Towards a Better Digital Rights Protection Regime in Nigeria: A Legal Diagnosis and the Reforms

Author: Christopher Danladi

INTRODUCTION

In recent years, the digital rights of Nigerian citizens have been increasingly threatened by the lack of a comprehensive legal framework to protect them. This has led to an increase in cybercrime, data breaches, and other violations of digital rights. To ensure that Nigerians are adequately protected from these threats, the government has put in work by enacting laws and rules to safeguard the digital rights of its citizens.  In 2023, the enactment of the Nigeria Data Protection Act (NDPA) by the Federal Government of Nigeria signaled a new dawn, aiming to rectify the deficiencies of the 2019 Nigeria Data Protection Regulation (NDPR). However, implementing the Nigeria Data Protection Act 2023 (NDPA) in Nigeria has been akin to trying to swim against the tide, as challenges persist despite reform efforts. With the background knowledge of these difficulties, I intend to discuss the current state of digital rights protection in Nigeria, the existing laws, regulations, and policies applicable to digital rights protection in Nigeria, their shortcomings, and an analysis of cogent reforms or measures that need to be implemented to create a system to better protect Nigerians’ digital rights and privacy.

OVERVIEW OF NIGERIAN DIGITAL RIGHTS PROTECTION REGIME^[1]

1. The Constitution of the Federal Republic of Nigeria: the Constitution is the grundnorm of the Nigerian legislative sphere and is supreme in all ramifications. It is the basis upon which law and government is organized in Nigeria and it provides for the Right to Privacy of citizens.

Pursuant to Section 37 of the 1999 constitution,

 “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”.^[2]

Although the provision did not specifically mention data, it is debatable that information on homes, telephone conversation and correspondences all fall within the purview of personal data and as a result of that, the above provision can be used to safeguard such breach. In several instances, our courts have expressed the view in the abovementioned provision that the privacy rights of citizens should be safeguarded and breach of such rights will amount to a penalty on the side of the offender^[3]

• The Cybercrime Act of 2015: This law being the first legislation in Nigeria to deal specifically with cyber security criminalizes various illicit online activities such as hacking, identity theft^[4], cyber-stalking^[5] and cyber-fraud^[6], also sets out punishments for the afore-mentioned crimes.

Asides that, it provides for the establishment of the Nigerian Computer Emergency Response Team (CERT) to deal with cyber security issues.^[7] The Act also requires financial institutions to protect customer’s data^[8].

• The Data Protection Regulation: The Nigerian Data Protection Regulation expounded the concept of data protection under the 1999 constitution.^[9] As the most current and Nigeria’s most comprehensive law on data protection, it is aimed at protecting the rights of natural persons to data privacy and personal data of individuals.^[10]

By “natural persons”, it means in Nigeria and also in diaspora. The NDPR outlines, among other things, the rights of data subjects, the duties of data controllers, and the transfer of data to foreign territories.

• The NITDA Act of 2007:  The National Information Technology Development Agency Act was established on 18th April 2001 and passed into law in 2007 in the Obasanjo regime. It is the body charged with the sole responsibility of developing programs that cater for the running of ICT related activities in Nigeria^[11]. The act is vested with the authority to provide regulations and guidelines for the development, supervision, assessment, and control of information technology practices and all issues pertaining to and for them.^[12]
• The Nigeria Data Protection Act 2023: The Nigerian Data Protection Act 2023, signed into law on June 14, 2023, establishes a robust legal framework for safeguarding personal information and enhancing data protection standards in Nigeria. The Nigerian Data Protection Act, 2023, is a breath of fresh air compared to its predecessor, particularly the Data Protection Regulation of 2019 and has addressed issues not addressed in the old act. Firstly, when juxtaposed with the NDPR and its Implementation Framework, the Act significantly increases the safeguards provided to children and those who lack legal capacity. In conjunction with the Nigeria Child Rights Act, it elevates the age at which a data subject is classified as a “child” to 18 years. This is compared with the implementation Framework, which classifies a child as any person under the age of 13. Although it is unclear in the NDPR or Implementation Framework, parents or legal guardians must give their explicit consent to allow for the Act to be effective[13]. Under the new act,

Data controllers or data processors owe a duty of care in respect of personal data processing. They must demonstrate accountability relating to the principles and lawful basis for processing personal data. They must ensure that personal data is processed in a fair, lawful, and transparent manner[14].

THE SHORTCOMINGS/INADEQUACIES ENCOUNTERED BY THE NIGERIAN DIGITAL RIGHTS REGIME.

With the above-mentioned laws and regulations, digital rights violations are still a major concern in Nigeria as the country is faced with a number of shortcomings in its efforts to safeguard the digital privacy rights of citizens. Some of these issues include:

1. Absence of a comprehensive legal framework for digital rights protection: One of the issues that have stifled the development of digital rights protection in Nigeria is the absence of a comprehensive and all-round digital right protection law which can address the complexities of digital technology and online interactions. Nigeria’s digital rights regime is still largely governed by outdated laws which are few and have not kept up with the rapidly evolving digital landscape. So far in Nigeria, apart from Emerging Market Telecommunication services v. Barrister Godfrey Nya Eneye, there is no case law or court decision on invasion of data privacy which has made it difficult for judges and practitioners to locate precedents they may use to give victims of data privacy violation a suiting remedy to their pains.^[15]

Section 37^[16] has not been particularly useful for this purpose especially when considering our courts’ somewhat restrictive approach to the interpretation of the relevant section on privacy.^[17]

A perfect instance to note is the attempt of Paradigm Initiative^[18] to sponsor the Digital Rights Protection Bill in 2018, which was however, rejected by the President. The shortcomings of Section 37 and the NDPR with regard to data privacy would have been lessened had that bill been passed.

