As part of our mission to promote digital rights, we've filed three cases against the Nigerian federal government and its agencies for violations of digital rights. In the suits filed before the Federal High Court, we are asking the court to resolve some decisions of the federal government and its agencies against adherence to existing laws.
We have provided a summary of the cases below:
The first case is asking the court to direct the Economic and Financial Crimes Commission (EFCC) to publish a privacy notice and stop the use of advertisement trackers on its mobile application, Eagle Eye. Eagle Eye is a mobile application launched by the anti-graft agency in July 2021 to assist it in receiving complaints and reports from the public. The app allows people to snap and upload pictures of suspected financial crimes to the EFCC. However, in spite of how noble the intention of the technology adoption is, the app does not have a privacy notice and it is also embedded with advertisement trackers that are capable of monitoring the activities of anyone that has installed the app and sharing it with advertisers.
In September 2021, we published an opinion on the app and shared our concerns about the lack of transparency and the use of advertisement trackers on a mobile application leveraging public interest. On September 14, 2021, we filed a complaint with the National Information Technology Development Agency (NITDA), the substantive data protection regulator in the country, about our findings. NITDA responded on September 15, 2021, promising to review the complaint and take necessary action. The complaint remains unresolved despite our continuous follow-up.
Ikigai is challenging the action of the EFCC to operate an application that violates the privacy rights of Nigerian citizens. Among other things, the app creates a mechanism that allows strangers to photograph or record any person or their property, which could potentially impact their territorial privacy and is thereby a violation of the right to privacy of Nigerian citizens guaranteed under Section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended).
2. Citizens database disclosure to law enforcement: Safeguards on holiday
In another suit instituted against the President of the Federal Republic of Nigeria, the Honourable Attorney General of the Federation, Minister of Communications and Digital Economy, and the National Identity Management Commission (NIMC), Ikigai is challenging a ministerial announcement authorising the disclosure of a database to law enforcement without proper safeguards. In February 2022, the Minister announced that the President had authorised undisclosed law enforcement agencies to access the database of the National Identity Management Commission (NIMC). In the same month, we filed a freedom of information (FOI) request seeking information on the law relied on, what legal and institutional safeguards exist, and the oversight mechanisms to prevent abuse, among other things. There was no response to the FOI request. Following that, we published a joint statement with Paradigm Initiative raising our concerns about such executive actions without sufficient safeguards to prevent rights abuse.
We have asked the court to consider the legality of the action and decide if it is a violation of the rights guaranteed under the Nigerian constitution. At the determination of this suit, we will be seeking a declaration that the purported order made by the President is of no legal effect and, if implemented without safeguards, will violate the privacy rights of Nigerians.
3. Inadequate adequacy decision: flaws in the international data transfer allowlist
Finally, we are challenging the National Information Technology Development Agency (NITDA) on the publication of a whitelist of countries considered to have adequate data protection laws under the international data transfer framework of the Nigeria Data Protection Regulation (NDPR) and NDPR Implementation Framework (DPIF). The whitelist is a list of countries where the transfer of data is approved in line with the provisions of the NDPR and DPIF. The essence of the whitelist is to ensure that countries to which data is transferred also have sufficient safeguards for the protection of such data and of the people to whom such data relates. Article 2.11 of the NDPR sets out the requirements NITDA should have considered before considering a country's ability to have an adequate data protection law.
NITDA did not follow its own rules in issuing the whitelist. By our assessment, on the list, there are countries without a data protection law, like India, Sierra Leone, Mozambique, and the Comoros. The African countries are listed because they are signatories to the African Union Convention on Cybersecurity and Protection of Personal Data (Malabo Convention). Similarly, there are countries with data protection laws but have yet to establish their data protection authorities, like Togo and Zambia. We filed a complaint with NITDA in August 2021, requesting that it review the whitelist for non-compliance with its own rules. In response, the regulatory body stated that the provision is currently being examined for possible changes. Despite this, no changes have been made to the system as of yet. In September 2021, we issued a statement outlining our concerns. Individuals' human rights are compromised when data is freely transferred to countries without data protection laws or authorities to enforce the law.
We are asking the court to declare the whitelist to be in contradiction of NITDA’s own rules and that a new list should be issued with adherence to the existing law.
According to the Program Manager, Tersoo Ayede, the cases present another opportunity for the court to deepen and improve the enforcement of digital rights in Nigeria and also curtail some activities of the government that pose a threat to these rights. He added that "we are hopeful for positive outcomes and continuously make ourselves available for engagement with government agencies for the attainment of a better digital rights ecosystem."
The cases have been filed and we will keep the members of the public updated on the developments and eventual outcome of the proceedings.
ABOUT IKIGAI INNOVATION INITIATIVE:
Ikigai Innovation Initiative is a non-profit organisation established to advance information technology policy across Africa. We promulgate diverse research on technology policy and legal frameworks across Africa. We also engage relevant stakeholders and advocate for better policies for the ecosystem at large.
For further information, please contact:
Program Manager | Ikigai Innovation Initiative.
Email: firstname.lastname@example.org | www.ikigaination.org