By Nwakaego Alajemba
Former president of the Nigeria Internet Registration Association (NiRA), Reverend Sunday Folayan, has condemned the viral video of a lady being unprofessionally questioned and harassed by some policemen in Ibadan, Oyo state.
Folayan in a social media post said the police officers may have violated both the lady’s fundamental human rights and the new “Nigerian Data Protection Regulation (NDPR) issued last year by the National Information Technology Development Agency (NITDA), the regulatory authority for IT in Nigeria.
In January, 2019 as part of global best practices, the NITDA issued the NDPR to stem the wanton abuse of data privacy by all public and private entities.
The NDPR covers transactions intended for the processing of personal data; and to actual processing of personal data and person(s) residing in Nigeria or, residing outside Nigeria but of Nigerian descent.
Under the NDPR, personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
As the viral video revealed, the tone and manner of interrogation of the subject by the police officers, the recording of the interrogation for malicious intent and the uploading as well as publication of same content via social media platforms violate both the terms of the NDPR and her fundamental human rights as a citizen, Folayan argued in his post monitored by IT Edge News.
His position is shared by millions of Nigerians outraged by what is perceived as an abuse of a citizen.
Nigerian authorities have since reacted. The Inspector-General of Police, Mohammed Adamu, has ordered that the viral video be probed.
Already, three police officers and one civilian accomplice who participated in the unprofessional conduct have been arrested, according to the Force Public Relations Officer, Deputy Commissioner of Police, Frank Mba.
“Two suspects, ASP Tijani Olatunji and Inspector Gboyega Oyeniyi have been arrested for their role in the discreditable conduct and incivility to a member of the public,” said Mba in the statement released by the Force Headquarters in Abuja last night.
There is an increasing need to raise awareness on the NDPR among public sector players, particularly security agencies. There appears to be little or no knowledge at all of the NDPR in these critical agencies, said Chief Executive Officer of Data Services Protection Limited (DSPL), Tunde Balogun. The DSPL is one of Licensed Data Protection Compliance Organisations (DCPOs) empowered by law to monitor compliance to the NDPR by data controllers – that is entities that collect, store or interface with citizens data in anyway.
Read Sunday Folayan’s post below.
A Police Officer arrested a wanted/suspected criminal, along with a young lady who was with him at the time of the arrest [1].
In cuffs, kneeling and in total humiliation, He asked her very many personal questions unrelated to the matter under investigation, including “Who dis-virgined you?”.Right there, and captured on video, which he later shared to boast and celebrate/project his prowess.
You see, the Police Officer may have violated the lady’s Fundamental Human Rights, and I am sure the Human Rights and Feminists etc will not spare them.
You see, The Nigerian Police as an Institution, with the Police man as an accomplice, may have violated the new “Nigerian Data Protection Regulation (NDPR)” [2].
We need some smart lawyers to test this law, and probably help make Nigeria a safer place, by assuring compliance by law enforcement officers.
Asking the young lady “who deflowered her?”, is collecting personal information. What effort was made to secure and protect the information and her identity, even when she has not been found guilty?
So …
1. Is the Police force guilty of NDPR violation?
2. Do police officers know about the NDPR?
3. Who is the Data Controller for the Police?
4. Who is the police Data Protection Officer?
5. Who are the recipients and categories of recipient of these personal data?
6. How long will the data have been stored?
7. It is now permanently on youtube … How liable is the Police Force?
According to the NDPR:
2.13.6 Prior to collecting personal data from a Data Subject, the Controller shall provide the Data Subject with all of the following information:
a) the identity and the contact details of the Controller;
b) the contact details of the Data Protection Officer;
c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
d) the legitimate interests pursued by the Controller or by a third party;
e) the recipients or categories of recipients of the personal data, if any;
f) where applicable, the fact that the Controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Agency;
g) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
h) the existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
i) the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
j) the right to lodge a complaint with a relevant authority;
k) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the Data Subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
l) the existence of automated decision-making, including profiling and, at least, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the
Data Subject;
m) Where the Controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information; and
n) where applicable, that the Controller intends to transfer personal data to a recipient in a foreign country or international organisation and the existence or absence of an adequacy decision by the Agency.
References
1. https://www.youtube.com/watch?v=f0e-aXxJb3g
2. https://nitda.gov.ng/…/Nigeria%20Data%20Protection%20Regula…