National Information Technology Development Agency (NITDA) has said that it acted in good faith licensing law firms as Data Protection Compliance Organisations (DPCO’s).
The Agency stated that, Nigeria’s model (of responding to global Information Communication and Technology trends) has become subject of intense studies for adoption within and outside Africa.
NITDA, in a statement by head corporate affairs and external relations Mrs Hadiza Umar said, it’s “attention has been drawn to a social media post made by a concerned legal practitioner on the propriety of NITDA licensing law firms as Data Protection Compliance Organisations (DPCO) to provide data-privacy related services to the public. In his opinion, this stifles the growth of data privacy in Nigeria.
“The right to privacy is a constitutional right guaranteed by section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended).
However, it is legal inaccuracy to equate the right of data privacy or indeed the provision of data privacy-related services, to the right to data protection.
Data protection goes beyond protecting personal data privacy; it also involves the processes, systems and rules to ensure the confidentiality, integrity and availability of data.
The Nigeria Data Protection Regulation (NDPR) does not seek to inhibit, restrict or curtail the rights of the legal practitioner as provided by the Legal Practitioners Act.
The NDPR rather, has opened a new vista of opportunities for lawyers to expand their practice into the area of data protection,” the statement reads in part.
The statement added that, “Lawyers have a right to conduct, take part in proceedings and file court and administrative processes relating to the enforcement or defence of the right to privacy.
However, not every lawyer has the competence to conduct and file Annual Data Audit Report as prescribed by Article 4.1(5, 6, 7) of the NDPR.
NITDA licensed law firms understand that they represent the Agency in the drive to entrench compliance and help data holding entities to bridge the historical and systemic gap in data protection compliance in Nigeria.
Unlike the requirements legal practitioners must fulfill before appearing in the courts of law, the criteria for licensing as a DPCO, requires knowledge of data protection compliance and enforcement, which is not part of the residual knowledge of every lawyer.
The opinion of the author that the DPCO scheme lacks precedent is a testimony to the innovation NITDA is bringing to its regulatory mandate.
