Information and Communication Technology (ICT) stakeholders have stressed the need for Nigeria to have a data protection law that will address issues of data theft and unathorised use of personal data that have over the years, put the privacy rights of Nigerians at risk.
They also called on President Muhammadu Buhari to as a matter of urgency, sign the Data Protection Bill into law without further delay.
The bill on data protection, which seeks to protect corporate and individual data from abuse and illegal use in cyberspace, was passed by the eighth National Assembly and sent to the president to sign it into law. The bill was, however, not signed before the expiration of the tenure of the eighth National Assembly in May 2019, with the reason that Nigeria has a Data Protection Regulation (DPR) that is currently being managed by the National Information Technology Development Agency (NITDA), an agency of the federal government.
Some of the stakeholders, who spoke to THISDAY, argued that what NITDA has is not a law but a regulatory document that makes implementation and enforcement less effective.
While some stakeholders are calling for the immediate signing of the Data Protection Bill, others want the ninth National Assembly to review the bill and forward it again to the president for signing.
President of the Association of Telecoms Companies of Nigeria (ATCON), Mr. Olosola Teniola, said the NITDA Data Protection Regulation is a replica of the European General Data Protection Regulation and insisted that Nigeria needed a data protection law and an established institution or agency that will enforce the implementation of the law.
Teniola further called for a stakeholders’ conference on the review of the country’s data protection law that would have the input of all relevant stakeholders before it is signed into law.
According to him,”A situation where data that is originated from Nigeria is being hosted outside Nigeria should be discouraged for national security reasons.”
The Chief Executive Officer, Paradigm Initiative, an advocacy group, Mr. Gbenga Sesan, wants the data protection bill signed into law without further delay. According to him, “NITDA’s Data Protection Regulation does not contain the full details of data protection law and it is not backed by law, which makes its implementation extremely difficult.
“Nigeria needs secondary legislation on data protection and the ninth National Assembly must rise up to the challenge and revisit the bill and review it for speedy approval by President Buhari,” Sesan said.
He further said government must put a stop to a situation where data is collected by Non-Governmental Organisations (NGOs) and other data collecting bodies, and used for personal gains without authorisation.
A United Kingdom (UK) based Information Technology expert, Mr. Davies Bamigboye, had raised the alarm over the ease at which data belonging to Nigerians are sold and harvested illegally, and blamed NITDA for the failure in enforcing the Nigeria Data Protection Regulation (NDPR) since January 2019, for the brewing security crisis on data management.
Reacting to the situation, the Director, Cybersecurity at NITDA, Dr. Dimie Wariowe, said an executive body could make a regulation that can be enforced as law, in the absence of an existing law.
He, however, said when the National Assembly eventually passes a bill on the same regulation and it is signed into law by the president, then the law supersedes the regulation.
“In the absence of the law, the regulation stands to be legally enforced, and NITDA already has a regulation on data protection that is currently being implemented,” Wariowe said, adding that a section of NITDA law states that anyone that violates the regulation of NITDA, can be punished according to the regulation, through the office of the Attorney General of the Federation.
“Nigerians need to know what is contained in the regulation and be mindful of how best to protect their data. If anyone feels infringed, he or she can rely on the regulation to seek redress and get justice,” he said.