The Nigeria Data Protection Act, signed into legislation by President Tinubu, is touted as a game-changer for knowledge safety in the nation. But lawyers aren’t significantly satisfied.
Last week, President Bola Tinubu signed the Nigeria Data Protection Bill 2023 into legislation. The new legislation—which repeals the Nigeria Data Protection Regulation (NDPR)—supplies a authorized framework for safeguarding and regulating private knowledge in the nation. The Act additionally establishes the Nigeria Data Protection Commission. While that is excellent news, lawyers who spoke TechCabal stated there are nonetheless gray areas in the legislation that its drafters ought to rethink.
Unclear provisions
But regardless of being touted as a game-changer, the Act has some unclear provisions. Samuel Ngwu, a lawyer and privateness skilled, advised TechCabal that the most blatant flaw is the provision on the cross-border switch of private knowledge. The Act supplies {that a} knowledge controller or processor can nonetheless switch knowledge even when the adequacy of safety can’t be established.
Ngwu defined that the implication of this clause is that it offers the knowledge controller or processor the freedom to misuse private knowledge, thereby jeopardizing the rights of the knowledge topic. “Since the exemption will be seen as an option instead of an alternative when adequate decision and appropriate safeguards become impossible,” he stated.
Section 32 of the Act supplies that the knowledge controller of main significance—outlined as one that’s domiciled in Nigeria—should have a Data Protection Officer (DPO) who can both be an worker or engaged by a service contract. However, the independence of the DPO is underneath query as such a person is anticipated to report back to the knowledge controller in query, regardless of being a contact level for the Commission.
Oyindolapo Olusesi, a lawyer and Data Protection Officer at Kora, a fintech startup, advised TechCabal, “The provisions on DPO could have been better since the DPO is at the helm of ensuring internal compliance within an organisation. Safeguards like approval by the Commission, of the appointment of a DPO; ensuring that a DPO can only be fired with notice to the Commission would better help to ensure that the companies take the role more seriously.”
Is the Commission really unbiased?
Another brewing concern with the Act hinges on the independence of the Nigeria Data Protection Commission. First, the appointment of the National Commissioner by the President is upon the suggestion of the Minister of Communications and Digital Economy. The Act additionally establishes a Governing Council whose Chairman and the non-ex-officio members of the Council may even be appointed by the President on the suggestion of the Minister.
The underlying query is the extent of the powers of the Minister which embody the appointment of council members, remuneration, and removing. This brings to thoughts the last-minute modification of the Nigeria Startup Act by the former Minister, Prof. Isa Pantanmi, a transfer that was met with a torrent of criticism from stakeholders.
Olumide Babalola, a lawyer and writer of “Privacy and data protection law in Nigeria”, stated that it’s protected to say that the Commission doesn’t have any assurance of independence. “What makes it worse is the provision that empowers the minister to give directive to the Commission on ‘matters of policy’,” he advised TechCabal.
What’s totally different with the Act?
According to stakeholders, the NDPR was laden with inconsistencies, therefore the Act is presumed as a big enchancment from the defunct legislation. Babalola advised TechCabal that the Act settles the legitimacy concern hovering round the institution of NDPB.
“With the Act, data protection can now be principally enforced as another cause of action. The Act and the little noise around it will drive awareness and increase regulatory compliance with data processing obligations from a business perspective,” he stated.
For Olusesi, the Act has ensured some harmonisation round the legality of information safety in the nation. He stated, “The issue of whether “legitimate interest” was a legitimate lawful foundation as a result of it was not in the NDPR however in the Implementation Framework has now been laid to relaxation. The Act now clearly contains reputable curiosity as a lawful foundation. And, that clears any earlier confusion.”
While the Nigeria Data Protection Act supplies a complete framework for knowledge safety in the nation, it’s nevertheless crucial for its drafters to deal with the aforementioned issues as they increase critical questions about the real intention behind the creation of the Act.
What do you assume about our tales? Tell us how you’re feeling by taking this fast 3-minute survey.
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : TechCabal – https://techcabal.com/2023/06/20/unclear-provisions-leave-lawyers-unconvinced-about-the-nigeria-data-protection-act/