The Director-General/CEO of National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi, CCIE, at the National Privacy Week 2022 press conference and unveiling of the week’s activities on Monday 24th January 2022 said the critical developments in our quest towards making lives and livelihoods more sustainable in the area of data privacy. If anyone was in doubt of the importance of data protection, the massive global shift towards the frontiers of the digital economy has effectively cleared that doubt. Recent economic statistics attest to this fact.

“For instance, ICT notched a 17.92% contribution to Nigeria’s GDP in the Second Quarter of 2021 – the highest in our history. This out-performs most of the economic sectors surveyed by the National Bureau of Statistics.”

The Director-General of NITDA, Mr Kashifu Inuwa Abdullahi, disclosed the worth of the industry at a press conference in Abuja on Monday and was attended virtually by BusinessEcho Magazine, said that the industry has also created approximately 7,680 jobs for Nigerians.

The reforms in Nigeria’s data protection industry has started to yield results, as statistics released by the National Information Technology Development (NITDA) showed that the industry is now worth N4,080,000,000.

NITDA DG stated that “Stakeholders in the industry will recall that National Information Technology Development Agency (NITDA) issued the extant Nigeria Data Protection Regulation (NDPR) in 2019. The success stories of the digital economy would have been tainted by horrendous abuses if citizens who are the sole agents of socio-economic transactions are left without legal protection.”

Abdullahi said: “as we celebrate Data Privacy week in this New Year, we must render our stewardship in data protection, exchange ideas with you and layout the agenda for the Year 2022. Of course, space and time will not permit us to reel out the intricate details of what has been done and what needs to be done. Indeed, a detailed report will be presented in the course of the events that have been scheduled for this year’s Data Privacy Week. Therefore, our focus today will be on the following:

  • Impact of the NDPR on Data Privacy In Nigeria
  • Nigeria’s Growing International Reputation in Data Privacy
  • Strategy for Strengthening  Data Privacy Protection In Nigeria

Impact of the NDPR on Data Privacy In Nigeria.

The first thing we must emphasise in this regard is that data privacy is not a mere cliché for describing freedom from an embarrassing intrusion into what an individual does not wish to share with the public. Properly speaking, it is a technical concept that encompasses the safeguards for the dignity of the human person, the safety of lives and livelihoods and the socio-economic integrity of a sovereign state in the frontiers of digital civilisation.  

The NDPR has made a landmark impact on data privacy in Nigeria.  Significantly, NDPR has broadened citizens’ right to privacy as enshrined in Section 37, Part 4, 1999 Constitution of the Federal Republic of Nigeria.  Courts of competent jurisdiction have taken judicial notice of this phenomenal impact. A classic example is the decision of the Court of Appeal in the case of Incorporated Trustees of Digital Lawyers Initiative & Ors. V. National Identity Management Commission (NIMC) CA/ IB/291/2020.  We must note that the administration of justice regarding data privacy is a critical index in assessing the adequacy level of a country; with this landmark decision, Nigeria has earned herself a pride of place in the frontiers of fundamental rights.

Furthermore, before the advent of NDPR, organisations had no functional accountability system for data privacy.  NDPR created a functional accountability system for data privacy. From zero data privacy audit compliance in 2018 to 635 in 2020 and over 1,230 audit compliance in 2021. The top-performing sectors are:

  1. Finance 41%
  2. Consultancy 9.2%
  3. ICT and Digital Media 8.8
  4. Manufacturing 7.9%

What we can glean from the foregoing is a growing level of awareness. More and more, organisations and citizens are becoming conscious of the power of data and the need to regulate data processing in the interest of both individual and national security.

Nigeria’s Growing International Reputation in Data Privacy

With a population estimated to be over 200 million citizens strong, our footprints in data processing traverse every conceivable plan of human endeavour. What we do or fail to do cannot go unnoticed. Gladly, our measures in data protection are in tune with the emerging norms on data privacy in the international community. In less than two years of active implementation of NDPR in Nigeria, we were admitted to the Common Thread Network (a Network of Data Protection Authorities of Commonwealth countries). We also got accepted as a full member of the Network of African Data Protection Authorities (NADPA). Our contribution to the Africa Union’s Policy and Regulatory Initiative for Digital Africa (PRIDA) Data Protection Laws’ Harmonisation Work Group led to Nigeria being considered for inclusion in the list of countries where a developed framework for data laws harmonisation was tested.

