(Being Part 2 the text of a speech delivered at the 17th SPA Ajibade & Co.’s Annual Business Luncheon held on the 5th day of December 2024 in Lagos, Nigeria)
The Way Forward: Recommendations
The 2024 e-elections have come and gone but like its predecessors, vestiges of allegations of electoral malpractices continue to linger, especially in the light of the documented pushbacks from the electoral umpire. For future elections i.e the ones conducted on digital platforms, the NBA ought to sincerely consider the following suggestions:
- Proactive information on voters’ personal data
One of the data subjects’ rights guaranteed by the NDPA is the right to be informed on the processing of personal data. Since the ECNBA acknowledges that some “critical” personal information are fed to the e-voting platforms towards the elections, the NBA as controllers ought to proactively provide full, lucid, comprehensive and understandable information to the voters on the entire life cycle of their personal data for the electoral process i.e from collection to migration to the e-voting platforms and post-election use (if any). For clarity, the ECNBA must provide information on the data flow of the entire electoral cycle. For example, when you register to vote, where is the data recorded, after voting where are the votes’ digital receipts stored? etc. The NDPA expressly requires information on recipients of personal data, in this case, the e-voting platform, the period of retention, the sub-recipients from the e-voting platform and most importantly the rights of users.
- Adopt a multi-level approach towards curbing Identity theft and double-voting
It is rather too simplistic for the ECNBA to conclude that inaccurate voter records is not its “issue.” The duty to ensure the accuracy and update of personal data is a shared responsibility between the controller (ECNBA) in the context of elections and the voters. Interestingly, the NDPA puts this responsibility squarely at the NBA/ECNBA’s doorstep to ensure the accuracy of personal data and keep it up to date. The NBA does not have to wait till the election period before cleaning up the members’ personal data since the obligation to ensure accuracy and updated records is a recurrent duty. The NBA has an existing database of members which has members’ emails and telephone numbers, which can be used as a benchmark for the voters list to flag inconsistencies ahead of time.
- Votes cast are the personal data of contestants accessible by DSAR
The complainants’ request for the election transaction is to compare the number of votes cast in their favour with the results recorded for them in order to establish their allegations of manipulations and other electoral malpractices. In elections, votes cast in favour of a candidate represent the electorates’ endorsement and expression of their preference for the candidate concerned. These votes double as electorates’ and contestants’ personal data. Both the GDPR and NDPA define personal data identically as information relating to an individual directly or indirectly identifiable. From whatever prism one looks at it, election results, e-ballots and voting transactions relate to the candidates since they give clear information on the votes allegedly won and lost, hence they constitute the candidates’ personal data within the context of election outcomes. Admittedly, there are no direct authorities supporting this novel argument however, election computation and results could be likened to examination marking and grading on which a court decision exists. In Peter Nowak v Data Protection Commissioner,[1]a trainee accountant who failed an open book professional examination made a data subject access request for all his personal data held by the examination body. The body obliged the request but refused to share his examination scripts on the grounds that they did not contain personal data but when the matter went to the Court of Justice of the European Union (CJEU), the court found that:
“First, the content of those answers reflects the extent of the candidate’s knowledge and competence in a given field and, in some cases, his intellect, thought processes, and judgment. In the case of a handwritten script, the answers contain, in addition, information as to his handwriting. Second, the purpose of collecting those answers is to evaluate the candidate’s professional abilities and his suitability to practice the profession concerned. Last, the use of that information, one consequence of that use being the candidate’s success or failure at the examination concerned, is liable to have an effect on his or her rights and interests, in that it may determine or influence, for example, the chance of entering the profession aspired to or of obtaining the post sought.”
Relating the finding above to the complainants’ request, like examination results, the election transactions reflect the performances of the candidates in the election, and their suitability as decided by the electorate with consequences on their rights and interests in the leadership of the NBA. The totality of these considerations leads to an aggregate of election transactions as information relating either directly or indirectly to the candidates (the complainants) – the falls under the expansive definition of personal data. This position finds support in the European decision of Patrick Breyer v Germany[2] where the court acknowledges that information relating to a data subject may not contain all the identifiers, but an aggregate of other information makes such information qualify as personal data. In the complainants’ case, any vote cast in their favour directly relates to them while the other votes arguably indirectly relate to them as well. In any case, all the votes form part of the election transactions and they holistically relate to the complainants, in terms of the electorate’s endorsement or disapproval.
