1 month after NITDA deadline, Nigerian startups appear not fully complaint with online data privacy policy

by | May 17, 2019

Following a global wake up call around data privacy, regulatory agencies around the world have started implementing various data protective measures.

The National Information Technology Development Agency (NITDA), Nigeria’s own ICT policy implementing arm of the Federal Ministry of Communication, has unsurprisingly joined in the data privacy fight.

In January 2019, it released the Nigeria Data Protection Regulation (NDPR) draft to provide a framework for safeguarding the rights of persons to data privacy.

NDPR refers to data in this context as personal information of users collected by a controller (company) over electronic communication transactions.

Advertisement


Suggested Read: NITDA is on a mission to safeguard the data privacy rights of Nigerians


Provided users register on the website or app to use the services of a company, the controller is able to have access to this information. NDPR stipulations are however against indiscriminate use of people’s data without consent or authorisation.

As a matter of fact, NITDA’s position is that personal data privacy is a sacrosanct right that must be respected by data controllers. The agency wants to eliminate the abuse of privacy rights in the Nigerian digital space.

Keeping up with compliance

After the NDPR release on 25th of January, 2019, the agency set a three-month timeline for organisations to make available their data protection policies to the public. That deadline was due on April 25th, 2019.

In our quest to find out from businesses whether they are compliant with the NITDA policy, a lot passed on the opportunity to offer comment on the matter. But it is unlikely the bill hasn’t caught a few’s notice.

A chat with Dr. Obinna*, founder of a health startup, on the 23rd of April, two days before the due deadline date of NDPR, showed that startups might not yet have been fully compliant with the NITDA’s regulation.

“I just forwarded it to my CTO to put steps in place to ensure we are compliant,” responded the CEO when asked about his awareness of the NITDA privacy right.

Like him, Hassan*, CTO of one of the many online loan financing platforms said, “We are fully aware of the regulations and have been in talks with our lawyer to see that we are compliant.”

Advertisement

He did however note that there are certain requirements of NDPR that are in dissonance with their business, hence the reason they are yet to be fully compliant with the regulation.

Apparently, due to the nature of their services, they are required to work with a number of third parties (including credit reference agencies and mobile network providers). As such, they sometimes reserve the right to share information with them.

Kemi*, founder of another local internet startup that deals with huge customer data, admits that they haven’t updated their data and privacy policy in over 2 years. She told Techpoint that their legal team is currently reviewing the existing policy to ensure compliance with the new regulation.

Considering these responses, a burning question is whether NDPR was drafted with respect to the needs of individual businesses or if it’s a one-size fits all policy.

The intentions of NITDA

In its defence, NITDA claims that through a series of media engagements, it exposed drafts of NDPR a year prior to its official release.

“The intent was to make the law organic, for easier compliance,” an official statement to Techpoint from NITDA reads.

The agency in its statement further claims that NDPR, among all NITDA regulations, received the most contributions and comments by stakeholders, whom it has enlightened at various levels about its intent.

Although it’s hard to verify this, it is apparent notwithstanding that the agency understands the inherent risks with abuse of user data.

Especially in this age and time where technology is spreading the illegal use and monetisation of user data, data privacy rights cannot be overemphasised.

Even Dr Obinna* agrees, as he thinks that NDPR is surely in line with keeping the trend worldwide.

“It is fine especially as we also have clients in Europe who have made sure we are compliant with the Global Data Protection Regulation (GDPR).”

But now that the NITDA deadline is passed, will it start imposing sanctions or simply extend the deadline?

The agency is saying that it is more keen on enforcing compliance, as opposed to sanction. However, it has already identified some perennial defaulters whom its proverbial axe might soon fall on should they continue to disregard warnings to improve on their privacy policy.


*Real names have been changed at request of interviewees.

Ifeanyi is a desk reporter-turned administrator. Outside of work, I love to read and travel.


Techpoint Build 2021 is here! Be part of the largest gathering of innovators, startup founders, thinkers, programmers, policymakers, and investors in West Africa. Register free now.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

5 ways to support Techpoint Africa

5 ways to support Techpoint Africa

If you value the work we do at Techpoint Africa and would like to help ensure that the core of our journalism remains free and independent, please consider these 5 ways to support us

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Crypto Explorer

A monthly series featuring in-depth analysis on the cryptocurrency sector in Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap