The federal government has abandoned the data protection bill which it put together in a capital-intensive process that was concluded in 2020.
Despite scarce public funds invested in it and wide applause it garnered as meeting global standards, the bill was abandoned in a controversial manner that cybersecurity experts have raised concerns over.
The government spent funds in 2020 to gather stakeholders across the country to draft a document it planned to pass to the National Assembly that would serve as a precursor to legislation protecting the sensitive data of Nigerians.
The goverment is now planning to spend millions of naira to engage a ‘consultant’ to draft a new document.
The Nigerian government, through the National Identity Management Commission (NIMC), is seeking credit from the World Bank and others to engage the said consultants even as experts have questioned the rationale behind involving the global outfits in ”matters of internal security”.
It was learnt that a draft data protection bill compiled by stakeholders in the Nigerian cybersecurity ecosystem who were consulted by the NIMC and the Ministry of Justice is currently available at the justice ministry awaiting passage to the Federal Executive Council before being sent to the parliament.
But experts are worried that the process appears to have been truncated with this new development. Data protection is a constitutional right guaranteed under section 37 of the Nigerian constitution.
The Nigerian Data Protection Regulation, 2019 (NDPR) is the main data protection regulation in Nigeria. The NDPR was issued by the National Information Technology Development Agency (NITDA).
The NDPR provides for the rights of data subjects, the obligations of data controllers and data processors, transfer of data to a foreign territory amongst others.
Controversial credit application
On Friday, industry experts were stunned when they read a procurement advert (expression of interest) placed by the NIMC in selected dailies seeking to engage experts to draft a new document despite the existing one
The experts are expected to be paid from a credit the federal government is applying for from the World Bank, French Development Agency (AFD) and the European Investment Bank (EIB).
“The Federal Government of Nigeria has applied for a credit from the World Bank, French Development Agency (AFD) & European Investment Bank (EIB) and intends to apply part of the proceeds to increase the number of persons with a National ID number, which would be issued by a robust and inclusive foundational ID system to facilitate improved access to public services. The governance arrangements for project implementation consist of three structures: (a) Project Ecosystem Steering Committee (PESC); (b) Ecosystem Coordination Strategic Unit (ECSU) situated within the Federal Ministry of Communications and Digital Economy; and (c) the Project Implementation Unit (PIU) situated within the National Identity Management Commission (NIMC).
“The Federal Government of Nigeria seeks to hire the services of a consulting firm to provide legal advice to the Federal Ministry of Communications and Digital Economy (FMCDE) in order to help develop and implement the legal framework, institutional and regulatory capacity for data protection, cybersecurity and ID systems which gives effect to the reforms contemplated by the Nigeria ID4D Project.”
Experts are concerned that the federal government said in the tender, the consulting firm, when engaged, will “draft a comprehensive data protection legislation. It will be expected to draft “subsidiary legislations (regulations, rules and/or guidelines) to support the operationalisation of primary legislation”.
The consultant will also draft “amendments to existing laws and regulations, including the National Identity Management Commission, National Population Commission legislations, and Cybercrimes (Prohibition, Prevention, etc) legislation to harmonise the overall approach to data protection, cybersecurity and cybercrimes in Nigeria and ensure the ID system operates in an inclusive, nondiscriminatory, and transparent manner.”
Interested firms are expected to submit their bids by November 26 to the Deputy Director/Head of Procurement, NIMC.
Previous process
Between July and August, 2020, an interagency committee was set up by the federal government to craft a draft data protection bill that would be considered by FEC and then forwarded to the National Assembly for passage.
It was funded as it worked round the clock to submit the document experts say is comprehensive enough by global standards.
The committee tagged, ‘Digital Identity Ecosystem Legal and Regulatory Reform Working Group’, comprising MDAs, CSOs and the private sector did a clause-by-clause review of the draft bill and produced a harmonised version for consideration.
Earlier, the Nigeria Data Protection Bill 2018, which went through a similar process, was not signed by President Muhammadu Buhari in 2019.
Then, communications and digital economy minister, Isa Pantami, then quickly introduced the NDPR 2019 which was adopted by the federal government to guide the industry through it had some flaws, experts said.
The Nigeria Data Protection Bill 2020 was drafted by the interagency committee based on the understanding it would improve the 2018 and be harmonised with the NDPR 2019.
Angry experts
Experts have expressed anger that the federal government is planning to engage consultants for a process that “had already been concluded” by relevant stakeholders in the ecosystem in 2020.
They are also worried that the country is seeking funds from global outfits for an issue that hinges on data security for its citizens.
”This bill is at the justice ministry is waiting to be transmitted to Federal Executive Council (FEC), that was what we were told,” said one of the experts, who did not want his name mentioned due to the sensitivity of the position he holds in the digital ecosystem. ”The FEC was expected to send it as Executive Bill to the National Assembly. That is the stage we are until we saw this advertorial.”
”Suddenly we saw the tender advert on the same bill and this calls for answers. For one, what will a World Bank consultant do differently that competent government agencies and industry professionals have not done in the 2020 Bill they worked on tirelessly last year? Also, what is the rationale behind seeking a World bank grant? Is it to feather the nest of some government officials? Are we saying it is right for World Bank to set the stage and determine the bill that will affect our data sovereignty as a nation? We need answers…”