DATA PROTECTION AND PRIVACY RIGHTS.

KENT C.NNADOZIE

 E-commerce is central to the current trends and debate:

1. Increasing convergence of technology, business and commerce

2. Increasing pace of technological development in ICT

3. International policy/tech developments increasingly determine national policy and business activities

4. Increasing private sector involvement and clout in international business activities and agenda setting

New communications and information systems allow organisations to gather, match, share and transmit growing quantities of information about us with unprecedented speed and efficiency; in practical terms no limits to the nature, amount and use of information being collected e.g. name address, race health, financial standing, sexual orientation, personal habit.

It can be said that ICT has truly turned the world into the proverbial “village” where everybody knows everything about you. Electronic mail, the World Wide Web (www), E-commerce and E-business, satellite applications [global positioning systems, direct to home (DTH), the geographical information systems (GIS), very small aperture terminals, etc. mobile telephone], optical fibre, video on demand and video conferencing, digital imagery, distributed computing and globisation of services, are systems and services resulting from the convergences in the ICT industry.

  “Dataveillance” who is involved?

The Government, utility bodies, services providers, pollsters/researchers, mischief-makers are those involved in dataveillance.

There is an opinion that in the new information world order, there is no hiding place.

  What are the implications of dataveillence?

1.      The collection of information is not necessarily an end in itself but has a functional role to play in relation to the priority objectives in other areas of the collector’s activities.

2.      Information is money but also power over competition and the subject.

3.      The more others know about the details of our lives, the greater their opportunity to judge, influence or interfere with the choices we make.

4.      If we have to worry every time we open a bank account, use the Internet, make a purchase in a store or fill out a form- about who will see our personal information and how it will be used, we have lost a basic freedom.

5.      Technology also poses a serious threat to our privacy…identity theft, unauthorized collection and use of personal information; undue influence….both by authorities, individual and business.

6.      While advances in information technology and data management offer the promise of a new and prosperous knowledge-based economy.

7.      The moment you log on to your computer, make a call, use a credit card etc. is the point when personal privacy really disappears

 Should we be worried?

The right to privacy is fundamental to any democratic society; Protecting our privacy helps protect our independence, our ability to control our lives, and our freedom to make our own decisions. Data protection is about self-protection; it is more about protecting our whole sense of which we are, having control of our personal information is the key to our privacy

Challenges

The friction between the private rights, state security needs and business imperatives, finding a balance between the legitimate need of organizations to collect information about us and the necessity to protect our privacy, and between the ability to combat online criminal activities while providing opportunities for users to use the new technologies freely.

Policy and political context

The issues and approaches are not sufficiently integrated or articulated, insufficient institutional and infrastructural capacity. Disconnection between global trends and issues of concern at the local level; overlap as to the scope of mandates of different government agencies and departments. No effective mechanism for handling complex issues that overlap jurisdiction.

Issues in protection of privacy.

1.      Fundamental human right: UN declaration, African charter on human rights, European convention on human rights, EU directives and recommendations, constitution and national laws;

2.      Lawful interception of communications;

3.      Data protection; encryption;

4.      Duties of telecommunications network operators;

5.      Interception by foreign government.

Evolution of law and policy

Legal regimes evolve over time in response to changing situations and needs, and can also be a reflection in time of the power of various actors. A change often catalyzed by scientific breakthroughs and technological advances. Close relationship between the economic and commercial value of a resource and the attribution and allocation of legal entitlement.

Legal regimes

The legal regimes must reflect a balance between three interests, namely

·        Privacy;

·        Law enforcement and;

·        Electronic commerce.

Globally, legal processes are emerging to satisfy the second and third interests by granting more power to governments to authorize interception (under legal controls) and allowing strong encryption with secret keys. There do not appear to be adequate legal processes to protect privacy against unlawful interception, either by foreign government or by non-governmental bodies.

The 1999 constitution enshrines and guarantees this right to privacy

37. The privacy of citizens, their homes, correspondence, telephone conversations and      telegraphic communications is hereby guaranteed and protected.

    39. (1). Every person shall be entitled to freedom of expression, including freedom o hold opinions and to receive and impact ideas and information without interference.

     (2). Without prejudice to the generality of subsection (1) of this section, every person shall be entitled to own, establish and operate any medium for the dissemination of information, ideas and opinions:

Provided that no person, other than the Government of the Federation or of a state or any other person or body authorized by the President on the fulfillment of conditions laid down by an act of the National Assembly, shall own, establish or operate a television or wireless broadcasting station for, any other purpose whatsoever.

39. (3). Nothing in this section shall invalidate any law that is reasonably justifiable in a democratic society.

    (a). For the purpose of preventing the disclosure, of information received in confidence, maintaining the authority and independence of courts or regulating telephony, wireless broadcasting, television or the exhibition of cinematograph films: or

     (b). Imposing restrictions upon persons holding office under the government of the federation or of a state, members of the armed forces of the federation or members of the Nigerian police force or other government security services or agencies established by law.

