National Commissioner for the Nigeria Data Protection Bureau (NDPB), Dr. Vincent Olatunji, has recently discussed the new Data Protection Act 2023 in the country, which aims to protect the data rights of the citizens and regulate the use of technology such as AI. Now that Nigeria has a data law (similar to the EU’s data laws) after many collaborative efforts, the major focus of the bureau is to implement measures that will protect the data rights of Nigerians. He said that there are a lot of provisions in the law that enact measures for data controllers to create safeguards that ensure that data is treated properly.
One of the work of NDPB is investigating firms for data breaches. The commissioner stated that the bureau has invested many in the banking, telecoms, consulting and digital lending sectors. For instance, Soko Loan was fined N50 million in the digital lending sector and along with approximately three banks in the banking industry. The agency makes these fined firms pay a remediation and take them through regulation and compliance. The aim is to improve the compliance culture of these firms.
Some firms would be blacklisted for not adhering.
Now that the country has a data law, the bureau has encouraged all organizations dealing with data to register with them between the present and December. Olatunji said that it is to ensure that the commission has their information captured as they cannot be effectively regulated if the organizations that they are trying to regulate are not known. After the registration, the agency would have the annual data protection compliance audit report, which would be held between January and March.
As for firms that would be blacklisted for not adhering to data privacy laws, the process is ongoing and being implemented. The blacklist is likely to be released by March 2024. The list is for organizations, companies, and data processors who do not comply with the provisions of the law. The bureau is essentially saying it does not want people or organizations to treat data in a careless manner. Apart from the digital lending company (Soko Loan) and three banks, the agency announced an investigation into MoMo last year and he said that the investigation into Flutterwave is also still ongoing.
Biggest issues with data privacy in Nigeria are ignorance and capacity.
Speaking on the root of the issues with data privacy, the commissioner said that ignorance and lack of capacity play significant roles. Many data subjects neither know their rights nor ask for it. Even many data controllers and data processors do not know their jurisdictions. To solve this problem, he said that awareness is needed. On the area of capacity, he questions the capacity and competence of data protection staff in firms. “Do they understand the point of putting in safeguards and ensuring that there is no unauthorized access and malicious use or damage to the data?” he inquired rhetorically.
Awareness and capacity are major challenges in applying the data law in Nigeria, he said. But that the government would devise awareness activities for people to be enlightened. Recently, the Central Bank of Nigeria (CBN) had asked banks to require that customers submit their social media handles. Olatunji said that the CBN cannot implement such without the consent of data subjects – Nigerians. “People need to willingly avail you of the right to collect their social media information because this is their personal information,” he said.
Law to properly monitor big firms now exists.
Olatunji revealed that the agency is working on how big firms use citizens’ personal data. This includes firms such as Google, Meta, Twitter, etc. He said that the ability of the new law to adapt to situations is one of its advantages. For instance, the law has given the bureau the power to issue regulations to be able to control how emerging technologies operate and to be able to address issues of privacy in usage. Globally, the attention is focused on social media networks and even solution providers because of the importance of data protection. He said that now that the country has a law to properly monitor what these big firms are doing, Nigeria and the rest of Africa will gradually get to a point where they can achieve effective regulation.
Related Link
Cloudflare: Website
NDPB to ensure data privacy of Nigerians – Data commissioner says Nigeria Data Protection Act is being implemented. – Express your point of view.
I completely agree with you that the National Data Protection Commission (NDPC) needs to take measures to ensure the data privacy of Nigerians. It’s great to hear that the Nigeria Data Protection Act is being implemented. This will help to safeguard the sensitive information of citizens and ensure that their privacy is protected. We need to ensure that our personal data is not being used for purposes that we have not authorized, and that our sensitive information is not being accessed or shared without our consent. This is a critical issue in today’s digital age, and I’m glad to see that the NDPC is taking it seriously.
The National Data Protection Commission (NDPC) needs to take measures to ensure the data privacy of Nigerians as top priority. It’s great to note that the Nigeria Data Protection Act is being implemented already. This will help to safeguard the sensitive information of citizens and ensure that their privacy is protected to a large extent. We need to ensure that our personal data is not being used for purposes that we have not authorised and sanctioned, and that our sensitive information is not being accessed or shared without our consent. This is an important issue in today’s digital age, and I’m pleased to see that the NDPC is taking it very seriously.
For Nigerians’ data privacy to be protected, the data commissioner must implement the NDPA. The data commissioner empowers people, holds businesses accountable, and creates a framework for protecting personal data by implementing the terms of the act.
The Nigerian Data Protection Act is officially in force, which is wonderful news. Protecting citizens’ sensitive data and private information will be achievable by doing this. We must ensure that no one uses our personal information for any purposes. It demonstrates how carefully we maintain our data.