The new digital national ID mobile platform (NIMC app) downloadable on Google’s Play Store is a security threat and undermines the country’s privacy laws as enshrined in the Nigeria Data Protection Regulation (NDPR) 2019, some experts have submitted.
The NIMC mobile app by the National Identity Management Commission (NIMC) went public at the weekend. The platform allows Nigerians to access their personal information using their National Identification Number (NIN). The platform is designed to be a quick digital access to personal information of citizens in the server of the NIMC, the country’s digital identity curator.
NIMC app returns info of other citizens
But many people who have used the platform said it returned information of other citizens not theirs, raising fears that information of millions of citizens in care of the NIMC has been exposed and compromised.
Some members of the Nigeria’s licensed Data Protection Compliance Organizations (DPCOs) are worried that the NIMC app may have allowed criminals easy access to personal information of Nigeria citizens as a result of technical glitches in the setup of the platform.
In Abeokuta, a city near Lagos in western Nigerian, a civil society organisation (CSO), Laws and Rights Awareness Initiative, is asking the court to halt NIMC’s migration to digital ID.
Apart from stating that the NIMC software was not secure and could lead to breach of citizens’ privacy rights under Section 37 of the Constitution and the NDPR, 2019; the CSO wants the court to compel NIMC to subject its digital platform to rigorous safety and security tests by cyber security experts.
“The software is not secure and there is clearly breach of citizen’s privacy rights,” said Counsel for the CSO, Olumide Babalola, to IT Edge News.
Mobile app approved for public use – NIMC
But the NIMC, yesterday in Abuja, said the mobile app has not been approved for public use. Head of Corporate Communications, Kayode Adegoke, in an official statement, admitted that the commission has received several complaints about the NIMC mobile app.
“We will like Nigerians to be aware that the app is a novel innovation by the commission, but it is yet to be officially approved for public consumption.
“The app is still in the test environment and currently being fine-tuned to give users the best experience with adequate privacy and data security safeguards,” the NIMC’s spokesman explained.
“That statement is in itself flawed. An app being test run should not grant third parties, or unauthorized persons, ready access to other citizens’ data. Obviously, the system lacks appropriate security and fails the basic safety test, said head of one Lagos based DPCO.
“The NIMC need to urgently put a system that ensures that the NIN project adheres to the tenets of NDPR,” said CEO of DSPL, Tunde Balogun.
He believes DPCOs need to work closely with the NIMC to help the organisation in meeting the acceptable data security benchmark and the compliance level for privacy.
For the Laws and Rights Awareness Initiative, the NIMC must conduct a Data Protection Impact Assessment before further embarking on the digital identification project,