Children’s consent in Nigerian data protection regulation
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
As the world moves into an ever-expansive digital space, this comes with its advantages and disadvantages. Businesses gain profits from their digital presence, cut overhead costs and improve their business processes at the same time. However, this progress presents problems, especially with how children use online services.
A thirteen-year-old boy picks his mother’s iPad, orders gin from an online shop and gets it delivered to his friend’s house. Some months later, the parent checks her account and notices a deduction in her account balance. She finds out that an online alcohol store bills her for some products. She was shocked as she doesn’t take alcohol. Upon investigation, she finds out that her son made the order. She calls the company and the company refuses to take any blame for what they called her “responsibility.”
Every day, these kinds of scenarios occur. Most Nigerian companies think about profit and selling their items without necessarily paying attention to their consent management schemas.
Consent is a critical element of data protection. In the scenario painted above, the company should have created various levels of support to ensure that the buyer of alcohol is old enough to make that purchase.
In the case of the company, there are specific steps the company should have taken. First, they should have verified the child’s age through an online portal. Second, the company should have created a security code triggered by the bank, which alerts the purchaser about intent to purchase an item – that way alerting the parent.
The United States has Children’s Online Privacy Protection Rule (“COPPA”) “which imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.” Over the years, this regulation has helped to protect children online. In the United Kingdom and other European countries, some laws protect the freedoms and rights of children, especially their online activities. These countries place importance on children protection, and companies are fined heavily for exposing children to risks.
There are many reasons why children’s consent is essential in data protection. Children use computers, iPads and phones daily these days and are always online for various reasons. And, as a result, they expose themselves to much harm online. There is not enough with regards to guarding children in online environs within the Nigerian business space. The Nigerian Information Technology Development Agency (NITDA) should sensitise companies on how to manage consent.
Businesses that supply services and products in Nigeria will need to tread carefully in taking in new customers. They need to ensure that the correct age limit applies before accepting any transactions. Even businesses that don’t provide online services in Nigeria but hold data relating to children still need to put consent of children into consideration.
If a business targets children, then the language of the consent should be clear. It should not be convoluted. The firm also has to put into consideration how they collect and record such consent. A good company would go an extra length to ensure that they have all the right procedures in place to manage consent in a technical and organisational manner.
To create a safe Nigeria, companies need to factor in children’s consent and minimise the danger children face both online and in physical business environs.