Nigeria’s IT regulator, the National Information Technology Development Agency (NITDA) has allayed fears of regulatory duplicity over the new Nigeria Data Protection Regulation (NDPR) guidelines which all data and internet service providers must comply with.
In a statement released, this morning, by the agency in Abuja, in response to insinuations by the Association of Licensed Telecommunication Operators of Nigeria (ALTON) that the NDPR guidelines constituted a duplication of the regulatory powers of the Nigerian Communications Commission (NCC), the NITDA faulted such standpoint and said it has “significantly socialized the Nigeria Data Protection Regulation (NDPR) 2019 and the Public Internet Access Regulation 2019” and is acting within the precinct of its mandate; specifically “Section 6(c) and (m) of the NITDA Act which mandates the Agency to provide Guidelines for electronic data interchange in Nigeria and to accelerate internet and intranet penetration in Nigeria and promote sound internet Governance.”
Besides, the agency asserted that “no single regulator in Nigeria has a converged mandate on ICT in the country. Various agencies have different roles to play in developing and regulating ICT in Nigeria as dictated by their mandates and enabling laws. Furthermore, no single entity is regulated by only one regulator in Nigeria, regulators in the country work in a cooperative and complementary capacity, resolving mandate overlaps in a cooperative manner.”
In the statement signed by the NITDA’s Head of Legal Services & Board Matters, Emmanuel Edet, the agency advised ALTON to seek for clarifications rather than stir controversies over regulatory mandates.
“We advise that it is not in the strategic interest of interest groups to attempt to set government agencies against each other just because of its short-term benefits. NITDA is clear about its mandate as provided by the enabling law and will not be overawed by powerful interest groups to implement its mandate which is to the overall benefit of all Nigerians. It should also be noted that violation of the Regulatory Instruments of NITDA is a criminal offence and punishable with fine, imprisonment or both.”
See the full statement below:
NITDA assures stakeholders on the existing synergy among sector regulators
The attention of the National Information Technology Development Agency (NITDA) has been drawn to a publication ascribed to the President of the Association of Licensed Telecommunication Operators of Nigeria (ALTON) published in the media regarding certain regulations and guidelines issued by the agency.
For avoidance of doubt, NITDA has enjoyed a cordial and cooperative relationship with all sector regulators and we have consistently engaged them on all regulations and guidelines issued by the agency. In this vein, NITDA has significantly socialized the Nigeria Data Protection Regulation (NDPR) 2019 and the Public Internet Access Regulation 2019 as referenced in the publication. The agency is delighted with the support of several institutions in complying and promoting these regulations.
For clarity, no single regulator in Nigeria has a converged mandate on ICT in the country. Various agencies have different roles to play in developing and regulating ICT in Nigeria as dictated by their mandates and enabling laws. Furthermore, no single entity is regulated by only one regulator in Nigeria, regulators in the country work in a cooperative and complementary capacity, resolving mandate overlaps in a cooperative manner. ALTON, as with various industry groups, are expected to comply with various professional, sector, geographical and international regulators when their operations so demand. This understanding has been shared between NITDA and other regulators in Nigeria.
It may be recalled that NITDA issued five regulatory instruments on the 25th January, 2019, two of which were referenced in the publication. We wish to draw the attention of the public to the following:
- (PIA) 2019 was issued to ensure the safe use of free or subsidized publicly accessible internet service in Nigeria. NITDA has been inundated by concerned stakeholders to check the regime of publicly accessible internet service considering its national security dimensions.
The Framework and Guidelines aims to create and promote a mutually beneficial and friendly environment for both public internet access providers and users in Nigeria. The Regulation is directed at Public Internet Access Providers (PIAPs). PIAPs include any business or other entity that provide internet access without charge or offers a partially subsidized internet access to members of the public. The concerns which NITDA aims to address through this regulatory instrument are:
- Cyber security and cyber crime;
- Personal data breaches; and
- Crime detection, prevention and investigation.