Strategy for Strengthening Data Privacy Protection In Nigeria.

NITDA is taking a continuum of measures towards strengthening Data Privacy. We share the belief that: the price of liberty is eternal vigilance. Thus, our first measure was to licence Data Protection Compliance Organizations (DPCOs). DPCOs are mandated to, inter alia, carry out: Data Protection Regulations Compliance and Breach Services for Data Controllers and Data Administrators; Training and Awareness Services; Privacy Breach Remediation Planning and Support, etc. It is encouraging to note that we now have 103 DPCOs and we have created approximately 7,680 jobs for Nigerians in this regard. At the same time, the sum of N4,080,000,000 has been reported as the estimated value of the Data Protection Industry. Part of our vigilance measures is to monitor DPCOs and data controllers closely. We have developed an auditing template and will be issuing codes of conduct from time to time. This is to ensure that the services being rendered by DPCOs are in tune with the letters and the spirit of the NDPR.

Acknowledging that capacity building and awareness are pivotal measures to strengthen data privacy, NITDA embarked upon a series of educational programmes. In 2021 alone, NITDA executed and played a leading role in 135 capacity building programmes. Worthy of note is our pilot programmes in creating awareness among vulnerable citizens – particularly teenagers and young adults. In 2021, we carried out training programmes on NDPR in 52 secondary schools across Nigeria. The various capacity building initiatives culminated in the training of a total number of about 5,746 Nigerian. We are particularly excited by the fact that Lagos State University has developed data privacy into a full-fledged course for students while other academic institutions are also putting in place various mechanisms to entrench Data Protection in their curricula.

On the part of the government, we have commenced the process of having a national certification body on NDPR in order to build the requisite indigenous capability for driving the sector and also save Nigerians the huge amount of foreign exchange being paid for foreign certifications. I am glad to announce that the Honourable Minister of Communications and Digital Economy, Prof. Isa Ali Ibrahim (Pantami), has already approved the process and we have commenced work in earnest.

Furthermore, NITDA is collaborating with relevant agencies of government in strengthening compliance. Data privacy issues can make or mar democracies or literally undermine national security with far-reaching dire consequences to a country and its people.  For instance, according to some investigative reports by some international news agencies such as CNN, Reuters, BBC and Guardian (UK), Twitter and Facebook deleted some social media accounts operating in Nigeria and Ghana because they were linked to some foreigners who were using the said accounts to manipulate the public. Twitter categorically stated that the accounts were: “attempting to sow discord by engaging in conversation about social issues….”NDPR prohibits this manner of atrocious intrusion and manipulation of personal data. By collaborating as vanguards of Nigerian sovereignty, government agencies are sending signals to the big data community that it is not going to be business as usual.

“We must therefore use this opportunity to re-echo the directive of  President Muhammadu Buhari, GCFR, during eNigeria 2019 that: “the Nigerian e-Government Interoperability Framework, the Enterprise Architecture and the Nigeria Data Protection Regulation are in place and all Ministries, Departments and Agencies are expected to comply with these policies.”  As the government implement National Digital Economy Policy, we cannot afford to have weak links in our digital national security architecture.  We must, therefore, continue to strengthen inter-agency collaboration on data privacy in the interest of peace, security and economic growth.”

The Director-General/CEO NITDAKashifu Inuwa Abdullahi, CCIE who also double as Chief Information Technology Officer of Nigeria concluded by saying “the foregoing underpins our theme for 2022 National Data Privacy Week, namely: “Data Economics In Digital Economy:  Charting Nigeria’s Data Strategy.” To drive this home, we have scheduled several activities such as A Keynote Address by the Hon. Minister of Communications and Digital Economy, Prof. Isa Ali Ibrahim Pantami; Panel Discussions, Presentation of 2021 NDPR Report, Launching of Educational Programmes, etc. You are all invited to get involved in these events – not only for the purposes of media reportage but also as stakeholders in the overall quest of this administration towards building an inclusive digital economy.