Book Review by Dr. Oladapo Olanipekun SAN
INTRODUCTION AND CLASSIFICATION
Privacy and Data Protection Law in Nigeria is a book written by Olumide Babalola and published in 2021 by Noetico Repertum Inc.
The book is presented in softcover binding. The cover appears in shades of blue, with an underlying theme depicting data sequencing. The book consists of 264 pages, numbered in Arabic numerals. The first 8 pages are the prefatory part of the book – a page reproducing the contents of the cover page, a Preface and the Table of Content. The remaining 255 pages contain the substantive part of the book, structured in 5 parts of 22 chapters in all. The average length of each chapter is 10 pages. The majority of the text appears in Times New Roman font type, 13 font size, with 1.15 line spacing.
In classification terms, the publication is a monograph on privacy and data protection. It is an academic publication on the subjects of privacy and data protection.
SUMMARY AND ANALYSIS
As noted earlier, the book is structured into 5 parts, with 22 chapters in all. A succinct and informative introduction to the book is provided by the author.
In summarising the book, I adopt the time-conscious and effective approach of treating the book on a part-by-part basis.
The first part of the book deals with one of the two major themes of the book- privacy. This part consists of chapters 1-5. Chapter 1 covers the Definition of Privacy and chapter 2 deals with The Taxonomy and Typology of Privacy. The Right to Privacy in Nigeria is considered in chapter 3, while chapter 4 deals with Privacy as a Tort. The part concludes with chapter 5, which considers Privacy as a Fundamental Right.
For purposes of this part, my attention is drawn to chapter 5, where the author explores the constitutional origins of the right to privacy. The author considers the provisions of Section 37 of the Nigerian Constitution, which guarantee a sixfold right to privacy- privacy of citizens, privacy of homes, privacy of correspondence, privacy of telephone conversations, privacy of telegraphic communication and privacy of family life.
The author rightly notes that the Constitution does not expressly guarantee the related right to family life. Nonetheless, this chapter sets the tone for the fundamental nature of the right to privacy, given the supremacy of the Nigerian Constitution and the fundamental nature of the rights guaranteed under Part IV of the Constitution. The author notes recent developments in technology, which have expanded the scope of the right to privacy beyond the express provisions of Section 37 of the Constitution.
This part covers data protection and consists of 3 chapters. Chapter 6 covers the Evolution of Data Protection in Nigeria and chapter 7 explores The Sources of Data Protection Law in Nigeria. The part concludes with chapter 8, which considers The Relationship between Data Protection and other Rights.
My pick for part II is chapter 6- Evolution of Data Protection in Nigeria. With specific regard to the legislative framework for data protection in Nigeria, the author chronicles the travails and ultimately failed attempts at enacting a comprehensive national principal data protection legislation. He acknowledges the NDPR as the extant and most comprehensive legislation on data protection, while identifying some sector-specific legislations which also offer data protection. The author undertakes a more detailed exposition of the legal framework for data protection in Nigeria in chapter 7 of the book – Sources of Data Protection Law in Nigeria.
This part is broadly described as Nigeria Data Protection Regulation (NDPR): Introduction, Scope and Definitions. It is the shortest part of the book, with only 2 chapters – chapters 9 and 10. The chapters are simply described as Scope and Application of the NDPR and Definitions.
Chapter 9 is pertinent, dealing with the Scope and Application of the NDPR. The author examines the seemingly extensive scope and application of the NDPR. He identifies the obvious Achilles hill of the NDPR, which is the unenforceability of certain provisions. The chapter highlights the disparity between the scope of powers conferred on the National Information Technology Development Agency (NITDA) by the NITDA Act 2007 and the scope of powers that NITDA has conferred on itself by the NDPR. The author makes specific reference to provisions relating to the manual processing of data and the supposed extra territorial applicability of the NDPR.
This chapter highlights a reoccurring feature in Nigerian legislation. The NDPR is typical of most Nigerian regulations, raising the question of the validity of the exercise of subsidiary rule making powers, where such rules exceed the scope of the principal enactment.
This part consists of 5 chapters and is generally themed – Nigeria Data protection Regulation: The Processing of Personal Data. Chapter 11 covers Principles of Data Protection, while chapter 12 examines the Lawful Bases for Data Protection. Derogations and Exemptions and Processing of Sensitive Personal Data are considered in chapters 13 and 14 respectively. Chapter 15 concludes this part, dealing with Data Security.
