Relationship Between Data Protection And Other Human Rights In Nigeria

By Agukwe Lynda

Introduction

“Digital freedom stops where that of the user begins. Nowadays, digital evolution must no longer be offered to a customer in trade-off between privacy and security. Privacy is not for sale, it is a valuable asset to protect.”[i]

In this 21^st century where there is an estimated 3.6 billion social media users worldwide,[ii] in which virtually everyone has their personal data online, there is need to adequately protect user information to prevent events of transfer and unlawful exploitation by criminals. In 2018 for instance, Facebook experienced data breaches which exposed over fifty million personal records of users to abuse by criminals.[iii] This article focuses on the relationship between data protection and other human rights in Nigeria, and how adequate protection of individual’s data through proper data policies, laws and regulation would do well to reduce issues of data abuse and breaches which in the grand scheme of things has impacts on the protection and preservation of the fundamental rights of Nigerians.

Relationship between Data Protection And Human Rights In Nigeria

Generally, data protection policies are aimed at bestowing on an individual the right to be informed and decide whether information about them should be published or not. Data protection policies therefore enables an individual to gain control over how certain information about them should be used, where it should be used and when unlawful, incorrect or where such information is outdated, the right to erasure or rectification.[iv]

In Nigeria, there are various legal frameworks regulating the protection of both personal and sensitive information provided by a data subject. The primary law for data protection and privacy in Nigeria is the Nigeria Data Protection Regulation 2019 (NDPR). Aside this regulation, there are other legal frameworks that protect data subjects. Some of which are;The Constitution of the Federal Republic of Nigeria, 1999 (as amended) (CFRN), Cybercrime (Prohibition Prevention) Act2015, The Central Bank of Nigeria Consumer Protection Framework 2016, The Nigeria Communications Commission (Registration of telephone subscribers) Regulations 2011,the Credit Reporting Act 2017,. These laws regulate data processing and ensure data privacy and protection.

The Constitution of Nigeria provides for several fundamental human rights which everyone is entitled to, save for certain exceptions. A derogation of some of these rights may lead to breach of data privacy. Equally, adequate protection of these rights would translate to data privacy protection.

Section 37 of the CFRN provides for the right to privacy. Generally, the reason for the incorporation of this right is to give adequate protection to the personal affairs of individuals and prevent unlawful intrusion and Interference[v] Thus, the key relevance of this right rest on the ability to duly give consent before an individual’s personal data is disseminated, transferred to a third party or exploited. In Amuda v Saraki[vi] the court held that the use of the plaintiff’s photograph on a billboard without her consent constituted an infringement to her right to privacy as enshrined in the CFRN. The right to privacy forms the basis for data protection. Paragraph 2.1 of the NDPR mandates a data controller to obtain consent from the data subject before processing his or her personal data. A Data Controller according to the NDPR is a person who determines the purposes for and the manner in which personal data is processed.[vii] More so, paragraph 1.2(c) of the NDPR stipulates that the regulation should not be applied in such a way that privacy rights of individuals guaranteed under any law will be infringed. In the main, the scope of data protection places emphasis on consent of data subject which is generally the pillar of the right to privacy.

Secondly, section 34(1)(a) of the CFRN provides that every person is entitled to respect for the dignity of his human person and as such, no person shall be subjected to torture, or degrading or inhuman treatment. Freedom from torture and degrading inhuman treatment is a universally enjoyed right which protects all individuals from being unlawfully subjected to severe physical or psychological distress for purposes which includes to obtain information from a person contrary to voluntary consent. Thus, consent and voluntariness are the pillars of this right. Paragraph 2.1 of the NDPR stipulates that the right to dignity of human person must be adhered to while personal data of an individual is being processed. To this end, an individual must not be subjected to torture or cruel treatment in order to obtain or retrieve his/her data. Such rights must be exercised freely.

Additionally, the provision of section 39 of the constitution guarantees the right to freedom of expression. That is, right to hold and receive information, and the right to impart ideas. Summarily, this provision of the constitution guarantees the right to inform and be informed. However, for one to duly exercise this right, one needs a private space free from incessant interference or intrusion either by the government, private body or any institution. The government of China has internet surveillance on its citizens[viii] and in 2020, China ranked last place in terms of internet freedom scoring only ten index points based on various factors including obstacles to access, limits on contents and violation of citizen’s media right.[ix] In this digital age, where a lot of human activities takes place online and almost every act done is online, for example, online chats, comments on social media etc. is an act of expression, data protection policies are usually enabled to ensure that individuals are allowed to express themselves without intrusion, interference or surveillance. Paragraph 2.12 of the NDPR therefore, directs a data controller to not only seek consent from a data subject but to ensure that a data subject is informed on the extent to which the personal and sensitive information obtained or to be obtained from them would be used. A data subject’s data cannot be obtained for one purpose and then used for another purpose without his/her consent. This provision also ensures that a data subject is not unduly placed on surveillance without being duly informed.

Lastly, section 42 of the Constitution provides for the right to freedom from discrimination on grounds of sex, ethnicity, religion, community, place of origin and political opinion. Discrimination in line with the provision of the constitution tends to occur when a person is treated less favorable than others due to the circumstances mentioned above. In order to uphold an adequate protection of this right, the NDPR directs a data controller to develop security measures to protect sensitive data.[x] As a general rule, sensitive data is not allowed to be collected because its tends to encourage discrimination. However, where it is collected, the data controller is placed on a high obligation to protect such data and use it only for the reason for which it was collected, after the data subject must have been duly informed.

Conclusion

The scope of data protection deals with the safeguard that is observed while handling individual’s data and the method of preventing such data from being lost, corrupt, compromised or getting in the possession of an unauthorized person. Thus, as discussed above, the adequate protection of human rights also implies protection of data privacy. Therefore, the protection of data privacy is rooted in the protection of a person’s right to privacy under the CFRN.

Agukwe Lynda, a 400l law student of University of Nigeria

References

[i]Stephano Nappo (March 2018) available at https://www.linkedin.com/pulse/digital-freedom-stops-where-users-begins-st%C3%A9PHANE-nappo accessed February 10 2022.

[ii]Statista Research Department, “Number of Global Social Network Users 2017-2025”(January 2021)available at https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/ accessed February 10 2022.

[iii]Mike Isaac and Sheera Frenkel “Facebook Security Breach Exposes Accounts of 50 million Users”(September 2018) https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html accessed february 10 2022.

[iv] NDPR, Paragraph 1.3.

[v]C.M Anozie, “General principles of Constitutional Law”(2nd edition)(2005)p. 203.

[vi] FHC/L/CS/193/2019 Judgment delivered by Justice Faji of FHC Lagos on 27 April,2020.

[vii] Paragraph 1.3 NDPR

[viii]Privacy International’s Head of International Advocacy,Carly Nyst,”The two sides of the same coin-the right to privacy and freedom of expression”(February 2018) available at https://privacyinternational.org/blog/1111/two-sides-same-coin-right-privacy-and-freedom-expression accessed February 10 2022

[ix]Joseph Johnson,”Freedom house Index:Internet freedom in selected countries 2020(February 2020) available at < https://www.statista.com/statistics/272533/degree-of-internet-in-selected-countries/ >accessed February 10 2021.

[x]NDPR, 2019,Paragraph 2.6.