data. However, under this present Act, the Nigerian Data Protection Commission is authorised to formulate regulations concerning the protection of 13-year-olds and older children regarding the provision of information and services through electronic means upon the express request of the child. This ensures that the personal information of children are constantly being protected even in the face of global technology innovation and revolution.
- Childs Right Act, 2003: This is likewise an offshoot of the Constitution. It provides that every child has the right to his or her privacy, family life, home, letters, phone conversations and electronic communications, and that no child should be exposed to interference with this right. This provision however does not impede a parent’s or legal guardian’s ability to exert reasonable oversight and influence over their child’s or ward’s behaviour. Furthermore, by Section 205 of the Act, persons are restricted from publishing any personal or sensitive information that could be used to identify a child who is being subjected to a judicial process. This, I find could be stretched to apply to both offline and online modes by which information is circulated in the present technology age.
- Cybercrimes (Prohibition, Prevention, etc.) Act, 2015: This Act basically criminalizes any form of online exploitation and data breach. The Act compels service providers to keep all data and subscriber information having regard to the Individual’s right to privacy and shall ensure that appropriate measures are taken to shield the confidentiality of the data retained, processed or retrieved by the service providers. This extends to the collection, processing and storage of children’s data as well.
KEY CONCEPTS/CONSIDERATIONS FOR SAFEGUARDING CHILDREN’S DATA PRIVACY
- Parental consent: Children may not fully comprehend the implications of sharing certain kinds of information either online or offline. Thus, it is necessary that the consent of parents/guardians be had and obtained prior to the obtaining, processing, usage and sharing of information or data belonging to a child.
- Age-appropriate Consent: Taking into account the age, developmental level and understanding of data privacy concepts of a child by data controllers is very pivotal in ensuring that children’s personal information is protected from unauthorized collection, use, or disclosure and that they are not exploited or manipulated online.
- Data Minimization: This concept is very crucial in the quest to ensure the safety of children’s data. It ensures that only the necessary personal information is collected, reducing the risk of data breaches. Thus, data minimization aids in protecting children’s online footprint thereby preventing privacy violations against children.
- Data Security: This is instrumental in safeguarding children’s data privacy, as it entails the deployment of several measures essential enough to prevent data breaches, cyberattacks and unauthorized access which can lead to a compromise of children’s sensitive personal information.
- Privacy Impact Assessment: This is necessary, as it aids data controllers in identifying and mitigating data privacy risk, thereby ensuring the safety of children’s data and personal information. By conducting this assessment frequently, organisations can identify and address potential vulnerabilities and therefore minimize an impending data breach.
CONCLUSION
Safeguarding children’s data privacy under the current legal framework available in Nigeria is a nebulous affair. This is because, though the current legal regime has made frantic efforts to ensure that children’s personal information is adequately protected, there remains yet more work to consider in the face of current technological trends as well as peculiarities ascribable to children. A careful look at other climes or jurisdictions shows that there are specific legislations to safeguard children’s data privacy. America for instance has the Children’s Online Privacy Protection Act which specifically makes provision for the privacy rights and protection of children in America.
Children being vulnerable beings, it is our collective responsibility to ensure that they are protected on all fours, including from unauthorized use and access to their personal information. In order to step up, a comprehensive legal framework to this effect must be enacted, which is tailor-made to solve privacy issues amongst children, having particular regards to their peculiarities.
Chinaza and Muhiz are associates in the ICT and Media Practice department of the Trusted Advisors
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
