The world is becoming a global village where internet carries almost all the social, economic and commercial activities of people. In this global village, there has been an evolution from traditional method of operation to the digitalized system and in a digital world, the most valued asset is data, however, the ever increasing value of data today can not be underrated. The right to data privacy and protection is incontrovertibly guaranteed right which has been provided in various legislations across the globe.
Due to urgent need to protect citizens from external invasions to their data, government’s agencies around the world established laws for such purpose, Nigeria is not an exception as there are enacted laws on cybercrimes, data privacy and data protection. This work is intended to examine the eye of the law on the rights and duties between Nigerian network providers and their customers.
There can be no doubt about the advantages of such (telecoms) services to the new countries, since efficient and inexpensive telecommunication services are vital to their well-being and to the furtherance of Commonwealth and world trade. ¹ Nigerians are stoic to network providers infringement of their rights in so far as their physical rights remained undisturbed, Nigeria has joined the league of top fastest growing telecom market in the world where it share the stage with India, South Africa, China and other advanced economies. It’s disappointing that despite the ever growing nature of the telecom industry, consumers dissatisfaction is still widespread.
Previously, there was absolute legislative silence on Data privacy which pushed Nigerians into a state where their online and offline activities can easily be tracked and monitored by companies, in an attempt to tackle the accessibility of people’s personal information, NITDA under the leadership of Dr Isa Ali Ibrahim Pantami in 2019 came up with regulations Nigeria Data Protection Regulation (NDPR) that explicitly states the duties of telecoms to their customers and firmly reprimands them for breaching such duties.
In a judgement delivered by the Supreme Court of Nigeria, the court posited that, where a term has a judicial definition, such definitions must be used, therefore, the clarification of the terms contained herein, will be judicial. See the case of Nasiru Attah v State (1993) But however, where a phrase is not specifically defined by a legislation, we will resort to Dictionary meaning although, it was explicitly stated in the case of Attorney General of Bendel State v Chief C.O.M. Agbofodoh (1999) that Dictionary meanings are not generally resorted to as a means of interpreting legislation… Though, they may afford some help… It is the duty of the court to interpret a statute as best as it can. In essence, where judicial or statutory meaning is absent, we will resort to literal meaning
DATA: means characters, symbols and binary on which operations are performed by a computer, which may be stored or transmitted in the form of electronic signals, stored in any format or any device 2a
PERSONAL DATA: means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number,IMSI number, SIM, Personal Identifiable Information (PII) and others. 2b
PERSONAL DATA BREACH: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed 2c
CONSENT OF THE DATA: means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, through a statement or a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her2d
DATA SUBJECT: means any person, who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity2e
DATA PROTECTION: I find it difficult to have a judicial and statutory meaning of data protection, as I stated earlier, literal meaning will be used. Oxford Advanced Learner’s Dictionary has this to say; 3
“legal controls that keep information stored on computers private and that limit who can read it or use it”
THE LEGAL FRAMEWORK ON PRIVACY AND PROTECTION OF CONSUMERS’ DATA
There have been primary legislations on data privacy and protection in Nigeria which ensures that subscriber’s information shall not by whatever reason be exposed to third party and neither the custodian of such information can use them or transmit them in whatever form without prior consent of the data subject. Starting with the Constitution, section 374 provides that: “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”
Although, no word like data is expressly mentioned in this section, the section by implication, implies that the subscribers information on homes, correspondence, telephone conversations and telegraphic communications shall be protected by the custodian the breach of which can result to legal action. This provision has also been captured in definition of personal data hence, this can be used to fight against the breach.
This provision has been complemented by decision of the Court of Appeal in Boniface Ezeadukwa vs Peter Maduka (1997)5 where the court held that infringement of the right to private and family life of citizens guaranteed by the Constitution is analogous to issues like unsolicited messages and the exchange of subscribers personal information with third parties. Unsolicited messages has been judicially defined to mean messages sent by network provider or any third party to the data subject who has not granted verifiable permission for the message sent.
In Emmanuel Anene vs Airtel Nig. Ltd the plaintiff (Mr Anene) on his demand for reliefs, sought an order of the court seeking for award millions of naira as damages for the violation of his rights to privacy by the defendant who disturbed him through unsolicited messages to his line.
In his judgement, Justice Jude Okeke of FCT High Court Maitam said: “The plaintiff having purchase the defendant telephone number a contractual relationship is satisfied, the defendant is in violation of the right to the plaintiff privacy.
