The Nigerian Communications Commission (NCC) on the 7th of February 2019 announced that it has temporarily suspended the ‘Do-Not-Disturb’ (DND) 2442 short-code to enable telecom operators disseminate voter’s education information to Nigerians ahead of the general elections. (See Zakariyya Adaramola, “NCC suspends DND to enable telcos disseminate voter’s education information” Feb 7, 2019, available at https://www.dailytrust.com.ng/ncc-suspends-dnd-to-enable-telcos-disseminate-voters-education-information.html. Accessed 19/2/19).
It is submitted that the directive by NCC is a clear violation of the right to privacy of subscribers guaranteed and protected under Section 37 of the Constitution of the Federal Republic of Nigeria 1999 (as amended).
It is disturbing that the directive comes at a time when the rest of world is taking positive steps to ensure the protection of citizens’ privacy rights in an era of invasive technologies. To fully appreciate the gravity and enormity of NCC’s violation of subscribers’ constitutional right to privacy by virtue of the said directive, a review of extant privacy law is expedient.
Right to privacy
The right to privacy refers to “the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information.” (See the “Report of the Committee on Privacy and Related Matters” 1990 Cmnd. 1102, London: HMSO at 7).
It is a natural right derived from natural law. (See the case of Pavesich v. New England Life Insurance Co 122 Ga. 190 (Ga. 1905). See also Cavoukian, Ann, “Who Knows: Safeguarding Your Privacy in A Networked World” (paperback). Random House of Canada: Random House of Canada), 1995).
By section 37 of the Constitution, “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.”
This right, like every other right entrenched in the constitution, is very essential for a democratic society. It has been argued that protecting privacy in the digital age is essential to effective and good democratic governance (See “The Keys to Data Protection: A Guide for Policy Engagement on Data Protection”, Privacy International, available at http://www.privacyinternational.org).
The right covers “a wide range of issues such as confidential correspondence, email and internet use, medical history, personal data, eavesdropping, sexual orientation and personal life styles.” (See Olomojobi, Yinka, “Right to Privacy in Nigeria” (October 31, 2017). Available at: http://dx.doi.org/10.2139/ssrn.3062603).
In the case of Medical and Dental Practitioners Disciplinary Tribunal v. Okonkwo (2001) 6 NWLR (Pt.710), the Supreme Court per Ayoola J.S.C stated as follows: “The right to privacy implies a right to protect one’s thought; and one’s body from unauthorized invasion… The sum total of the rights of privacy and of freedom of thought, conscience or religion which an individual has, put in a nutshell, is that an individual should be left alone to choose a course for his life, unless a clear and compelling overriding state interest justified the contrary”.
Apart from the constitutional recognition of privacy right, there also exists liability for violation in tort. A privacy violation in the context of the common law tort of intrusion requires that the defendant intentionally intrudes into a place, conversation, or matter as to which the plaintiff has a reasonable expectation of privacy; and that the intrusion must occur in a manner highly offensive to a reasonable person. As to the first element of the common law tort, the defendant must have “penetrated” some zone of physical or sensory privacy in violation of the law or social norms. In either case, the expectation of privacy must be objectively reasonable.Today, the law of privacy is believed to transcend the scope of the common law tort of breach of confidence. It is now concerned with personal information of an individual in a state of total or limited exclusion to other members of the society. (See Nwauche, “The Right to Privacy in Nigeria”, Review of Nigerian Law and Practice Vol. 1(1) 2007, Centre for African Legal Studies).
The concept of privacy primarily connotes:
- Information Privacy
- Bodily Privacy,
- Privacy of Communications; and
- Territorial Privacy. (See Adekunle, Adedeji, “Right to Privacy and Law Enforcement”, Text of a Lecture Presented at the Ogun State Judges’ Conference (OJSC), 27th September 2016. Retrieved 25/9/2018).