The pith of Part IV is chapter 11- Principles of Data Protection, which sets the tone for the part and the concepts of ‘lawful bases for data processing’, ‘sensitive data’ and ‘data security’ examined therein. The chapter explores the principles of good information handling, underpinning most data protection frameworks. The author outlines and examines in depth the principles of lawfulness, fairness and transparency; purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and accountability in relation to data protection. He equally identifies the provisions of the NDPR by which the said principles are adopted and incorporated within Nigeria’s legal framework for data protection.
Although this part appears to be less detailed than other parts of the book (it notably consists of 2 of the shortest chapters in this publication), the author lays the foundation for necessary discourse on the rights of data subjects and the obligations that pertain to data controllers.
This is the final part of the book, with the most number of chapters – chapters 16 to 22. The 7 chapters respectively cover Rights of Data Subjects; Data Protection Authority; The Enforcement of Data protection; Administrative Fines and Damages; International Transfers of Data; Personal Data Breach and Suggested reforms.
Chapter 22 is not only the epitome of this part, but sums up the entire work. The author proposes the enactment of primary legislation on data protection for Nigeria and the establishment of an independent Data Protection Authority (DPA), in light of the statutory limitations of the NITDA. The author also suggests the establishment of an Administrative Redress Panel to provide an expeditious alternative dispute resolution mechanism to ensure the timely resolution of data breach complaints from data subjects. This is important, given the delays that Nigeria’s justice system is notorious for. The author also recommends the revision of university curricula to encourage academic research and discourse on data protection, as well as judicial pragmatism to ensure the acceptance and or enforcement of data protection as a constitutional right or as a less sacrosanct but common-place private law right.
Having described the book in summary, it becomes pertinent to give my opinion of it. A book is not to be judged by its cover. However, no one is allowed to pick a book off the shelves and read it in its entirety before buying. Invariably, books are judged by covers. This book is well presented, with very neat softcover binding and lettering.
In terms of content, the book covers an area of law that is topical and arguably recondite. Topical in the sense that many Nigerians have data protection and privacy concerns in the context of repeated demands by multiple government agencies for capture of biometric and other data. Recondite to the extent that there is a dearth of legal literature dealing with the subject. Beyond journal articles and seminar presentations, I am not aware of any other legal text dedicated to these important topics prior to Olumide Babalola’s work. As such, the work is original and a significant contribution to the relevant literature.
The author demonstrates a good understanding of the relevant concepts and subject. The book adequately covers the field, as most topical issues are considered. While some are considered in detail, others are considered briefly. The bibliography evinces a well-researched publication. All sources are well referenced in compliance with the Oxford University Standard for the Citation of Legal Authorities (OSCOLA).
All 22 chapters are written in plain English. The author’s thoughts are conveyed in a succinct and articulate manner, making the book reader-friendly. Particularly, I note that the book is not over laid with legalese, so that it can be read and understood by lawyers and non-lawyers. This is important for subjects of universal concern as privacy and data protection.
The unenviable part of my task compels me to be objectively and constructively critical. Being fascinated by the discourse, I am tempted to ignore the book’s few shortcomings. Nonetheless, I have subjected it to the crucible for the sake of completeness. I note that the publication would have fared better with more thorough editorial detailing. This is particularly obvious in the use of headings for parts and chapters. Words are typed in lower and upper cases in an inconsistent and perhaps indiscriminate manner. While some headings are typed in italic, others are not. While some have the first letter of each word capitalised, a few have the entire heading in lower case. Yet, I note some with the entire heading in upper case. There is no explicable reason for this inconsistency. I also note the significantly disproportionate length of some of the chapters, with chapters 14 and 15 appearing to end abruptly. Finally, the book might have benefitted from more content in the prefatory part. I note the absence of a Foreword, Table of Statutes, Table of Cases and Table of Abbreviations. I also note the absence of an Index. I must quickly add that none of these is mandatory and their absence does not in any way detract from the quality and relevance of the book.
My task is merely to give my opinion of the book, being its first official reader. I recommend the book without hesitation. If you agree with me, get the book to read what I have read. If you disagree with me, get the book to read what I have not read.
This book was written by Olumide Babalola Esq