NITDA’s Data Regulation Can Lead to Clash with NCC, ALTON Alleges


Emma Okonji 

Association of Licensed Telecoms Operators of Nigeria (ALTON) has raised concern over the impending danger in the implementation of the country’s data protection regulation document by the National Information Technology Development Agency (NITDA), insisting that such action will cause serious regulatory friction between the Nigerian Communications Commission (NCC) and NITDA.

ALTON, in a statement by its Chairman, Mr. Gbenga Adebayo, and its Executive Secretary, Mr. Kazeem Oladepo, said the current issue with NITDA implementing its data protection regulation document, requires urgent intervention by the commission to safeguard the interest of market players and preserve the powers of the commission.

According to the statement, in a bid to avoid a situation where industry members are caught in the crossfire of multiple regulation, we respectfully request the commission’s guidance on how to proceed with the NITDA on the aforementioned frameworks and regulation. The guidance would provide the much-needed clarity for the industry moving forward.

ALTON members had argued that data protection regulation is all  about public internet and communication, which is directly under the purview of the NCC, and wonder why NITDA, which supposed to confine itself with IT Policy implementation, should delve into data protection regulation that is directly under the control of the NCC.

ALTON members had argued that what Nigeria needs is data regulation law and not data protection regulation.

Reacting to ALTON’s concern, NITDA’s Lawyer, Barrister Emmanuel Edet, said NITDA’s mandate permits it to embark on any regulation that has to do with Information Technology (IT).

He said NCC was established to regulate telecoms and not content that has to do with data protection.

Although Edet agreed the Nigeria needed a Data Protection Law, but stressed that in the absence of the law, Nigeria could make do with Data Protection Regulation, which NITDA is currently implementing.

NCC Director Public Affairs, Dr. Henry Nkemadu, however told THISDAY that the commission would respond to the issue in due course.

ALTON had on July 30 wrote the NCC, calling for its intervention, to save the situation of a possible clash in regulatory roles.

According to the letter, which was received at the NCC Lagos Zonal office on August 6, and attention to the Director, Legal and Regulatory Affairs at NCC, Mrs. Yetunde Akinloye, and the Director, Compliance Monitoring and Enforcement at NCC, Mr. Mr. Efosa Idehen, ALTON said by implication, it would appear that NITDA has assumed the role of a Data Protection Agency in Nigeria and its regulation overrides the commission’s existing provision on data processing in the industry.

In this regard, the letter noted NITDA recently announced in the print media that it has commenced investigation of alleged breach of data security of customers by telecommunications companies and banks.

Part of the letter reads: “We bring to the attention of the commission, recent enactment of regulations, frameworks and guidelines by the National Information Technology Development Agency (NITDA), which bothers somewhat on communications matters within the regulatory purview of the NCC.

“Specifically, we draw the commission’s attention to the following subsidiary legislation(s) and framework(s) issued by NITDA and concerns thereto: 1. Framework and Guidelines for Public Internet Access (PIA) 2019 The said Framework sets out rules for the provision of Public Internet Access without regard to the powers of the Commission and extant competition considerations. We note the Framework empowers NITDA to license a Public Internet Access Provider (PIAP) which technically is a provider of data services and prescribes minimum quality of service for such providers. The key concern is that NITDA appears to be assuming the role of a parallel regulator for data services.

“Framework for Data Centre Facilities: NITDA wrote to some of our members in July 2019 stating it has commenced registration of Data Centre facilities in Nigeria and requested that they initiate the registration of their Data Centre facilities with NITDA. According to NITDA, the registration is in furtherance of Presidential Executive Orders 003 and 005 on local content development. However, a careful review of the Orders does not reveal anything specific to the operation of data centres.

“Nigeria Data Protection Regulation 2019: The Nigeria Data Protection Regulation 2019 defines the rules governing the processing of data. It contains far-reaching provisions on personal data which includes communications identifiers such as IP address, IMEI number, IMSI number, SIM and Personal Identifiable Information, etc., as well as the procedure for procuring consent from customers and the transfer of data outside of Nigeria.”

“The foregoing developments bring to light the dreaded multiple regulation, which has been a reoccurring challenge for the industry.”