DATA PROTECTION AND PRIVACY RIGHTS.
E-commerce is central to the
current trends and debate:
Increasing convergence of technology, business
Increasing pace of technological development
International policy/tech developments
increasingly determine national policy and business activities
Increasing private sector involvement and
clout in international business activities and agenda setting
New communications and
information systems allow organisations to gather, match, share and transmit
growing quantities of information about us with unprecedented speed and
efficiency; in practical terms no limits to the nature, amount and use of
information being collected e.g. name address, race health, financial
standing, sexual orientation, personal habit.
It can be said that ICT has
truly turned the world into the proverbial “village” where everybody knows
everything about you. Electronic mail, the World Wide Web (www), E-commerce
and E-business, satellite applications [global positioning systems, direct
to home (DTH), the geographical information systems (GIS), very small
aperture terminals, etc. mobile telephone], optical fibre, video on demand
and video conferencing, digital imagery, distributed computing and
globisation of services, are systems and services resulting from the
convergences in the ICT industry.
who is involved?
The Government, utility
bodies, services providers, pollsters/researchers, mischief-makers are those
involved in dataveillance.
There is an opinion that in
the new information world order, there is no hiding place.
What are the implications of
The collection of information is not necessarily an end in
itself but has a functional role to play in relation to the priority
objectives in other areas of the collector’s activities.
Information is money but also power over competition and the
The more others know about the details of our lives, the
greater their opportunity to judge, influence or interfere with the choices
If we have to worry every time we open a bank account, use
the Internet, make a purchase in a store or fill out a form- about who will
see our personal information and how it will be used, we have lost a basic
Technology also poses a serious threat to our
privacy…identity theft, unauthorized collection and use of personal
information; undue influence….both by authorities, individual and business.
While advances in information technology and data management
offer the promise of a new and prosperous knowledge-based economy.
The moment you log on to your computer, make a call, use a
credit card etc. is the point when personal privacy really disappears
Should we be worried?
The right to privacy is fundamental to any
democratic society; Protecting our privacy helps protect our independence,
our ability to control our lives, and our freedom to make our own decisions.
Data protection is about self-protection; it is more about protecting our
whole sense of which we are, having control of our personal information is
the key to our privacy
The friction between the private rights,
state security needs and business imperatives, finding a balance between the
legitimate need of organizations to collect information about us and the
necessity to protect our privacy, and between the ability to combat online
criminal activities while providing opportunities for users to use the new
Policy and political
The issues and approaches are not
sufficiently integrated or articulated, insufficient institutional and
infrastructural capacity. Disconnection between global trends and issues of
concern at the local level; overlap as to the scope of mandates of different
government agencies and departments. No effective mechanism for handling
complex issues that overlap jurisdiction.
Issues in protection
right: UN declaration, African charter on human rights, European convention
on human rights, EU directives and recommendations, constitution and
telecommunications network operators;
Evolution of law and
Legal regimes evolve over time in response to
changing situations and needs, and can also be a reflection in time of the
power of various actors. A change often catalyzed by scientific
breakthroughs and technological advances. Close relationship between the
economic and commercial value of a resource and the attribution and
allocation of legal entitlement.
The legal regimes must reflect a balance
between three interests, namely
Law enforcement and;
Globally, legal processes are emerging to
satisfy the second and third interests by granting more power to governments
to authorize interception (under legal controls) and allowing strong
encryption with secret keys. There do not appear to be adequate legal
processes to protect privacy against unlawful interception, either by
foreign government or by non-governmental bodies.
The 1999 constitution enshrines and
guarantees this right to privacy
The privacy of citizens, their homes, correspondence, telephone
conversations and telegraphic communications is hereby guaranteed and
39. (1). Every person shall be entitled to freedom of expression, including
freedom o hold opinions and to receive and impact ideas and information
(2). Without prejudice to the generality of subsection (1) of this section,
every person shall be entitled to own, establish and operate any medium for
the dissemination of information, ideas and opinions:
Provided that no person, other than the
Government of the Federation or of a state or any other person or body
authorized by the President on the fulfillment of conditions laid down by an
act of the National Assembly, shall own, establish or operate a television
or wireless broadcasting station for, any other purpose whatsoever.
Nothing in this section shall invalidate any law that is reasonably
justifiable in a democratic society.
(a). For the purpose of preventing the
disclosure, of information received in confidence, maintaining the authority
and independence of courts or regulating telephony, wireless broadcasting,
television or the exhibition of cinematograph films: or
(b). Imposing restrictions upon persons
holding office under the government of the federation or of a state, members
of the armed forces of the federation or members of the Nigerian police
force or other government security services or agencies established by law.
