X-raying cybersecurity policy, data protection and privacy law in Nigeria
Cybercrimes and space criminality, which are common in areas such as identity theft and bank frauds performed through the Internet, are spreading in Nigeria.
Sadly, the country is becoming notorious as the centre for most of these nefarious practices because of the activities of some citizens, especially the youths in search of quick riches.
In recent years, many criminal elements and other individuals are taking advantage of modern telecommunication networks to commit all manner of space-related crimes that have negatively affected the image of the country globally.
While this crime is not limited to Nigeria, the country is undoubtedly witnessing a surge in digital transformation, which has also brought in its wake, a monumental effect in crime-related activities.
Most of the country’s activities, both at home and in the workplace, are now being migrated to the Internet, especially with the advent of the COVID-19 pandemic and the emergence of new technologies. Remote work is also being promoted across various sectors, and this happens through the use of the Internet.
Nigeria’s cyberspace, like most countries of the world, is migrating into this new pattern of business style. Modern innovations for private companies and government entities as well as social interactions are now the focus.
While this trend has created an opportunity for the country to realign its priorities and articulate efforts towards the attainment of stipulated national and socio-economic objectives, it however, came with some consequences of increased crime and criminality in cyberspace.
Experts have stressed that increased dependence on cyberspace comes with risks that have significant national security and economic implications. The dynamic nature of cyber threats and the constantly evolving tactics of perpetrators of cybercrime pose serious risks to business, commercial, and financial activities, which are all now extensively reliant on cyberspace.
They are of the view that these cyber threats also constitute hazards to everyday users of cyberspace, which cut across government establishments, the private sector, and the general populace.
In a bid to address these multifaceted cyber threats and prepare the country for efficient and progressive use of the cyber domain, the Federal Government of Nigeria (FGN), through the Office of the then National Security Adviser (ONSA), undertook several proactive steps to draw the necessary cybersecurity roadmap.
According to a document by the Federal Government, titled, ‘National Cybersecurity Policy And Strategy, February 2021, the policy was developed to provide direction for mainstreaming Nigeria’s National Cybersecurity Programme and also set the path for effective coordination of the activities of all relevant stakeholders across the board.
The document explained that Nigerian cyberspace is faced with significant threats, which result in huge financial losses corresponding to a substantial percentage of the country’s Gross Domestic Product (GDP). Equally, a high number of organisations in Nigeria fall victim to cyber attacks, making the country a high target by cyber criminals.
From 2019, the document indicated, the Federal Government had outlined three cardinal and existential national objectives for the Nigerian people. These include, Protecting National Security; strengthening of economic development, and fighting against corruption.
The implication is that the National Cybersecurity Policy and Strategy support those national objectives through four fundamental national cybersecurity considerations. They are that the security and wellbeing of the Nigerian people is as important in the cyber domain as it is in the physical domain; cybersecurity is a critical enabler of economic progression and development; technology development is critical to the attainment of Nigeria’s national priorities; and regional and international collaboration is central and crucial to cybersecurity.
Therefore, the Federal Government recognises that each of these policy considerations requires a set of focused and coordinated strategic actions. This, it said, will provide the necessary platform for sound planning and performance tracking towards the execution of national cybersecurity strategy, thereby enabling all stakeholders to stay focused on delivering the required collective mandate.
For clarification, the overall purpose of the national cybersecurity policy is to set a unified agenda and new direction for the national cybersecurity programme through prioritisation of national requirements.
However, at a consultative forum held in Abuja, stakeholders have called for review of relevant laws to strengthen the fight against cybercrime. They held that there was an urgent need to review the existing laws in Nigeria to enhance the fight against cybercrime.
The chairman of the African Union Cybersecurity Group of Experts, Abdul-Hakeem Ajijola, stressed the need to improve Nigeria’s legislation along with cybersecurity architecture. His words: “I urge Nigeria to ratify and accede to the Malabo Convention as Africa has started moving forward on it without us.
“However, legislation alone is not enough. We need to fortify our digital frontiers with advanced cybersecurity technologies.” Similarly, the former Minister of Communications and Digital Economy, Prof. Ali Isa Pantami, also called for collaborative efforts by ministries and agencies of government to tackle the menace. He urged an improved legislative framework to combat the offences.
Also, Director-General of the National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi, canvassed improved legal framework to combat rising threats to Nigeria’s cyberspace.
To quickly fill these gaps, President Bola Ahmed Tinubu last week signed the Nigeria Data Protection Bill, 2023 into law. The Nigeria Data Protection Act, 2023 provides a legal framework for the protection of personal information and the practice of data protection in Nigeria.
Dr. Vincent Olatunji, the National Commissioner, Nigeria Data Protection Bureau (NDPB), made the disclosure during the NDPD Strategic Roadmap and Action Plan (SRAP) validation workshop in Abuja on Wednesday, June 14, 2023.
The bill was sent to the Senate and House of Representatives for consideration and passage on Tuesday, April 4, 2023 via a letter from former President Muhammadu Buhari.
“Now an Act, the new law establishes the Nigeria Data Protection Commission and replaces the NDPB established by former President Buhari in February 2022,” he explained.
A National Commissioner will lead the Commission, with the responsibility of regulating the processing of personal information. Hopefully, the law will be put to test in the coming days, when stakeholders must have gotten abreast of its provisions. It remains to be seen, the impact the implementation of the long awaited legislation would have on data protection and privacy in Nigeria’s tech space.
While it is important to note that the Federal Government has made some efforts to strengthen the legal framework on cybersecurity, which is wider in scope than data protection, more gaps need to be filled as the world of cybersecurity is highly dynamic and requires prompt actions.
Already, the Federal Government’s strategy is to review the major cybercrime legislations in the country. One of such is Cybercrime (Prohibition, prevention, etc.) Act 2015 in line with the dynamics and evolving nature of cybersecurity. Critics had insisted that the law needs an overhaul, considering some loopholes in it. Again, there seems to be a consensus among stakeholders that the law needs to be up to date with current and evolving trends in cyberspace and its security.
The Federal Government in its policy and strategic document also hinted at the need to review the penalties for breaches or disruption to cybercrime; timelines for cyber incident reporting; regulation of cybersecurity service providers; allotment of powers to National Cybersecurity Coordinating Centre (NCCC) to coordinate national cybersecurity and anchor investigation of cyber breaches like identity theft; enhanced enforcement of cybersecurity legislation; unlawful interception; child and gender online protection and review of penalties for offenders.
Other proposals include the need to strengthen National data governance and protection of digital intellectual property, which the recently signed law may not have captured.
The Federal Government in an effort to combat cybercrime, also proposed a national register of convicted child online offenders. The register, according to plan, shall serve as a watch list and online database that will be accessible to relevant stakeholders that host the list of convicted sex offenders in the country.
The plan also includes a launch of a digital Forensic Laboratory, which shall be established under the NCCC to provide the requisite facilities for digital forensic investigation and intelligence gathering on the cyber-related issues.
According to industry watchers, while the action plan outlined priority activities and highlighted those that are entrusted with driving the process towards actualisation, all stakeholders are therefore enjoined to assist in the fight to curb cyber crimes.
Get the latest news delivered straight to your inbox every day of the week. Stay informed with the Guardian’s leading coverage of Nigerian and world news, business, technology and sports.