Fiduciary: Need for data protection in Nigeria

By James Siguru Wahutu

One of the State’s foremost responsibilities is the protection of its citizens from attacks and infringement of their rights from actors within and outside its borders. What has become evident over the last few months is the danger posed by the non-formalization of data privacy laws to users of the various social media platforms.

Despite Nigeria having industry level regulations on what telecommunication companies can and cannot do with citizens’ data, there is still no comprehensive data protection law. As a result, companies such as Facebook (which also owns Instagram and WhatsApp) and Twitter have unbridled access and control over Nigerians’ data. Without this comprehensive approach, the Nigerian State seems to be stuck in the pre-social media landscape where data harvesting by American companies was not as big of a concern as it is today.

One only needs to look at Cambridge Analytica’s alliance with Facebook to realise the multiplicity of dangers Nigerians face. These dangers do not even include those posed by the push towards electronic voting such as those held in Kaduna.

In a post-2007 world, users of social media platforms have become the product, thus any laws that are constituted need to treat Nigerians’ data as a natural resource to be protected from exploitation by multinational companies.

However, a push in this direction needs the State to think of user data as it would crude oil, cocoa beans and rough wood. No data point captures the importance of user data to companies like Facebook than the fact that despite the consternation about the data privacy scandal, Facebook posted $4.99 billion in quarterly profits and added 70 million users.

With each new platform, better data harvesting methods become the norm, selling this data is more lucrative, and the law on the books is still stuck in the pre-Facebook and Twitter era. Companies such as Facebook are here for the long-haul and this transgression into the private sphere by Facebook and Cambridge Analytica is merely the tip of the iceberg.

It is incumbent upon the State to learn to shoot without missing since Silicon Valley has learned to fly without perching. There are several ways that the State could protect Nigerians’ data from unscrupulous harvesting and selling by platforms such as Facebook. One way to provide protection to users could be in the form of “information fiduciaries.” The principle here would be that information collected by social media platforms could not be used against the interests of the users. Much in the same way a lawyer cannot use their client’s information to the detriment of their client; unless of course, the information is about a crime to be committed in the future by the client.

A second approach could be one that views privacy as contextual, what professor Nissenbaum calls “contextual integrity.” This particular approach would focus primarily on the distribution of data provided to social media platforms.

Using the context of friendship, professor Nissenbaum reminds us that when we confide in friends, we generally expect a level of confidentiality. When our friend spreads this shared information without our express consent, we are likely to ostracise and sanction them for this gossiping.

In both cases, the privacy of users’ data is treated as sacrosanct by the State, while allowing for some flexibility for the collection and use of individuals’ data by social media platforms. The one thing the State should not do is follow Kenya’s example and attempt to pass a cybercrimes law that is draconian, retrogressive, and much likely to stifle innovation in the guise of combating ‘fake news

Wahutu is a fellew @Berkman Klein Center of Internet and Society – Harvard University