Nothing in sections 37, 38, 39, 40 and 41 of this constitution
shall invalidate any law that is reasonably justifiable in a democratic
in the interest of
defence, public safety, public order, public morality or public health; or
for the purpose
of protecting the rights and freedom or other persons.
no person shall –
Otherwise than under
the authority of the minister, or in the course of his duty as a servant of
the state, either –
Use any wireless
telegraphy apparatus with the intent to obtain information as to the
contents, sender or addressee of any message (whether sent by means of
wireless telegraphy or not) which neither the person using the apparatus nor
any person on whose behalf he is acting is authorized by the Minister to
Except in the course
of legal proceedings or for the purpose of any report thereof, disclose any
information as to the contents, sender or addressee of any such message,
being information, which would not have come to his knowledge but for the
use of wireless telegraphy apparatus by him or by another person.
NATIONAL IT POLICY
4 General Objectives
xxiii. to promote
legislation (Bills &Acts) for the protection of on-line, business
transaction, privacy and security.
CHAPTER 2: INFRASTRUCTURE
(iii) To guarantee the privacy, integrity,
accuracy, confidentiality, security, availability and quality of personal
CHAPTER 3: GOVERNANCE
Ratifying a Data Protection Act (DPA) for safeguarding privacy of national
computerized records and electronic document.
Ensure the protection of individual and collective privacy, security, and
confidentiality of information
Providing legal safeguards for the privacy of individuals and the
confidentiality of transactions against misuse.
CHAPTER 13: LEGISLATION
13.1 policy statement
- The nation shall promote
and guarantee freedom and rights to information and its use, protect
individual privacy and secure justice for all by passing relevant bills
- (viii) To enhance
freedom and access to digital information at all levels while protecting
- (1) Sponsor and promote
the establishment of the following it bills and acts to realize objectives
such as freedom of access and rights to information, on-line transaction,
service, payment system, privacy and confidentiality, digital signatories,
and intellectual property rights
- (ii) Ensure the
protection of individual and collective privacy, security, and
confidentiality of information.
Issues for consideration.
Despite the constitutional
provisions, in the case of public telecommunications networks, specific
legal, regulatory, and technical provision must be made in order to protect
fundamental rights and freedoms of natural persons and legitimate interests
of legal persons, in particular with regard to the increasing risk connected
with automated storage and processing of data relating to subscribers and
Measures must be taken to
prevent the unauthorized access to communications in order to protect the
confidentiality of communications by means of public telecommunication
networks and publicly available telecommunications services, safeguards must
be provided for subscribers against intrusion into their privacy by means of
unsolicited mails, calls and telefaxes, whereas member state may limit such
safeguards to subscribers who are natural persons.
OECD GUIDELINES ON THE
PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA
Collection limitation principles: There should be
limits to the collection of personal data and any such data should be
obtained by lawful and fair means and, where appropriate, with the knowledge
or consent of the data subject
Data quality principle: personal data should be
relevant to purposes for which they are to be used, and to the extent
necessary for those purposes, should be accurate, complete and up to date.
Purpose specification principle: the purpose for
which personal data are collected should be specified not later than at the
time of collection, and the subsequent use limited to those purposes or such
others as are not incompatible with those purposes and are as specified on
each occasion of change of purpose.
Use limitation principle: personal data should not be
disclosed, made available or otherwise used for purposes other than those
specified in accordance with[the purpose specification principle] except
with the consent of the data subject or by the authority of law.
Security safeguards principle: personal data should
be protected by reasonable security against such risks as loss or
unauthorized access, destruction, use modification or disclosure of data.
Openness principles: there should be a general policy
of openness about developments, practices and policies with respect to
personal data. Means should be readily available of establishing the
existence and nature of personal data, and the main purpose of their use, as
well as the identity and usual residence of the data controller
Individual participation principle: an individual
should have right to obtain data relating to him; to have
communicated to him, data related to him, within a reasonable time,
at a charge, if any, that is not excessive, in a reasonable manner and in a
form that is readily intelligible to him; to be given reasons if a request
is denied, and to be able to challenge such denial; and last, to challenge
data relating to him and, if the challenge is successful, to have the data
erased, rectified, complete or amended
Accountability principles: a data controller should
be accountable for complying with measures, which give effect to the
principles stated, above.
- Encourage continued private sector leadership in the
development of technology as a tool to protect, empower consumers and that
includes the participation of consumer representatives in the development
of effective self –regulatory mechanism that contain specific, substantive
rules for dispute resolution and compliance mechanism
- Review and, if necessary, promote self-regulatory
practices and/or adopt and adapt laws and practices to make such laws and
practisesapplicable to electronic commerce.
- Promote the existence, purpose and contents of
Guidelines as widely as possible and encourage their use; and
- Facilitate consumers` ability to both access
consumer education information and advice and to file complaints related
to electronic commerce.
regulatory, and law enforcement authorities co- operate at the international
level, as appropriate, through information exchange, co-ordination,
communication, and joint action to combat cross-border fraudulent,
misleading and unfair commercial conduct.
Using a combination of
technology, regulatory standards and VNRI to protect privacy and ensure the
respect of the fundamental rights under the constitution.