In Douglas and Zeta Jones v Hello! QB 967, 1011 [para 126], Sedley J observed that “What a concept of privacy does, however, is accord recognition to the fact that the law has to protect not only those people whose trust has been abused but those who simply find themselves subjected to an unwanted intrusion into their personal lives. The law no longer needs to construct an artificial relationship of confidentiality between intruder and victim: it can recognize privacy itself as a legal principle drawn from the fundamental value of personal autonomy.”
It must be noted that the determination of what is private is at the instance of the individual. It is at his discretion to determine facts that are private and otherwise. Accordingly, there must be a conscious desire to keep the facts private or to live a life devoid of unsolicited intrusions.
Interestingly, the proliferation of technology has created greater need to ensure that privacy is not undermined. In fact, the preamble to NITDA’s National Information Systems and Network Security Standards & Guidelines 2013 points out that “many establishments have migrated their businesses to the online environment. Information networks in both the private and public sectors now drive service delivery in the country. These networks have thus become critical information infrastructure which must be safeguarded”.
It has been acknowledged that, “our increasing dependence on computers, the outsourcing of information technology functions and the growing value of data have all increased businesses’ vulnerability to data breaches and cyber security issues.” (See Maguire, Shauna & Lund, Siska, “Taking a leadership role on data security, risk and governance”, Legal Business World, January 29, 2019 Available at https://www.legalbusinessworld.com/single post/2019/01/29/Taking-a-leadership-role-on-data-security-risk-and-governance Accessed 29/1/2019).
According Privacy International, new challenges are emerging in the form of new technologies and business models, services, and systems increasingly rely on analytics, ‘Big Data’, data sharing, tracking, profiling, and artificial intelligence. This reinforces the fact that the world needs strong and robust privacy laws now more than ever before.
There is nothing ordinarily wrong with the explosive growth in technology. But as pointed out by Kipper, “technology is not bound to ethics. It is the application and use of that technology that brings ethics into it” (See Kipper, Gregory, “Wireless Crimes and Forensic Investigation”, Auerbach Publications, 2007, p 18).
Thus, the breach of privacy can be either by unlawful ‘intrusion’ or ‘disclosure’ or both because the issue of privacy arises where private information of an individual is made public by a third party without his/her authorisation (disclosure) and/or where the person or property of an individual is invaded by means of illegal and unlawful access or searches (intrusion).
NCC’s “Do Not Disturb” 2442 Shortcode
In 2016, the NCC issued a Directive to the telecommunications service providers in the country to activate the DO NOT DISTURB (DND) facility which gives subscribers the freedom to choose what messages to receive from the various networks operators (NOs). The NOs were mandated to dedicate a common Short Code (2442) which will enable subscribers take informed decisions. (See “NCC Enforces 2442 “Do Not Disturb” Shortcode”, The Communicator, available at https://www.ncc.gov.ng/thecommunicator/index.php?option=com_content&view=article&id=1363:ncc-enforces-2442-qdo-not-disturbq-shortcode&catid=25&Itemid=179 Accessed 19/2/19).
According to the Commission, the action was taken in order to protect subscribers from the nuisance of unsolicited texts. In other words, it is a direct regulatory response to the series of complaints laid by subscribers on invasion of their privacy. The DND can, therefore, be seen as a regulatory milestone because it takes cognizance of the broad range of services and ensures that operators give the necessary instructions and clarifications to enable subscribers choose whether or not to subscribe. (See “NCC launches TV commercial on ‘Do Not Disturb’ for unsolicited messages” Vanguard Newspaper, MARCH 19, 2018. Read more at: https://www.vanguardngr.com/2018/03/ncc-launches-tv-commercial-not-disturb-unsolicited-messages/).
