The data protection framework remains largely inadequate, argues Comfort Yakubu

Data privacy as explained by Wikipedia ‘’is the relationship between the collection and dissemination of data, technology, the public expectation of privacy and the legal and political issues surrounding them.’’ It explains further that “privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. After the Facebook Cambridge Analytical scandal, a lot of attention was drawn to data privacy and protection globally, increasing the level of awareness on data privacy issue.

The situation in Africa is a bit different where data protection
framework remains inadequate. Kenya, for instance has an estimate of about 8.5 million people using Facebook on a monthly basis, yet has no meaningful data-protection laws.
In sub-Saharan Africa, about 123 million people are estimated to
access social networks like Facebook monthly.
However, many Africans have little or no recourse if a data breach
occurs because often regulatory safeguards don’t exist.  Privacy
groups believe African governments are deliberate on this issue
because they have vested interest, hence the non-existent laws making it easy to use citizens’ data for their interest.
It is in the light of the above that experts have continuously
lamented the danger of lack of adequate data protection, just as they call for reforms.

One of such experts, Tunji Olaopa, stated that “required policies and laws in place to address concerns such as data protection,
intellectual property and patent, online security are virtually
non-existent”. Obi Ugochukwu in his reaction to the current legal
framework on data privacy legislation noted that the data protection framework in Nigeria remains largely inadequate. The Cambridge Analytica scandal further exposed the dangers of inadequate data privacy legislation, as media reports revealed that Cambridge Analytica and its predecessor, SCL Elections, potentially manipulated the 2015 and 2007 Nigerian general elections using the data of Nigerians.
Careless data privacy laws could therefore endanger one of the most important ideals of the modern world democracy. The risks are therefore glaring. Inadequate data privacy legislation poses a
plethora of unsavoury risks to individuals, organisations and
countries alike.
Another expert, David Oluranti, explained that ‘’Aside Section 37 of the Nigerian Constitution (1999) which provides that “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected,” there is currently not one comprehensive data privacy or personal information protection law in Nigeria that sets out detailed provisions on the protection of the privacy of individuals and citizens. This calls for the passing of a law dealing specifically with issues of data privacy and the protection of the Nigerian citizen’s private information and details of such required law have been made to the Nigerian legislature.
Industry specific regulations exist which are only applicable to a
few limited industries like telecommunications and banking.’’ He added that the National Assembly needs to be proactive in passing an all-encompassing law that covers all aspects of data privacy and information technology. The Cyber Crimes Law currently in place does not address any form of breach of data privacy and all current regulations are confined to the space of particular industries.
The Cambridge analytical scandal shows how much a foreign
aggressor can achieve in undermining national security and suppressing citizens’ rights to vote and independently make up their minds about various political issues. Nigeria is yet to pay serious attention to this issue and I fear, it’s only a matter of time we’ll begin to face consequences of this lack of concern.
Africa should as a matter of urgency should take privacy laws seriously to avert unforeseen consequence of poor data privacy legislation.