• Saturday, July 13, 2024
businessday logo


Cambridge Analytica: Time for Nigeria to get serious about data protection


The report of Cambridge Analytica meddling in the 2015 presidential election in Nigeria lays bare the need to protect citizens’ internet data from abuse, especially as 2019 elections beckons.

What happened exactly?

In 2010, Facebook launched its Open Graph API which allows outside app developers to access user data. In 2011, the company signed a consent decree with US Federal Trade Commission in which Facebook promised not to share its data without their data.

However, in 2014, a Cambridge researcher named Aleksandr Kogan, in violation of Facebook terms, released data his application harnessed from Facebook users to Cambridge Analytica – a data and messaging company set up in 2013. Facebook got wind of the breach in 2014 and moved quickly to change its policies on using people’s data.

Although Cambridge Analytica told Facebook it had deleted the affected users’ data, it was not entirely true. In 2016, haven worked with several election offices around the world – including Nigeria in 2015, Cambridge Analytica was employed by the Donald Trump campaign office.

In 2018, the New York Times and The Observer reported that the scale of data harvesting by Kogan and Cambridge Analytica was much more than previously thought. Worse, the executives of the company were caught on tape boasting about using shady and illegal practices in their work in multiple countries.

The New York Times and The Observer cited a Whistleblower by the name of Christopher Wylie who worked with Cambridge University academic to obtain the data as saying “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and targeted their inner demons. That was the basis the entire company was built on.”

After days of silence, Facebook founder Mark Zuckerberg finally admitted his company may have made a mistake and listed a series of new strategies to prevent a recurrence.

How it affects Nigeria

According to a report by the Guardian UK, the President Jonathan election campaign office hired Cambridge Analytica in 2015 to save it from losing it to his opponent, Mohammdu Buhari. Hence, the company was hired by a Nigeria billionaire at an estimated price of £2 million to unleash a ferocious campaign against Buhari. Notwithstanding, Jonathan became the first ever Nigerian leader to lose at the ballot box. There are no reports to suggest that Jonathan was aware of the covert operation.

New reports suggest that the Jonathan election office through the agency of Israeli hackers have hacked President Buhari’s personal email to gain access to his medical records. However, SCL Elections, the parent company of Cambridge Analytica said that despite being hired by the Jonathan campaign, it neither received nor used hacked information during the campaign.

Another report stated that Cambridge Analytica organised “anti-election rallies” to demoralise opposition supporters from voting in the elections, which saw the emergence of Umar Yar’Adua as president.

How authorities are responding

The Nigerian government has launched an investigation aimed at determining whether the Cambridge Analytica’s work for the then ruling party, the People’s Democratic Party, PDP in 2007 and 2015 general elections campaign broke the laws of Nigeria or infringed on the rights of other parties and their candidates.

“Data protection in Nigeria needs to be addressed. I expected one of our legislators to recognise this and sponsor a bill to firm it up, but that hasn’t been the case,” Johnson Ajani, a product manager at one of the leading banks in Nigeria told BusinessDay.

Existing data protection laws

Nigeria does not currently have a law that properly addresses citizens’ data.

The only place in the constitution that makes reference to data protection is section 37 of the 1999 Constitution which guarantees and protects “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications.”

The Freedom of Information Act, 2011 (FOI Act), section 14 seeks to protect personal privacy by providing that a public institution is obliged to deny an application for information that contains personal information unless the individual involved consents to the disclosure, or where such information is publicly available.

It will be impossible to say what the government’s investigations could reveal and what it intend to do with the findings. Should there be evidence of illegal meddling to point of subverting democracy, the administration, however, would need a law to apportion punishments. In the absence of none, it is an exercise in futility. More importantly, who is to tell how long it will take another Cambridge Analytica to happen again?