The National Information Technology Development Agency (NITDA) said its attention has been drawn to the data collection strategy employed by authorities at Nigeria’s borders and its implication on the rights of data subjects to privacy, in line with the Nigeria Data Protection Regulation (NDPR).
In a press release on Friday signed by NUTDA Head, Corporate Affairs and External Relations, Corporate Headquarters, Mrs Hadiza Umar, MNIPR, MAPRA, MICPR, she said that the general public is aware that the world is currently faced with a pandemic called COVID-19 and global authorities have been working in concert to defeat this global threat. Nigeria is one of the countries that has become the cynosure of all eyes for how it has managed to keep this and other similar situations under check.
The statement read, “As part of containment strategies, authorities at our entry ports have devised ingenious means of collecting health information from passengers arriving Nigeria. Their processes include a lot of personal data collection, such as travel history, name, address, phone number, email, destination etc.
“It is therefore expedient to evaluate the implication of this personal data collection on the rights of data subjects to privacy.
The NDPR Article 2.2 provides for the basis of processing personal data. Among the bases are- consent, legitimate interest, contractual agreement, legal, public and vital interest.
The data processing being done by public health officials to contain the COVID-19 pandemic is covered under VITAL and PUBLIC interest of the data subject and other Nigerians. This position is further reinforced by the provisions of Section 45 of the Nigerian Constitution which limits the right to privacy granted in Section 37.
“In view of the foregoing, NITDA wishes to assure all Nigerians and foreigners that the strategies employed align with NDPR guidelines as well as the Nigerian Constitution. We therefore urge all to fully cooperate with officials who are working hard to keep us safe.
Furthermore, the Agency remains resolutely committed to enforcing its guidelines and in discharging its mandate for the development of IT in Nigeria. It would therefore work with all parties to ensure that the data being collected is processed and stored in compliance with the NDPR.
“The National Information Technology Development Agency (NITDA) is a Federal Government Agency under the supervision of the Federal Ministry of Communications and Digital Economy. NITDA was established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country.
Specifically, Section 6(a & c) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information.
The Nigeria Data Protection Regulation 2019 was issued pursuant to Section 6 (c) as the a wholistic framework for regulation and protection of personal data of Nigerians throughout the Federation, the statement concluded.