By Michael Irene
Having got a historical glimpse of data protection regulations and its motivations, can one conclude that companies like MTN, Infinix, just to mention those two, who collect and process personal data about Nigerians violate human rights? The simple and short answer is yes.
Many Nigerian companies do not care to protect customer data. Most Nigerian companies, from my research, draft half-baked privacy policies. I can bet that if one carries out thorough auditing, one would find existing high risks. NITDA must act quickly and fine these companies that continue to violate basic human rights.
First, NITDA, as mentioned in my last article, must raise awareness. Second, it must find scapegoats to use as examples. Third, it must ensure NITDA staff gets trained to handle breach complaints.
There can be no question that technical and organizational measures must be set in place for companies and corporations to prevent privacy intrusion. If these endeavours are to be successful, there wouldn’t be wanton destruction of individual freedom. The security of personal information must be embedded within and around the business. Therefore, any serious business must place the protection of fundamental human rights at the top of their agenda.
While the above is a truth of which we must never lose sight, nothing is more fatal than negligence. Lessons can be drawn from how GDPR has played in European companies.
In the United Kingdom, for example, the Information Commissioner’s Office (ICO) fined British Airways £183.39 million for infringements of the General Data Protection Regulation (GDPR). Information Commissioner Elizabeth Denham said British Airways were fined because they failed to protect personal data from loss, damage or theft. Another company, Bounty UK, was fined £400,000 for illegally sharing personal information belonging to more than 14 million people. There are other pending fines and the ICO receives close to 160% breach complaints every day and they are trying their best to ensure that every report is treated accordingly.
Recently, the French Data Protection(CNIL) fined Google a whopping sum of $57 million (€50 million) for a lack of transparency in their on-boarding process of new customers. The GDPR enforcement tracker reveals that fines have increased substantially by 40% since GDPR came to light.