At the recently concluded Africa Data (Virtual) Conclave themed, “Personal Data Protection and Cyber Security: Action Points for the Rise of the Africa Knowledge Economy” discussants considered Africa’s place in the new economy and the necessary steps required to be appropriately positioned and avoid instances of new-colonalisation.
In his welcome address, Prof Abiola Sanni, Professor of Law in University of Lagos and Chairman of the Board of Directors, Taxtech, noted that “Personal data is the oil of the digital economy; Africa has one of the fastest internet penetrations in the world and African youths are poised to take action.” He questioned whether the continent has gained the right traction since the Malabo Convention and looked forward to the conversations by the eminent speakers that would expatiate on same.
The conference which held over two days in October, featured a keynote address by Dr. Isa Ali Pantami, Hon Minister, Nigerian Federal Ministry of Communications and Digital Economy; Thoughts from the Nigerian Information Technology Development Agency (NITDA) on the future of data protection and cybersecurity in Africa, delivered by Mr. Kashifu Inuwa Abdullahi, the CEO/Director General, NITDA, and four thought-provoking sessions on various aspects of personal data protection in Africa.
In his keynote address, Dr. Pantami said,
“It is highly commendable that African countries will come together under this conclave to discuss, how we can protect our data, how we can improve the confidence of our citizens when it comes to data mining, collection, management and many more, because sometimes data does not recognize border. I am proud of the progress we [Nigeria] has recorded so far as a result of Nigerian Protection Data Regulation: jobs created, billions generated, and many more opportunities. I think this discussion is very apt, and is a topic of global interest as the future of the world depends ion data when it comes to developing our economies”
Remarking further on strides made by the Nigerian government, Kashifu Abdullahi, added,
“Although our data regulation was a bit late, we have achieved unprecedented milestones and record achievements. Our model is unique because we decided to license organisations like Taxaide, as a Data Protection Compliance Organisation (DPCO). Furthermore, our approach is to unlock opportunities for the talented youth to access data. It has created a new industry, stimulated the economy and empowered thousands of Nigerians through capacity building and skills development. I believe our model will help African countries to leapfrog in the data-economy. We have licensed 70 data protection organisations, 686 new jobs in the industry, remitted the sum of N15 million to the Federal Government Revenue Account and the sector is valued at N2,295,240,000 Naira, in less than two years. All African countries can adopt our approach as our challenges are similar.”
In the first session themed, “AU Convention on Cybersecurity and Data Protection Bidemi Olumide presenting a paper by Auguste Yartey highlighted the main challenges to the Personal Data Protection outcomes of the AU Convention in an era where globalization of risks and technological dependence are mainstays said,
“The challenges fall into four main categories Social- ensuring adequate protection of the fundamental rights and freedoms of citizens e.g. right to freedom of expression; Geopolitical- limiting the loss of digital sovereignty in the event of a massive transfer of data abroad; Security-preventing attacks against the country’s Information System or avoiding access to and disclosure of information about National Defense as with the Snowden affair, and Technological- proper understanding of available technologies for effective use in combatting cybercrimes.
“The more Africa is connected to the rest of the world, the more it is exposed to threats of cybercrimes and the more it represents a threat for others. Africa more than anywhere else in the world, should as a matter of urgency offer individuals, organisations and states measures, procedures and tools for more effective management of technological, informational and legal risks”, says Auguste Yartey
Recommendations made for solutions to this include support for the development of national cybersecurity legislation in the continent; promotion of public-private partnerships (PPP) on resilient cyber security infrastructures (national cloud); promotion of the use of local services instead of the free services offered by tech giants such as Google, and strengthening cooperation between national authorities in charge of PDP.
The second session on the “Comparative Review of the Regulation/Administration of Personal Data Protection and Cybersecurity Laws in Jurisdictions in Africa: Learning from the Best and Encouraging the Upcoming” speakers emphasized that personal data isn’t necessarily confidential data, but refers to any data that can be used to identify an individual including a person’s voice.
Further discussions centered on the concept of data sovereignty and the intrinsic value of data in the session themed, “Data Sovereignty, Intellectual Property Protection and the Africa Knowledge Economy: Debating the Myths, Realities, Possibilities and Solutions”.
In his paper presentation, Dr. Vincent Olatunji, explored the philosophies of data sovereignty around the world, remarking that unlike in the US, Europe and China where there is an overarching philosophy for each region, there is no one concept of data sovereignty in Africa and Africa must give due consideration to developing a value system that will underline the African concept of data sovereignty. He added that were localisaton of data an option, Africa, as is, would be considerably disadvantaged “in view of the inadequate infrastructure and inequality of the bargaining strength of the continent with its major trading partners.” In light of these, it was proposed that, Africa should be regarded as a single digital market for the purpose of data transfer and location, reimagine its educational system and priorities, and define the values that underscore African data sovereignty.
Finally, in the last session of the event, “Personal Data Protection & Cyber Security Justice Administration in Africa Practical Steps To Getting Judicial System In Africa To Advance The Africa Knowledge Economy”, Hon Justice Obafemi Adamson, of the Lagos State Judiciary in his presentation noted,
“The point has been made repeatedly that Nigeria does not yet have a comprehensive data protection and privacy Act. The closest we have is the Nigeria Data Protection Regulations, 2019 (‘the NDPR’) issued by the National Information Technology Development Agency, pursuant to powers donated to it by the National Information Technology Development Agency Act 2007 (‘the NITDA Act’), which authorises the agency to develop guidelines in relation to the exchange of data and information. The NDPR is Nigeria’s most comprehensive legislation on the protection of personal data, and it has the force of law as a subsidiary legislation. It applies to all natural persons resident in Nigeria or residing outside Nigeria but of Nigerian descent, and all organizations processing personal data of such individuals. Comprehensive as appears to be, the NDPR must share the space for protecting personal data with a number of other legislations which, whilst regulating other activities, have some provisions regulating personal data protection such as The Child’s Rights Act and The National Identity Management Commission Act 2007”