45. (1). Nothing in sections 37, 38, 39, 40 and 41 of this constitution shall invalidate any law that is reasonably justifiable in a democratic society

(a)    in the interest of defence, public safety, public order, public morality or public health; or

(b)   for the purpose of protecting the rights and freedom or other persons.

 Wireless Telegraphy Act

39(1) no person shall –

(c)    Otherwise than under the authority of the minister, or in the course of his duty as a servant of the state, either –

(i)                  Use any wireless telegraphy apparatus with the intent to obtain information as to the contents, sender or addressee of any message (whether sent by means of wireless telegraphy or not) which neither the person using the apparatus nor any person on whose behalf he is acting is authorized by the Minister to receive; or

(ii)                Except in the course of legal proceedings or for the purpose of any report thereof, disclose any information as to the contents, sender or addressee of any such message, being information, which would not have come to his knowledge but for the use of wireless telegraphy apparatus by him or by another person.

Policy regimes

                  NATIONAL IT POLICY

Executive summary

4 General Objectives

                 xxiii. to promote legislation (Bills &Acts) for the protection of on-line, business transaction, privacy and security.

CHAPTER 2: INFRASTRUCTURE

2.2 objectives:

(iii) To guarantee the privacy, integrity, accuracy, confidentiality, security, availability and quality of personal information

CHAPTER 3: GOVERNANCE

 3.3 strategies

(i) Ratifying a Data Protection Act (DPA) for safeguarding privacy of national computerized records and electronic document.

(ii) Ensure the protection of individual and collective privacy, security, and confidentiality of information

(x) Providing legal safeguards for the privacy of individuals and the confidentiality of transactions against misuse.

CHAPTER 13: LEGISLATION

13.1 policy statement

• The nation shall promote and guarantee freedom and rights to information and its use, protect individual privacy and secure justice for all by passing relevant bills and acts

13.1 objectives

• (viii) To enhance freedom and access to digital information at all levels while protecting personal privacy

13.3 strategies

• (1) Sponsor and promote the establishment of the following it bills and acts to realize objectives such as freedom of access and rights to information, on-line transaction, service, payment system, privacy and confidentiality, digital signatories, and intellectual property rights
• (ii) Ensure the protection of individual and collective privacy, security, and confidentiality of information.

Issues for consideration.

Despite the constitutional provisions, in the case of public telecommunications networks, specific legal, regulatory, and technical provision must be made in order to protect fundamental rights and freedoms of natural persons and legitimate interests of legal persons, in particular with regard to the increasing risk connected with automated storage and processing of data relating to subscribers and users.

Measures must be taken to prevent the unauthorized access to communications in order to protect the confidentiality of communications by means of public telecommunication networks and publicly available telecommunications services, safeguards must be provided for subscribers against intrusion into their privacy by means of unsolicited mails, calls and telefaxes, whereas member state may limit such safeguards to subscribers who are natural persons.

OECD GUIDELINES ON THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA

1.      Collection limitation principles: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject

2.      Data quality principle: personal data should be relevant to purposes for which they are to be used, and to the extent necessary for those purposes, should be accurate, complete and up to date.

3.      Purpose specification principle: the purpose for which personal data are collected should be specified not later than at the time of collection, and the subsequent use limited to those purposes or such others as are not incompatible with those purposes and are as specified on each occasion of change of purpose.

4.      Use limitation principle: personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with[the purpose specification principle] except with the consent of the data subject or by the authority of law.

5.      Security safeguards principle: personal data should be protected by reasonable security against such risks as loss or unauthorized access, destruction, use modification or disclosure of data.

6.      Openness principles: there should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purpose of their use, as well as the identity and usual residence of the data controller

7.       Individual participation principle: an individual should have right to obtain data relating to him; to have communicated to him, data related to him, within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner and in a form that is readily intelligible to him; to be given reasons if a request is denied, and to be able to challenge such denial; and last, to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, complete or amended

8.      Accountability principles: a data controller should be accountable for complying with measures, which give effect to the principles stated, above.

Recommendation

• Encourage continued private sector leadership in the development of technology as a tool to protect, empower consumers and that includes the participation of consumer representatives in the development of effective self –regulatory mechanism that contain specific, substantive rules for dispute resolution and compliance mechanism
• Review and, if necessary, promote self-regulatory practices and/or adopt and adapt laws and practices to make such laws and practisesapplicable to electronic commerce.
• Promote the existence, purpose and contents of Guidelines as widely as possible and encourage their use; and
• Facilitate consumers` ability to both access consumer education information and advice and to file complaints related to electronic commerce.

CONCLUSION

Through judicial, regulatory, and law enforcement authorities co- operate at the international level, as appropriate, through information exchange, co-ordination, communication, and joint action to combat cross-border fraudulent, misleading and unfair commercial conduct.

Using a combination of technology, regulatory standards and VNRI to protect privacy and ensure the respect of the fundamental rights under the constitution.

designed & built by: Henry Nwachukwu

e-mail: henrynwachukwu1@yahoo.com