Nigeria to try again on data protection regulation, India seeks further consultation
Moves to put Data Protection Regulation (DPR) in place in Nigeria, China, and India have seen different developments this week. While in Nigeria, the federal government is said to have abandoned a previous draft text and is working to put together a new one, India is hoping a report on its own draft regulation can be adopted later this month so it be tabled in Parliament in the winter. Critics within both countries worry about the expansion of digital ID programs without data protection in place.
Meanwhile in China, a proposed internet data protection text has been released to the public for inputs, days after the Personal Information Protection Law went into effect.
TikTok on its part is sending alerts to some of its users in Illinois, America to submit claims for a data privacy violation compensation process.
Nigeria abandons old DPR, seeks firm to draft new document
Tempers are said to be flaring in Nigeria as the federal government has reportedly abandoned a previous DPR text which was concluded in 2020, and is looking to engage a new firm to write up an entirely new one, reports Premium Times.
The bill, which Nigeria now wants to abandon, cost the federal government huge sums of money to draft as experts were brought in from across the board to put together the document intended to protect the personal data of Nigerians in line with Section 37 of the country’s constitution, according to the report.
Efforts have been ongoing to put data protection laws in place in Nigeria since 2018.
This latest move has now pricked the anger of cybersecurity experts and other stakeholders who think the financial resources are scarce for such an endeavor to be proceeded with at this time. They also hold the view that the previous DPR was comprehensive enough and met global standards on the subject.
The federal government is planning to fund the consultation for the new draft through a loan it has applied for from the World Bank, Premium Times notes, citing a call to tender published in some Nigerian media recently by the National Identity Management Commission (NIMC), seeking the services of a firm to execute the job.
“The Federal Government of Nigeria seeks to hire the services of a consulting firm to provide legal advice to the Federal Ministry of Communications and Digital Economy (FMCDE) in order to help develop and implement the legal framework, institutional and regulatory capacity for data protection, cybersecurity and ID systems which gives effect to the reforms contemplated by the Nigeria ID4D Project,” part of the tender notice published by the NIMC reads.
The outlet further cites the NIMC tender which indicates that the consulting firm will also redo “existing laws and regulations, including the National Identity Management Commission, National Population Commission legislations, and Cybercrimes (Prohibition, Prevention, etc) legislation to harmonise the overall approach to data protection, cybersecurity and cybercrimes in Nigeria and ensure the ID system operates in an inclusive, nondiscriminatory, and transparent manner.”
Premium Times said one of the stakeholders involved in the drafting of the previous bill expressed surprise when he saw the notice of expression of interest for a new DPR from the NIMC. The unnamed expert said: “This bill is at the justice ministry is waiting to be transmitted to Federal Executive Council (FEC); that was what we were told. The FEC was expected to send it as Executive Bill to the National Assembly. That is the stage we were until we saw this advertorial.”
This latest data protection development in Nigeria means citizens will be forced to continue waiting for legislation that can safeguard and guarantee their data privacy rights.
The government is also seeking financial assistance from the French Development Agency (AFD) and the European Investment Bank, in part to increase National Identification Number (NIN) enrollments.
With the digital ID drive in the country, notably the linkage of NINs to SIM cards, in full gear, concerns continue to mount over the absence of a data privacy regulation framework.
Adoption of draft DPR report in India billed for November 22
The draft Personal Data Protection (PDP) regulation in India is likely to be tabled in Parliament in the winter as a date has now been set for the adoption of a Joint Parliamentary Committee (JPC) report on the document, writes India Today.
There had been delays in the adoption of the report as the chairperson of the JPC had proposed new amendments to the draft bill, to include penalties for social media platforms that violate data privacy rules. There were also talks about how to implement such penalties without breaching existing IT provisions.
Another issue still unaddressed in the draft PDP concerns facial recognition technology especially for entities already making use of it, according to India Today.
Medianama organized a recent virtual event which gave insights on how to operationalize India’s data protection regulation.
China consults public opinion on internet draft data protection law
A number of draft management regulations meant to protect internet data of citizens has been made public by the Cyberspace Administration of China to collect the views and contributions of members of the public.
ECNS gives an idea of some of the content of the regulations, noting for instance, that it provides for two data protection systems, and data will be classified variously, namely as ‘common, important, and core’ data depending on their important to national security and the legitimate rights of individuals and organizations, among other things.
Another issue in the draft regulations is the ban on the use of biometric data such as face, iris and fingerprint as the only method of identifying individuals. This, ECNS indicates, is to prevent a scenario of ‘forceful’ collection of such data from citizens.
Meanwhile, China’s new privacy law, dubbed the Personal Information Protection Law, which went into effect on November 1, is said to have some of the strictest requirements anywhere in the world, according to experts cited by the Thompson Reuters Foundation.
The experts fear this could influence other countries in the region to follow a similar path.
The report also mentions updates on the data protection regulation situation in other countries of the region such as India, Thailand, Indonesia and Pakistan.
TikTok tells users to submit claims for data breach compensation
TikTok has sent alerts to some users asking them to submit claims for compensation. This is in line with a $92 million settlement against the video social media app in a biometric data privacy suit agreed in February, reports NBC News.
It is not clear how much each person could get, but the amount would vary from less than $6 to several hundred dollars, depending on the overall percentage of people who submit the claim. As part of the settlement, the social media network is also expected to change its data collection policy, including ceasing the collection of users’ biometric data.