While kickstarting mandatory implementation of the ‘Do-Not- Disturb’ code, the Commission threatened that huge sanctions awaited any operator that failed to comply with the directive. (See Daily Trust pg.13 (Friday, July 1, 2016)). Admittedly, the implementation of the DND by NCC was a very innovative step in the protection of privacy right. It curtailed arbitrary, unnecessary and unwarranted intrusion by NOs. Those invasive advertisements and/or promotions which often give birth to unjustified deductions have been stemmed by the DND implementation. The implementation aligns with the intendment of Section 37 of the Constitution and gives life to it vis-à-vis invasion of privacy.
However, despite such positive step in ensuring the protection of subscribers’ right to privacy, the recent decision by the Commission to temporarily suspend the code for the purpose of election is arbitrary and unconstitutional. This submission is anchored on the reasons provided hereunder.
Why the NCC directive is an infringement of the constitution
The right to privacy is a constitutional right. In other words, it is guaranteed and protected by the constitution. That makes it an important right that should be cherished and safeguarded. The practice of sending unsolicited text messages to subscribers has been adjudged invasive and an infringement of right to privacy. The suspended DND was a mechanism put in place by the Commission pursuant to its statutory role and upon series of complaints by subscribers to checkmate violation of subscribers’ constitutional right to privacy. It facilitates compliance with the constitution and leaves the option of choosing whether or not to receive unsolicited messages entirely to the subscribers whose right the constitution guarantees and protects.
By suspending implementation of the code for the purpose of election or for any reason whatsoever, the Commission has exposed the subscribers to intrusion through unsolicited messages which irrefutably infringes on their right to privacy guaranteed and protected by the constitution. As pointed out earlier, implementation of the code forestalls arbitrary violation of subscribers’ right to privacy. It was a child of necessity that should not be suspended under the guise of election or voters education when there are actually millions of ways the INEC or other stakeholders in the election can reach out to potential electorates. They do not have to violate the constitution using elections or voters’ education as excuse.
It is hereby submitted that NCC has violated and further facilitates the violation of the constitutional right of subscribers whose privacy would be or has already been invaded as a result of the suspension of the DND code. As a body statutorily established to regulate the relevant sector, it is wrong for NCC to bring about a policy, decision or directive that would result in massive violation of the constitutional right of subscribers through invasive SMSs or flash messages.
There are many ways the Independent National Electoral Commission (INEC) or other stakeholders in the electoral process can reach out to the electorates with educational information without necessarily violating the constitutional right of subscribers. The unconstitutionality of the NCC’s decision to suspend the DND is further reinforced by the fact that the right to privacy which DND strives to protect was not bestowed by NCC and cannot be arbitrarily suspended without recourse to the constitutional implication of such decision.
NCC and INEC have already been accused of allowing political parties access to personal information of potential voters without their consent. According to International Centre for Investigative Reporting (ICIR), “the information gathered is used to locate a prospective voter and the area he or she had registered to vote, and then solicit a vote for President Buhari.” (See Olugbenga Adanikin, “2019 Election: How APC May Have Benefited from NCC, INEC Breach of Voters’ Privacy – NCC, INEC Reveal Public Data for Political Gain”, International Centre for Investigative Reporting, Feb 1, 2019, available at https://www.icirnigeria.org/2019-election-how-apc-may-have-benefited-from-ncc-inec-breach-of-voters-privacy accessed 19/2/19).
On a whole, whether or not NCC and INEC did reveal personal information to political parties as insinuated in the article above, the truth remains that by suspending the DND code, NCC has exposed the fundamental right of subscribers to infringement and as a result has breached the provisions of the Constitution in respect of privacy of the subscribers being or likely to be infringed in consequence of such exposure.
Alexander Asuquo is a Lagos-based privacy law expert and consultant.
Revealed! How I finally got rid of STDs and UTI infections naturally, completely and became free… it’s 100% natural and has no side effects!Themes on the New Employees’ Compensation Act ---Order now!!
For enquiries and order please contact: HYBRID CONSULT, Tel: 08066192650, 08033739869, email@example.com, firstname.lastname@example.org.