• Weak Enforcement Mechanisms: In Nigeria, it is one thing to pass a Bill into Law and another to implement such laws. Laws are only effective when they are well implemented and enforced. Lack of implementation leads to a wide gap between intentions and results which makes a mockery of enacted laws.^[19]

Law enforcement plays a very pertinent role in making sure that privacy rights of citizens are not breached. Most government agencies responsible for enforcing digital rights lack the technical expertise and resources to do so effectively. As a result, there is a low level of accountability and impunity for digital rights violations.

• Digital Illiteracy and Limited Public Awareness: In Donald Miller’s words, “in the age of information, ignorance is a choice”. But in the case of Nigerians, how do we demand rights we are not aware of?  Many Nigerians are not aware of their digital rights and the laws that protect them. This has created a culture of impunity where digital rights violations are not always reported or addressed.

Furthermore, many Nigerians lack digital literacy skills, which make them vulnerable to online threats such as cyber bullying, phishing, and identity theft. This makes it difficult for individuals to protect themselves from digital rights violations.

RECOMMENDATIONS

1. Adoption of a Comprehensive Data Protection Legislation: To address the inadequacies in digital rights protection laws, the Nigerian government can pass comprehensive data protection legislation that will protect citizens’ personal data. This legislation will regulate how data is collected, processed, and stored by government agencies and private entities. It will also provide citizens with the right to know what data is being collected about them, the right to correct that data, and the right to request that it be deleted.
2. Promotion of Digital Literacy and Awareness: Public Awareness campaigns should be organized in order to let people know about their digital rights and the need to have it protected. Promotion of digital literacy among Nigerians is very necessary to ensure that citizens are aware of their digital rights. Digital literacy programs should be introduced in schools, universities, and other educational institutions to equip Nigerians with the skills they need to navigate the digital world.
3. Development of a National Cyber security Strategy: Nigeria needs to develop a national cyber security strategy that will provide a framework for securing the country’s digital infrastructure. This strategy should include provisions for training law enforcement agencies and judges to investigate and prosecute cybercrimes, as well as establishing a national incident response system that will coordinate responses to cyber-attacks.

CONCLUSION The issue of digital rights in Nigeria remains top notch and so, for the development of Nigeria’s digital economy and also to ensure that Nigerians exercise their digital rights without fear of being spied on, the above-mentioned reforms will go a long way to see that the digital rights of Nigerians are adequately protected.

---

^[1] Aside all legal frameworks mentioned below for the protection of data, there are other laws which include Federal Competition and Consumer Protection Act, Child Rights Act 2003, Freedom of Information Act of 2011, Electronic Transactions Act of 2011, National Identity Management Commission Act, The Copyright Act, the Consumer Code of Practice Regulations of 2007 and so on.

^[2] Italics supplied for emphasis

^[3] See Emerging Market Telecommunication services v. Barrister Godfrey Nya Eneye (2018) LPELR-46193

^[4] See Section 22 of the Cybercrime Act 2015.

^[5] Section 24

^[6] Section 14

^[7] Section 21

^[8] Section 19 (3)

^[9] Accessed on 18th February, 2023 >>> https://www.dataguidance.com/notes/nigeria-data-protection-overview

^[10] Jude Adedamola Ikumapayi, 2021.  ”The pros and cons of the Nigeria Data Protection Regulation (NDPR)”. Retrieved from >>> https://www.enyenawehafrica.org/post/the-pros-and-cons-of-the-nigeria-data-protection-regulation-ndpr  on 3rd March, 2024

^[11] January 2006. Information and Communication for development. Global trend and policies. World Bank.ISBN 978021363478. Retrieved from Wikipedia on 24th March, 2024.

^[12] Section 6(c) of the NITDA Act

[13] Section 31 of the NDPA 2023

[14]Eze G, ‘Understanding the Nigeria Data Protection Act 2023: Obligations of Digital Platforms and Businesses – Privacy Protection – Nigeria’ (Understanding The Nigeria Data Protection Act 2023: Obligations Of Digital Platforms And Businesses – Privacy Protection – Nigeria, 29 February 2024) https://www.mondaq.com/nigeria/privacy-protection/1430338/understanding-the-nigeria-data-protection-act-2023-obligations-of-digital-platforms-and-businesses#:~:text=Data%20controllers%20or%20data%20processors,%2C%20lawful%2C%20and%20transparent%20manner .accessed 30 March 2024 

^[15]Olumide Babalola, ‘Data Protection and Privacy Challenges in Nigeria (Legal Issues) – Privacy – Nigeria’
(Mondaq.com, 2021) >>> https://www.mondaq.com/nigeria/data-protection/901494/data-protection-and-privacy-challenges-in-nigeria-legal-issues  accessed on March 30, 2024

^[16] 1999 Constitution

^[17] Ibid.

^[18] Paradigm Initiative is a social enterprise that builds an ICT-enabled support system and advocates digital rights in order to improve livelihoods for under-served youth.

^[19] Rudi Klauss, International Development Administration: Implementation Analysis for development projects 3 (George Honadle & Rudi Klauss eds., Praeger Publishers 1979).