Stakeholders in the telecommunications sector have advised the Nigerian Communications Commission (NCC) to harmonize its data protection regulation with the Nigeria Data Protection Act (NDPA).
The stakeholders, which include telecom operators consulting firms, and trade associations gave the advice during a public inquiry on the draft regulation on data protection.
This was even as they expressed concerns about some provisions of the regulation for contravening the NDPA, which was recently signed by President Bola Tinubu.
Specifically, GSMA, the umbrella body of all mobile network operators globally, advised the Commission to carry out a comprehensive comparative analysis of the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulations, 2019, and the NCC Data Protection Regulations, 2023 with a view to identifying areas of overlap, discrepancies, or conflicting provisions to determine the extent of misalignment.
Based on the comparative analysis, GSMA said the telecom regulator should identify key areas that require harmonization across the data protection laws and regulations.
This, it said, may involve addressing inconsistencies in definitions, obligations, rights of data subjects, enforcement mechanisms, and the roles of relevant authorities.
Conflicting provisions
- Citing NCC’s Regulation 40(1) which states that: “A person who suffers damage by reason of any contravention of any of the requirements of these Regulations by any other person may institute a civil proceeding in a court of competent jurisdiction, in order to claim compensation from the other person for that damage,” ATC Nigeria Infrastructure Wireless Limited noted that:
- “There is a potential conflict as to whether the fines under the Regulations are in addition to the ones under the Act as what constitutes an infraction under the Regulation will most likely also be an infraction under the Act.”
ATC stated that the Commission needed to clarify the real purpose of the draft regulation and whether there were certain gaps in the Nigerian Data Protection Act (NDPA), 2023 that the Commission is trying to fill.
The company further suggested that the approach to tackling the conflict/friction between the regulation and the NDPA is to clearly review both legal instruments and see which areas need to be worked on and where the Commission can step in to fill those gaps.
MTN Nigeria, in its submission during the inquiry MTN noted that there seems to be a conflict between Section 63 of the NDPA and the Regulations on Data Protection. MTN was seeking clarification on what law to rely on regarding the NDPA and the draft Data Protection Regulations.
The telecom operator also recommended aligning provisions between the draft Regulations and the Nigeria Data Protection Act, of 2023.
Why the regulation?
NCC said it came up with the data protection regulation to specifically provide for a regulatory framework for the protection and privacy of data in the Nigerian Communications sector.
It said the regulation relates to the processing of communications data and the need for licensees of the Commission to ensure that certain requirements are complied with in the processing of communications data.
It, however, said that all the concerns raised by the stakeholders have been noted and would be reflected in its review of the regulation.