By Muhammad Mikail
On the 12th of June 2023, President Bola Ahmed Tinubu signed the Nigeria Data Protection Bill into law, setting the historic course for a new data-protected Nigeria. As a matter of fact, the bill was among the very first bills assented to by President Bola Ahmed Tinubu upon assumption of Office. This is no doubt a demonstration of Nigeria’s commitment to safeguarding digital privacy and building trust with global partners and stakeholders; a bold statement and alignment with the cliché’ ‘hit the ground running.’
The newly assented Data Protection Act 2023 provides a legal framework for the protection of personal information, safeguarding people’s basic rights and freedoms while supporting the establishment of ‘The Nigeria Data Protection Commission (NDPC)’ for the regulation of the processing of personal information and data. Hence, the law doesn’t only address privacy concerns but also sets the stage for responsible data usage, fostering a secure, trustworthy and progressive digital economic environment.
This also signifies the Federal Government of Nigeria’s full-proof commitment to the “Digital Transformation Strategy for Africa (2020-2030)” as commissioned by the African Union (AU). The overarching objective of the “Digital Transformation Strategy for Africa (2020-2030)” is for every country within the African continent “to harness digital technologies and innovation to transform African societies and economies to promote Africa’s integration, generate inclusive economic growth, stimulate job creation, break the digital divide, and eradicate poverty for the continent’s socio-economic development and ensure Africa’s ownership of modern tools of digital management.” The Nigeria Data Protection Commission will be a major player in achieving this lofty goal.
At one point, there was a lot of scepticism by development partners, international financial institutions, critical stakeholders in the digital economy and even potential investors about Nigeria’s lack of data protection legislation.
Addressing these concerns, the Federal Government of Nigeria, under former President Muhammadu Buhari, established the Nigeria Data Protection Bureau (NDPB) in 2022 as the regulatory institution responsible for ensuring that people’s personal information is kept private and safe when used for ‘digital things’ with Dr Vincent Olatunji as the National Commissioner. However, the Bureau lacked a law establishing it and giving it the robust legal framework required for a full-fledged agency of government to adequately address issues bordering on the security and privacy of data in Nigeria.
In January 2023, the Federal Executive Council (FEC) approved the Nigeria Data Protection Bill presented by former Hon. Minister of Communication and Digital Economy, Prof. Isa Ali Ibrahim Pantami, for transmission to the National Assembly for consideration.
The then Nigeria Data Protection Bureau, NDPB, now NDPC, led by the National Commissioner, Dr Vincent Olatunji, in collaboration with the Nigeria Digital Identification for Development Project (NDID4D), worked with critical stakeholders, Ministries Departments and Agencies, captains of industries and policymakers perfecting the bill.
A Focus Group Discussion, national policy dialogue and validation workshop was held to present the draft bill to stakeholders, the 9th National Assembly, and the Federal Ministry of Justice for their buy-in, comments, criticism, and suggestions to improve the bill. Prior to that, Nigeria had no policy instrument that focused on supporting data privacy and data protection.
Described as one of the most forward-thinking Acts across the African data ecospheres, the Nigeria Data Protection Act recognises innovations, blockchains, Artificial Intelligence and robotics. The Act also fosters an environment where companies prioritise robust cybersecurity measures and protect sensitive personal information from unauthorised access.
Furthermore, the law empowers users by ensuring that their data is handled responsibly and ethically since, as a fact, the law emphasises informed consent, which enables users to make conscious decisions regarding the use of their data. With this regulation, organisations are bound by law to promptly adapt their practices to comply with the new data protection standards. This brings a balance between leveraging data for business growth and respecting individuals’ privacy rights.
In terms of job creation, Dr. Vincent Olatunji, the National Commissioner of the Nigeria Data Protection Commission, NPDC launched the Nigeria Data Protection Strategic Roadmap and Action Plan, NDP-SRAP 2023-2027 on the 13th of December 2023, in Abuja. The action plan is expected to create about 500,000 jobs and generate more than N125 billion in revenue.
Dr Vincent said in an interview that the NDP-SRAP 2023-2027 is in conformity with President Bola Ahmed Tinubu’s renewed hope agenda. He said, “Part of the ‘Renewed Hope Agenda’ of President Bola Ahmed Tinubu’s administration is to create about two million jobs in the digital economy sector. The data protection sector alone could create more than 500,000 jobs.”
According to the National Commissioner, “The NDP-SRAP comprises interlinked initiatives and activities like job, wealth creation, human capital development, revenue generation, foundational initiatives for the digital economy and enhancing Nigeria’s global reputation. These activities are expected to create about 500,000 jobs, generate revenue of more than N125 billion and expand the sector within the lifespan of this roadmap”.
In the same vein, the former Minister of Communication and Digital Economy, Prof. Isa Ali Ibrahim Pantami, was quoted in an interview to have said that “in two years of the implementation of the Nigeria Data Protection Regulation, NDPR, a novel sub-sector of the economy was created, 7,680 Nigerians were employed. Nigeria was appointed as the Vice Chair of the Data Protection Laws Harmonization Working Group at the African Union (AU) and was the only country in Africa to publish a data protection report in two years.
According to the DG/CEO of the National Identity Management Commission, “integrated identity is the backbone of e-governance initiatives as it provides an enabling environment for key government programmes of social safety net, financial inclusion, as well as for companies that want to provide innovative products and services to people. She said, “An integrated identity system will strengthen the government’s fiscal management, promote good governance and transparency through inclusivity and social equality, as it ensures that marginalized and vulnerable populations are not excluded from government services.”
The Nigeria Data Protection Act is an enabler of inclusive identity issuance and management and a precursor for the growth, integration, and stability of Nigeria’s digital identity system. It is part of efforts to issue legal digital identities to 99.9% of people in Africa as part of a civil registration process by 2030.
In this vein, the Act serves as the launch pad for the government’s efforts in building inclusive digital skills and human capacity across the digital sciences, judiciary, and education, both technical and vocational, to lead and power digital transformation, including coding, programming, analysis, security, blockchain, machine learning, artificial intelligence, robotics, engineering, innovation, entrepreneurship, and technology policy & regulation. This is evident in the recent launch of the 3 Million Technical Talent (3MTT) programme by the Hon. Minister for Communication, Innovation and Digital Economy, Mr Bosun Tijjani. The programme is aimed at building Nigeria’s technical talent backbone, powering her digital economy and positioning Nigeria as a net talent exporter the first phase of the programme, executed in collaboration with NITDA, is set to involve multiple stakeholders, including fellows, training providers, partners, and placement organisations.
Consequently, the nation hopes to witness robust digital economic growth, especially with the growth of digital platforms. These platforms are essential elements of digital infrastructure and can serve people, businesses, and government agencies in all aspects of life, including healthcare, education, commerce, transportation, and public benefits. Digital platforms serve or enable other products or services. For the people who use these platforms to receive their monthly pensions, securely login to a government e-services portal, pay their utility bills, submit a complaint, access public information, or find a person to rent their car, these platforms can provide a seamless service delivery experience that increases user convenience, savings, and agency. For governments, digital platforms can increase the efficiency and effectiveness of core functions and services, reduce unnecessary duplication of systems, and combat fraud.
Finally, as data subjects and responsible citizens, we must stay informed about data protection laws; demand transparency from organisations that collect our data and support NPDCs initiatives to sustain and promote international cooperation on data protection, its continuous improvement, and efforts to secure our digital economic future.
Muhammad Mikail writes from Abuja and can be reached via muhammadnmikail.mm@gmail.com.