Yesterday evening, sitting at my office (cross-legged), and relaxing from finishing a client’s job, I stumbled on a brilliant article by Victor Ewealor on Techpoint.ng titled “The Nigerian Government is building a database of vehicle owners; it is not looking promising”, and this got me thinking and then writing. I found myself asking a few questions (plain random thoughts!), which I would share with you.
Misplaced priorities and lip service
Firstly, why would the Nigerian Government consider it an urgent need for the Nigerian police to have the “biometric” data of vehicle owners? The same Nigerian Police whose major problems include (but are not limited to) bribery and corruption (wish there was a technology deployed to make police officers honest)? Well, maybe this is another means to increase government revenue through tracking down vehicle owners I thought. But again, how does this meet the local security need based on facts and figures peculiar to Nigeria? Why contract this task of getting the ‘biometric’ data of vehicle owners in Nigeria to a foreign company, leaving out indigenous companies with same capacities and a deeper understanding of the local context of use – where is the lip service towards local content development?
In an age that has seen intense data surveillance by the National Security Agency (NSA) of the United States of America could outsourcing “biometric” data collection, with no comprehensive data laws to a US company, spell doom for Nigeria’s territorial integrity, as well compromise our security as a people and a nation in the near future? Could this end up like the historical Esau and Jacob story? And could this increase the competitiveness of US car manufacturers (including US car parts manufacturers, as against Nigerian local manufacturers such as ‘Innoson’ or those of other countries in the Nigerian market? And most importantly, why allow the biometric data of Nigerians be collected by a foreign private firm, WITH NO SPECIFIC AND COMPREHENSIVE data privacy laws to protect Nigerians?
The last question is what I intend to address in this write-up from a critique, legal, and legislative standpoint.
The legal implications
Firstly, I’ll like to state that the term 'biometrics' refers to a measurable characteristic that is unique to an individual such as fingerprints, facial structure, the iris or a person's voice. Biometric data is not like any kind of data – it is one of the most important kind of data, because it captures everything (biological) by which a person can be uniquely identified anywhere in the world.
However, the proponents for the Nigerian vehicle owners “biometric data” collection argue that this will help the Nigeria Police Force and reduce vehicle theft and general insecurity in Nigeria. And for the proponents, it is usually difficult to explain how it will reduce insecurity in the Nigerian circumstance, and most importantly, why it must be done by a foreign private firm? On this, rather than ‘comment my reserve’, I would reserve my comments, because my question to the Nigerian Government would be based largely on legal and legislative considerations (and less on socioeconomic juxtapositions).
Why would the Nigerian Government (as obvious in the signing of the contract agreement on Thursday, May 12, 2016 with ‘HID Global’, the US company in charge of computing Nigeria’s entire vehicle ownership system into a smart phone-accessible database for the Nigerian police), authorize the handover of biometric data of millions of citizens to a “foreign private firm”, without first engineering the existence of a very detailed and structured legal framework (rules, policies, and importantly laws) that address issues of Data Protection and Privacy? Remember how oil rights were given to Shell in the early 1900s at the expense of Nigeria’s interest? The same problem of poor regulatory framework haunted the Power Sector, until the Electricity Power Sector Reform Act 2005 and the Nigerian Electricity Regulatory Commission (NERC) surfaced. In the words of the immediate past NERC Chairman, Dr. Sam Amadi ‘… failure in the electricity industry in Nigeria is, at heart, a failure of law. Law is the principal instrument of social development”. Same apply to the information technology space.
Secondly, (an urgent question for the National Assembly) how would a country like Nigeria not have data protection and privacy laws, in an age where Information and Communication Technology and human rights are quick to clash?
Now, on the matter of the need for a comprehensive Data and Privacy Protection laws, it is important to state that data and privacy laws exist to strike a balance between the rights of individuals to privacy and the ability of organizations to use data for the purposes of their personal business or national interest. Many countries have taken proactive measures to protect the fundamental human rights of its citizens in this age. For example, Zimbabwe has a comprehensive Access to Information and Protection of Privacy Act, Singapore has a Personal Data Protection Act, UK has a Data Protection Act 1998 coupled with other laws within the UK and the European Union protecting data and privacy, and Ireland has its Data Protection (Amendment) Act 2003. When would Nigerians get a specific and comprehensive data privacy or protection law? Therefore, with no explicit and elaborate Nigerian data and privacy laws, the implication is that Nigeria is left to the mercy of the available data and privacy laws in the United States; the headquarter of HID Global, with legislation which could be changed when certain sectors and circumstances require to favor US interest.
It is trite knowledge that the 1999 Constitution of Nigeria guarantees the right to privacy of Nigerian citizens. Therefore, I strongly advocate that this fundamental human right be given a more explicit and elaborate expression and zeal of implementation by the National Assembly and the office of the President. I further advise that there should be up to four independent and co-existing legislation (with great consideration for the provisions of The Freedom of Information Act) on data and privacy issues; which should include:
- Data Protection Legislation,
- Computer Misuse Legislation,
- Information Security Legislation, and
- Lawful Interception Legislation.