The defendant, having received complaints from the plaintiff, but continued to disturb the plaintiff from quiet enjoyment of the line”
He further said: ‘In every wrong there must be a remedy, to vindicate the plaintiff’s right which has been violated in the forth going circumstance by the defendant; the plaintiff shall be awarded damages based on the discretion of the court’
”Against this background, putting into consideration the obvious inconveniences, discomfort and the embarrassments the plaintiff had undeniably gone through, the defendant has been directed to pay to the plaintiff damages, not the N200m the plaintiff asked for, but N5m only.” 6
In Godfrey Nya Eneye v MTN Nig. Ltd7 the Hon. Justice Jude Okeke, High Court of the Federal Capital Territory, Abuja, Mr Eneye, a lawyer, alleged that without his consent, MTN disclosed his mobile phone number to unknown third parties who sent unsolicited text messages to him.
This action, he alleged, violated his fundamental right to privacy guaranteed under section 37 of the Nigerian Constitution. He also claimed, on the same facts, that his right of freedom of association under section 40 and right to liberty under section 35 of same Constitution were violated, and asked for an injunction compelling MTN to cease further unauthorized access of his private mobile phone to unknown third parties as well as the resultant unsolicited text messages. He also demanded various damages for the violations of his rights.
Justice Emmanuel Agim, who prepared the lead judgment of the Court of Appeal, held that innumerable text messages sent without the consent of the subscriber was indeed in violation of the subscriber’s fundamental right to privacy of his telephone conversations, correspondence, his person, telephone line and telephone message inbox. Justice Agim held,
“By giving those unknown persons and organisations access to the respondent’s MTN GSM phone number, to send text messages into it, the appellant violated the respondent’s fundamental right to privacy guaranteed by section 37 of the Constitution which includes the right to the privacy of a person’s telephone line.
“The said section 37 of the 1999 Constitution provides that, ‘The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic conversations is hereby guaranteed and protected’.
“The innumerable text messages without his consent at all times is a violation of his fundamental right to the privacy of his telephone conversations, correspondence and his person and telephone line and telephone message inbox”
The court also held that the service providers violated rule 14(1) (b), (2) and (3) of the General Consumer Code of Practice Rules and the Consumer Code of Practice Regulations 2007 respectively which requires the appellant (MTN) to maintain a directory enquiry facility containing information of all its subscribers in Nigeria and allow access to same by the third parties but subject to the prior notification of the subscriber.
Another framework is Nigeria Communications Act 2003. Section 4(a), (p) and (q) charges the Commission to protect consumers from unfair practices of licensees and other persons in the supply of telecommunications services and facilities.
To develop performance standards and indices relating to the quality of telephone and other telecommunications services and facilities supplied to consumers and to monitor charges paid by consumers and the performance of the licensees. The above referred provisions impose a duty on licensees, authorized carriers and other providers of telecommunications services and infrastructure to meet their commercial obligations.
In another case of MTN vs Mrs Udensi Hyginus Chinedu(2018) JELR 39023 (CA) the Court of Appeal posited that a service provider has a general duty of care to the consumer.
The duty of care was stated as follows;
“…. In the present scenario, the respondent (Udensi) having subscribed to a line from the appellant (MTN) and paid, was bound to be protected by the appellant.
The respondent had every right to enjoy what it subscribed to “All of the above provisions highlighted are designed to ensure that personal data privacy is protected in such a way that data subject would not be flooded with vexatious messages through telemarketing advertisements.
Lamentably, reverse is the case. Consumers are innumerably inundated with unsolicited messages and there is no any option provided for them on whether or not to receive such messages.
Worthy of mention is the proposed Digital Rights and Freedom Bill which was passed by National Assembly but rejected in 2019 by the President of Nigeria. The bill would have been a key milestone in ensuring protection of personal data and privacy of internet users. At the stake is the of human rights online in Nigeria, which is too important and the administration should have dedicated itself to protect.
By the way of conclusion, its evident enough that privacy of consumer’s data is the general duty of care of the network providers the breach of which is actionable at the instance of the consumer.
With the aid of the above salient provisions, it’s my viewpoint that we have sufficient legislations for privacy and protection of personal data of consumer. All we need is the implementation of such laws.
About the Author
Muhammad Abubakar is a 200 level, Faculty of Law, Ahmadu Bello University, Zaria.
Contact:[email protected] or 08137682699