The attention of the National Information Technology Development Agency (NITDA) has been drawn to an article by a well-meaning Nigerian titled- New NCC directive will push telcos to violate Nigeria Data Protection Regulation (NDPR) published on 18th October, 2019 across various online media. NITDA appreciates the increasing level of civil discuss and interrogation of the NDPR by many Nigerians. We believe these kinds of engagement leads to the development of robust and effective regulatory regimes that works for all.
The writer was of the opinion that the Nigeria Communication Commission’s (NCC) directive to telecommunication companies to store and make available recordings of communications carried out over their network is antithetical to the provisions of the NDPR. We want to use this medium to educate all concerned Nigerians on the bands of privacy and national security.
The right to privacy which the NDPR seeks to protect is established by Section 37 of the 1999 Constitution (as amended). The right is however limited by Section 45. (1) which provides: Nothing in sections 37, 38, 39, 40 and 41 of this Constitution shall invalidate any law that is reasonably justifiable in a democratic society (a) in the interest of defence, public safety, public order, public morality or public health; The right to privacy protection is subject to reasonably, justifiable law for public safety and order.
This same sentiment is shared by Article 2 of the European Union General Data Protection Regulation (GDPR) which provides:
This Regulation does not apply to the processing of personal data:
(d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Furthermore, Article 2.2 of the NDPR provides multiple basis for processing of personal data. While all data processing must be founded on legitimate interest, the other basis for processing include- consent of data subject, legal interest, contract of parties, public interest and vital interest of the data subject. The NCC’s directive is predicated on legitimacy and public interest.
It is gratifying to note that the communications sector under the able leadership of Dr Isa Ali Ibrahim Pantami, the Honourable Minister of Communications, is working in symmetry to protect Nigerians, increase opportunities and improve ease of doing business in the sector. NCC, like every other government agency is working hard to implement the NDPR as there is a consensus that the Regulation, is at the moment the country’s most comprehensive law on data protection.
The National Information Technology Development Agency (NITDA) is a Federal Government Agency under the supervision of the Federal Ministry of Communications. NITDA is established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country. Specifically, Section 6(a, b, c, f & m) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; provide guidelines to facilitate the establishment and maintenance of appropriate infrastructure for information technology and systems application and development in Nigeria for public and private sectors, urban-rural development, the economy and the government; render advisory services in all information technology matters to the public and private sectors and accelerate internet and intranet penetration in Nigeria and promote sound internet Governance by giving effect to the Second Schedule of the Act.
Kashifu Abdallahi Inuwa, CCIE
Chief Information Technology Officer of Nigeria
Corporate Headquarters, Garki, Abuja
21st October, 2019