The National Information Technology Development Agency (NITDA) said its attention has been drawn to a social media post made by a concerned legal practitioner on the propriety of NITDA licensing law firms as Data Protection Compliance Organisations (DPCO) to provide data-privacy related services to the public.
NITDA, which said that in the opinion of the writer, this stifles the growth of data privacy in Nigeria, stated that it regards highly, the opinion of well-meaning individuals and organisations on the implementation of its mandate, hence the need for clarification for the benefit of the writer and its esteemed stakeholders.
“The right to privacy is a constitutional right guaranteed by section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended). However, it is factual and legal inaccuracy to equate the right of data privacy or indeed the provision of data privacy-related services, to the right to data protection.
“Data protection goes beyond protecting personal data privacy; it also involves the processes, systems and rules to ensure the confidentiality, integrity and availability of data,” NITDA said in a statement signed by Mrs Hadiza Umar, Head, Corporate Affairs and External Relations of the Agency.
NITDA insisted that the Nigeria Data Protection Regulation (NDPR) does not seek to inhibit, restrict or curtail the rights of the legal practitioner as provided by the Legal Practitioners Act.
“The NDPR rather has opened a new vista of opportunities for lawyers to expand their practice into the area of Data Protection. Lawyers have a right to conduct, take part in proceedings and file court and administrative processes relating to the enforcement or defence of the right to privacy.
“However, not every lawyer has the competence to conduct and file Annual Data Audit Report as prescribed by Article 4.1(5, 6, 7) of the NDPR.
“NITDA’s licensed law firms understand that they represent the Agency in the drive to entrench compliance and help data holding entities to bridge the historical and systemic gap in data protection compliance in Nigeria.
“Unlike the requirements, legal practitioners must fulfil before appearing in the courts of law, the criteria for licensing as a DPCO, requires knowledge of data protection compliance and enforcement, which is not part of the residual knowledge of every lawyer.
The Agency went further to state, “the opinion of the author that the DPCO scheme lacks precedent is a testimony to the innovation NITDA is bringing to its regulatory mandate.
Moreover, as the evergreen Lord Denning said in the case of Parker v. Parker, “If we never do anything which has not been done before, we shall never get anywhere.”
“While lawyers retain their privilege to traditional privacy rights advocacy and enforcement in most other jurisdictions, NDPR further recognises and institutionalises the capacity of prepared legal practitioners to participate in the audit, training and compliance services for data controllers and processors.
“It is encouraging to note that Nigeria’s model has become a subject of intense studies for adoption within and outside Africa.”
NITDA said it was pleased that due to its licensing of DPCOs, training and awareness on data privacy protection has been widely entrenched, jobs are being created, bureaucratic bottlenecks have been eliminated in the bid to comply, and the country is fast-tracking its progress towards digital economy maturity.