NITDA is enabled to address these concerns by virtue of Section 6(c) and (m) of the NITDA Act which mandates the Agency to provide Guidelines for electronic data interchange in Nigeria and to accelerate internet and intranet penetration in Nigeria and promote sound internet Governance.
- The Directives for Registration of Data Centre Facilities in Nigeria was issued pursuant to Section 6 of the NITDA Act 2007 which empowers the Agency to:
- Create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria and all matters related thereto…; and
- Create incentives to promote the use of information technology in all spheres of life in Nigeria including the development of guidelines for setting up of information technology systems and knowledge parks.
Data Centre operations are principally information technology systems which support the entire IT value-chain. Reference to Executive Orders 003(2017) and 005(2018) mainly cites the added Presidential Directives on local content promotion. The fundamental mandate arises from the NITDA Act which has been cited above. Furthermore, the Guidelines for Nigerian Content Development in ICT (2019) explicitly provides:
Data and Information Management Companies shall:
- Register their products, capabilities and organization on the NITDA portal. The service will be provided free of charge and devoid of bureaucracy and will ensure NITDA awareness of available resources.
- Host government data locally within the country and shall not for any reason host any government data outside the country without an express approval from NITDA and the SGF.
The Nigerian Content Guidelines is a salutary example of regulatory cooperation between NITDA and ICT stakeholders to promote Local Content in Nigeria. The above provisions anticipate the role of NITDA in the regulation and promotion of Data Centers in Nigeria. The Agency is not averse to any Regulator demanding compliance as it relates to the operation of Data Centers that touches on the Regulator’s mandate. Interestingly, Data Center operators have openly commended NITDA for the improved enforcement of regulations and policies which has led to significant increase in Data Centre patronage in the last three years.
- The report further purports to take issues with the classification of Internet Protocol address, IMEI number, IMSI number etc. as personal data under the Regulation. The report assumes this amounted to usurpation of the NCC’s regulatory mandate. This is a patent misreading of regulatory frameworks. In the absence of a National Assembly-enacted legislation on Data Protection, Section 6 (c) of the NITDA Act 2007 specifically empowers the Agency to:
“Develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information.”
Furthermore, NITDA was established to implement the National IT Policy of 2000. Article 5(xix) of the Policy provides…Government will establish a National Information Technology Development Agency to implement the IT Policy, regulate, monitor, evaluate and verify progress on an ongoing basis…
Also, Strategy 13.3(iii) of the Policy further provides …Ensure the protection of individual and collective privacy, security, and confidentiality of information…
While it is global practice for sector regulators to give sector specific directives and regulations on how certain issues are to be addressed, this does not restrict the right of Government Agencies to issue regulations which cover the field as is the case in this matter. NITDA is in active collaboration with all sector regulators to ensure full compliance with the NDPR. The aggregate consensus of most stakeholders is that the NDPR is a laudable regulation which would further improve the Nigerian business environment and help attract foreign direct investment.
Finally, we advise that it is not in the strategic interest of interest groups to attempt to set government agencies against each other just because of its short-term benefits. NITDA is clear about its mandate as provided by the enabling law and will not be overawed by powerful interest groups to implement its mandate which is to the overall benefit of all Nigerians. It should also be noted that violation of the Regulatory Instruments of NITDA is a criminal offence and punishable with fine, imprisonment or both.
The National Information Technology Development Agency (NITDA) is a Federal Government Agency established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country. Specifically, Section 6(a, b, c & m) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; provide guidelines to facilitate the establishment and maintenance of appropriate infrastructure for information technology and systems application and development in Nigeria for public and private sectors, urban-rural development, the economy and the government; and accelerate internet and intranet penetration in Nigeria and promote sound internet Governance by giving effect to the Second Schedule of the Act.
Emmanuel Edet Esq,
Head, Legal Services & Board Matters,
National Information Technology Development Agency, Corporate Headquarters, Abuja, 14th August, 2019.