The National Information Technology Development Agency (NITDA) has said that the Nigeria Data Protection Regulation (NDPR) is not in conflict with the recent directive by the Nigeria Communication Commission (NCC) to telecommunication companies to store and make available recordings of communications carried out over their network.
The IT agency made this known while reacting to an article published by some online newspapers on 18th October, 2019 titled – “New NCC directive will push telcos to violate Nigeria Data Protection Regulation (NDPR)”.
In a statement signed by the director-general and chief executive officer of NITDA, Kashifu Abdullahi Inuwa, CCIE, and made available to The Witness on Monday, the agency while commending the author of the article, however noted that as against the concerns raised, NCC, like every other government agency is working hard to implement the NDPR.
Recall that NITDA issued the NDPR in January 2019 with the objective of protecting personal data, improve ease of doing business in Nigeria and to create jobs for over 300,000 Nigerians through the unique implementation model of the NDPR.
Read the full statement below:
NCC REGULATION NOT IN CONFLICT WITH THE NIGERIA DATA PROTECTION REGULATION
The attention of the National Information Technology Development Agency (NITDA) has been drawn to an article by a well-meaning Nigerian titled- New NCC directive will push telcos to violate Nigeria Data Protection Regulation (NDPR) published on 18th October, 2019 across various online media. NITDA appreciates the increasing level of civil discuss and interrogation of the NDPR by many Nigerians. We believe these kinds of engagement leads to the development of robust and effective regulatory regimes that works for all.
The writer was of the opinion that the Nigeria Communication Commission’s (NCC) directive to telecommunication companies to store and make available recordings of communications carried out over their network is antithetical to the provisions of the NDPR. We want to use this medium to educate all concerned Nigerians on the bands of privacy and national security.
The right to privacy which the NDPR seeks to protect is established by Section 37 of the 1999 Constitution (as amended). The right is however limited by Section 45. (1) which provides: Nothing in sections 37, 38, 39, 40 and 41 of this Constitution shall invalidate any law that is reasonably justifiable in a democratic society (a) in the interest of defence, public safety, public order, public morality or public health; The right to privacy protection is subject to reasonably, justifiable law for public safety and order.
This same sentiment is shared by Article 2 of the European Union General Data Protection Regulation (GDPR) which provides:
This Regulation does not apply to the processing of personal data:
(d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Furthermore, Article 2.2 of the NDPR provides multiple basis for processing of personal data. While all data processing must be founded on legitimate interest, the other basis for processing include- consent of data subject, legal interest, contract of parties, public interest and vital interest of the data subject. The NCC’s directive is predicated on legitimacy and public interest.
It is gratifying to note that the communications sector under the able leadership of Dr Isa Ali Ibrahim Pantami, the Honourable Minister of Communications, is working in symmetry to protect Nigerians, increase opportunities and improve ease of doing business in the sector. NCC, like every other government agency is working hard to implement the NDPR as there is a consensus that the Regulation, is at the moment the country’s most comprehensive law on data protection.
The National Information Technology Development Agency (NITDA) is a Federal Government Agency under the supervision of the Federal Ministry of Communications. NITDA is established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country. Specifically, Section 6(a, b, c, f & m) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; provide guidelines to facilitate the establishment and maintenance of appropriate infrastructure for information technology and systems application and development in Nigeria for public and private sectors, urban-rural development, the economy and the government; render advisory services in all information technology matters to the public and private sectors and accelerate internet and intranet penetration in Nigeria and promote sound internet Governance by giving effect to the Second Schedule of the Act.
Kashifu Abdullahi Inuwa, CCIE
Chief Information Technology Officer of Nigeria
Corporate Headquarters, Garki, Abuja
21st October, 2019