Matters eRising with Olusegun Oruame
“While the federal government dithers over enacting an Act for data protection, Lagos is instigating a new level of thinking and actions around the data protection industry.”
Last month in October, the Lagos State Data Protection Bill passed the second reading by the Lagos State Assembly and this November, the legislators had a one-day public hearing to seek stakeholders’ input before the bill becomes law as an Act of Parliament.
Lagos has instigated a process that is further interrogating our practice of federalism and just how dynamic sub-national entities should respond to technology and innovation trends that impact heavily on society and economy.
For now, Nigeria’s principal legislation for data protection is the Nigeria Data Protection Regulation (NDPR) issued by the National Information Technology Development Agency (NITDA) January 2019 in pursuant to Section 6 (a,c) of the NITDA Act 2007.
The NDPR is the most comprehensive law under which data protection is practiced in Nigeria and offenders sanctioned. The NDPR provides to safeguard the rights of natural persons to data privacy; and to foster safe conduct for any legal transactions among others.
Most importantly, the NDPR has helped to foster a data protection industry steadily on the rise with more than 100 licensed operators and increasing awareness of compliance to data protection guidelines for public and private organisations.
Global Data Protection as a Service Market on upward swing
It is a nascent industry on the pathway of achieving the new mantra that data is the new oil. The Global Data Protection Market valued at $77.31 million in 2019 is projected to reach $257.52 million by 2027.The 2019 projection has long given way to more realistic figures as the data protection industry has grown in leaps. According to Yahoo Finance in a much recent report, the Global Data Protection as a Service Market is expected to grow by $20.69 billion during 2021-2025.
In Nigeria, it has grown from zero in 2019 to become an industry valued in excess of N5 billion. The industry has recorded hyper growth in less than 24 months even though less than 5% of the market is even aware of its existence. The potential for exponential growth is real and certain.
Like VAT, Like data protection?
For all these reasons, stakeholders must not be unwary to the potential of what the Lagos data protection bill as a law will have on the industry. Lagos raises the question of who has authority or final jurisdiction over data protection. Local governments, states, or federal governments? It appears we are approaching the same level of interrogation and dilemma we are presently contending with over the issue of VAT [Value Added Tax].
Will a Lagos law on data protection not incite duplicity? Are we going to ultimately end up with 36 jurisdictional powers over data protection? Will data subject, perpetually on the move; and data controllers or aggregators be subject to 36 data protection commissions in addition to those of local governments and federal government?
Journey from NDPR to Data Protection Bill 2020 stalled
The attempt to advance the gains of the NDPR with a Data Protection Bill 2020 appears to have stalled. Among others, the Bill is designed to incorporate elements of the NDPR and strengthen the existing regulatory framework with an Act of Parliament for the protection and processing of personal data and to safeguard the rights and freedoms of data subjects which are guaranteed under the Nigerian Constitution.
While the federal government dithers over enacting an Act for data protection, Lagos is instigating a new level of thinking and actions around the data protection industry. Stakeholders must wake up to the unfolding realities and begin to make urgent demands that will not jeopardize an industry in its formative stage.
ALSO READ Despite Low Awareness, Nigeria’s Nascent Data Protection Industry Is Boost For Digital Economy
The data industry is a new reality worldwide and Yes! Jurisdictions appear to just be waking up to having a common approach to the challenges. In the US, a federation, as one report notes, “there are no federal privacy laws regulating many companies, they’re pretty much free to do what they want with the data, unless a state has its own data privacy law. In most states, companies can use, share, or sell any data they collect about you without notifying you that they’re doing so.”
U.S. snacks on industry with federal data protection Act
But there is already a federal data protection Act in the offing. In 28 Jun 2021, a U.S. Senator presented a bill to create an independent federal Data Protection Agency (DPA) to protect individuals’ data, safeguard their privacy and ensure that data practices are fair and transparent.
No doubt, the U.S. Data Protection Act would create a federal data privacy oversight agency which the Nigerian equivalent is designed to also provide. It is time to wake up all stakeholders including the Association of Licensed Data Protection Compliance Organisations of Nigeria (ALDAPCON) and the policy makers in NITDA, and elsewhere to articulate a common front to save the data protection industry from un intended chaos.