On various data protection points
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
In this week’s article, I will touch on three key areas. First, the case of the Data Protection fines on Facebook (now Meta). Second, I will touch on the politics behind Data localisation and Globalisation and their place in data privacy. Third, I was in a privacy conference in London, 1st December 2022, and the privacy director from Deloitte asked, “if your supervisory authority was an animal, what would it be?” I think these are interesting points to discuss this week.
Meta’s $276 million fine
Whether we like to admit or not, supervisory authorities target the big four tech companies — Google, Meta, Apple, and Microsoft. And some within the privacy space, will argue that this is right. Why? Because these companies collect a lot of data, intrude on people’s privacy on a large scale and pay no attention to the basic principles of data privacy and human rights.
The privacy community was awash with this news. In various platforms, and sadly even on one of Meta’s platforms — Facebook — people revealed how disappointed they were at this company and proud of the Irish Data Protection Commission (DPC) for throwing the hammer at Meta.
While this fine shine a light on the “work” of supervisory authorities, one must ask, what about small and medium companies? Must these big companies be consistently used as data privacy scapegoats? We are yet to see a medium size company fined and making headline in the privacy community or even in the news. Why?
Data localisation and Globalisation
I’m sure you use one cloud subscriber, as a Nigerian, Ghanian etc., or as an African. That cloud supplier, if I am to hazard a guess, is based outside of Africa. One of the main aims of data localisation has always been to promote the growth of businesses within the “local”. For example, the Central Bank of Nigeria’s approach was to declare that some sets of financial data can’t be stored outside the shores of Nigeria. They claim that will protect citizens of Nigeria and aid cloud providers in Nigeria. Well, are there major cloud providers in Nigeria? Will a Zenith Bank Nigeria, for example, store its data with a local cloud provider or use their own private physical data centres.
There are many grey areas that spring up when one looks at the pros of data localisation and juxtapose it against the pros of globalisation. As the world evolves, and as the definition of globalisation begins to morph to meet new technologies, the question will remain, what would be more important — the business goal or the country’s goal?
“If your supervisory authority was an animal, what would it be?
My Deloitte colleague called the Information Commissioner’s Office a spider because while it tries to be fair in its approach towards dishing out fines to flouting firms, it can also become poisonous when it needs to be and will also be very generous in releasing webs of information on how to avoid being fined. I’m very interested in how Nigerians perceive the Nigerian Data Protection Bureau (NDPB) — what animal is it?
· business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com