Reimagining privacy protection in the Nigerian market (1)

This article is broken into two parts. Part I covers some realities about the increasing opportunities presented by the expansion of the digital landscape in Nigeria while the second touches on a pathway that will create a more customer centric digital environment that will be beneficial to players.

Part I

The rise of the digital economy in Nigeria is a double-edged sword. On one hand, it has propelled us into the global economic arena, providing small businesses and tech start-ups with unprecedented opportunities. On the other hand, the digital age has brought a host of privacy concerns that, if not addressed promptly, could jeopardise the nation’s social and economic fabric.

According to the Nigerian Communications Commission (NCC), the country had over 187 million mobile phone subscribers as of December 2021, signifying a mobile penetration rate of approximately 91 percent. While this has fuelled the growth of e-commerce platforms like Jumia and Konga, and fintech innovations like Paystack and Flutterwave, it has also left an enormous data footprint vulnerable to misuse.

Despite Nigeria’s Data Protection Regulation 2019 (NDPR) being in effect, the framework largely remains under-enforced.

A 2021 study by Paradigm Initiative showed that only 16 percent of surveyed companies in Nigeria were fully compliant with the NDPR. This brings us to the pressing question: How can we build a robust privacy protection model suited to the Nigerian market?

The current landscape is filled with glaring inadequacies. For instance, e-commerce companies often demand extensive personal data without clear policies on how this information will be stored or used. Similarly, reports of SIM card fraud and identity theft are common, yet these incidents rarely lead to significant changes in policy or practice.

Nigeria can draw lessons from global privacy protection models such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). These models operate on the principles of data minimisation, explicit consent, and stringent penalties for data misuse. While implementing this wholesale may be challenging due to infrastructural and educational barriers, certain elements can be localised for immediate impact.

For example, South Korea is a prime example of stringent data protection laws coupled with high public awareness. Not only do businesses face heavy fines for data breaches, but the country also invests in educating the public about their rights. This two-pronged approach is something Nigeria could adopt.

Estonia has established a robust system of secure digital identities, allowing citizens to perform secure transactions online without sacrificing personal data. By using secure yet simple technologies, Estonia offers a model that could be adapted in Nigeria, especially in the banking and fintech sectors.

A 5-point plan for Nigeria

Compliance auditing: Regular auditing can ensure that businesses adhere to data protection regulations, potentially with the involvement of third-party auditors.

Public awareness: Invest in public campaigns to educate citizens on their data rights and the risks associated with data breaches.

Tech-enabled solutions: Introduce digital IDs and secure transaction methods that reduce the need for personal data storage.

Penalties and incentives: Establish a structured penalty system for data breaches and incentivise data protection through tax benefits for compliant companies.

Localise and adapt: Learn from global models but adapt these lessons to the cultural and economic nuances of Nigeria.

A strong privacy protection model in Nigeria is not just a legal necessity but a social and economic imperative. By learning from international examples and adapting these to our local context, we can protect individual rights without stifling innovation. It’s high time we placed data privacy at the heart of Nigeria’s digital future.

…part 2 next edition