Chapter Eight

Cybersecurity, Data Protection And Threats in a Digital World

Africa is not only the fastest growing market for the technologies of the infotainment age, she also presents the rest of the world with a public sphere that has most radically been inflected by social media.

Prof. Pius Adesanmi

If you are wondering why we are going from music and popular culture to cybersecurity, I should make it clear to you; just as we cannot build truly prosperous societies without guaranteeing the safety of lives and property, any conversation about opportunities in the Digital Economy would prove incomplete if the issue of cybersecurity is left unaddressed. In a speech that General Amos Yadlin (Rtd.), (@YadlinAmos), Executive Director for the Institute for National Security Studies made during a plenary session at the Halifax International Security Forum (@HFXForum) in 2016, he said:

The three dimensions of cyber: espionage, which is collecting information, there is cyber security, to stop the other guy from collecting your information and then there is cyber operation, which is what you do with the information. You may destroy something for instance. Here is the bad and the good news; the bad news is that privacy as we know it is gone. It’s gone. If you think that your cellular phone is protected, there is somebody in the world, usually a superpower that can reach anything that you think is secure. This is the bad news. Another bad news is that in cyber, the attackers are now ahead of the defenders. Defending is always a problem, much more difficult because you don’t know where you will be attacked…..

The Curious Case of Kenya

George Kegoro, Executive Director, Kenya Human Rights Commission (KHRC), once said, “Without a data protection law, collecting information is like gathering water into a dam without safeguards if the water escapes.” Before the September 11, 2001 attack at the World Trade Centre in New York, there were simultaneous attacks on the US embassies in Nairobi, Kenya and Dar es Salaam, Tanzania, which killed 224 people and wounded some 5000 people. Like the 9/11, Osama bin Laden’s al Qaeda claimed responsibility for the 1998 attacks. Kenya has for a long time been battling the group Al-Shabaab, who pledged allegiance to Al-Qaeda in 2012. Since 2011, Al-Shabaab has carried out series of attacks in Kenya. The origin of this terror is connected to the involvement of Kenyan military operations carried out alongside their Somalian counterparts in the conflict-ridden southern part of Somalia. Kenya has faced a barrage of terrorist attacks since then. One of the most notable attacks took place on the 21 September 2013, when gunmen attacked the Westgate Shopping Mall in Nairobi. The attacks left at least 60 people dead and about 200 injured. Another notable attack is the 2nd April 2015 attack at Garissa University, northeast of Kenya. This gruesome attack left 147 people killed by Al-Shabab. There have been other numerous terrorist attacks before and after these two high profile ones.

The Nigerian Data Protection Regulation (NDPR)

Nigeria’s National Assembly once considered passing a Data Protection Bill that would have led to the formation of a Data Protection Agency, but that has since stalled. Chances are that it will make a return in the new assembly. In the absence of a Data Protection Law, the National Information Technology Development Agency (NITDA) instead issued a regulation to govern the process of data collection, usage and protection in Nigeria. It is called the Nigerian Data Protection Regulation, which came into effect on the 25 January 2019. The essence of this regulation is the protection of the personal data of all citizens and residents of Nigeria. It is the most comprehensive law on data protection in Nigeria until the Data Protection Bill becomes law. The objectives of the regulation include:

  1. to safeguard of the rights of natural persons to data privacy;
  2. foster safe conduct of transactions involving the exchange of Personal Data;
  3. to prevent manipulation of personal data; and
  4. to ensure that Nigerian businesses remain competitive in international trade, through the safeguards afforded by a just and equitable legal regulatory framework which is in tune with best practices.

The regulation also extensively defines the rights of data subjects. According to Saadatu Hamu Aliyu, a Managing Partner at Hamu Legal:

The Nigerian Data Protection Regulation is Nigeria’s first comprehensive legal framework in line with global standards protecting and enforcing the data privacy of citizens issued by the Nigerian Information Technology Agency (NITDA). The NDPR protects the personal data of all residents and citizens within and outside Nigeria.  It also provides to citizens, enforcement mechanisms when the regulation is breached. Whilst in some quarters the NDPR is criticized for being a replica of the GDPR, I see the NDPR as an affirmative consciousness of the consequence of a weak legal data protection framework for national security, data privacy and digital rights of citizens