Having settled the nature of votes as contestants’ personal data as well, then such transactions are accessible by exercising data subjects’ access request. As part of the rights guaranteed by the NDPA, data subjects can request copies of their personal data in a controller’s possession.[3] Relying on this provision, the complainants are within their rights to demand copies of the election transactions and the ECNBA is duty-bound under the NDPA to oblige without incurring any liability.
- Masking/protecting other international users’ data
Part of the ECNBA’s reluctance to grant access is the apprehension of exposing other international service users’ personal data in the process. First, if this excuse was given by Election Buddy, then it is an indictment on them since elections on their platform are meant to be uniquely protected and encrypted. So access to the servers used for a particular election transaction does not necessarily expose data used in other election transactions not associated with the one concerned. Secondly, to circumvent privacy breaches, other users’ personal data can be masked or redacted while granting access to the relevant election transaction. In Michael J. Durant v Financial Services Authority[4] a bank customer made requests to his bank seeking disclosure of personal data held by it, both electronically and in manual files. The FSA provided him with some copies of documents relating to him but some of the documents were redacted so as not to disclose the names of others, but he wanted more files. When the matter got to the English Court of Appeal, the court notes the need for redaction and when consent will be dispensed with as follows:
“It is important to note that section 7(4) leaves the data controller with a choice of whether to seek consent; it does not oblige him to do so before deciding whether to disclose the personal data sought or, by redaction, to disclose only part of it.”
Under relevant data protection laws, access can validly be granted to servers where a legal basis exists. In this case, the controllers can validly rely on legitimate interest to grant access for elections audit thereby dispensing with the requirement for voters’ consent. For the Nigerian lawyers, the bases of legal obligation and legitimate interest are grounded in the NBA’s Constitution. The second schedule, Part 2, paragraph 8(c) of the Constitution of the Nigerian Bar Association, 2021 provides for electoral transparency thus:
“The ECNBA shall display openness and transparency in all its activities and in its relationship with all members, particularly the candidates for the election, and shall ensure the following: …Establish a system that allows interested parties to access, in a timely manner, all critical information, documents, and databases used in an election process, or used in the normal operation of the election administration.”
This provision was inserted in the Constitution to protect the rights of the complainants as a derogation from voters privacy recognised under section 45 of the Nigerian Constitution which subjugates certain fundamental rights at the expense of laws made for public order and protecting others’ rights. In interpreting how Section 45 of the Constitution relates to rules made by associations, the Supreme Court in Mbanefo v Molokwu ruled that:
“Section 45 provides that nothing in Section 40 of the 1999 Constitution shall invalidate any law that is reasonably justifiable in a democratic society, in the interest of defence, public safety, public Order, public morality or public health etc … This may be an appropriate stage to state loud and clear that
the interpretation of “law” as prescribed under section 45 of the Constitution cannot be restricted only to the statutes of parliament. It would include rules and regulations guiding communities which them in maintenance of peace and tranquillity. This will minimize those anti-social behaviours which spill over to the outside specific boundaries creating a breakdown of law and order thereby overloading the security agencies beyond their tour of duty.”[5]
From the foregoing decision, section 45 trumps any privacy arguments that may be used to shield electoral inaccuracies and malpractices in this circumstance.
- Choice of service provider and access to terms of engagement
As part of the recruitment process for an e-voting service provider, the preferred vendor’s privacy practices must be reviewed to ensure compliance with Nigerian data protection legislation. The service level agreement must be accessible to contestants to pre-inform them of their data subjects’ rights especially access to election transactions, and the rectification of inaccurate or misleading election records/results which are all guaranteed by the Nigeria Data Protection Act 2023.[6]
- Opening the black box and auditable elections
The adoption of e-voting in the NBA elections must turn out a better option than the erstwhile paper-based system in terms of transparency, security and accountability. The crux of the complainants’ post-election umbrage is the umpire’s refusal to allow them to audit the elections through the voting platforms. The ECNBA’s letter discloses that the conduct of what appears to be a self-audit which falls short of the complainants’ request, and what is more, Election Buddy favours election audits thus:
“It doesn’t matter if your organization is a small homeowners association electing officers in an intimate election or if you’re tallying votes for a large-scale industry association—you want to be sure the process is uncorrupted and fair. If the integrity of your elections comes into question, this is when election audits take place. Election audits occur when there is suspicion or evidence of discrepancies or inaccuracies in the voting process. These audits aren’t just reserved for elections involving the government. They can be applied to industries and organizations. Auditing your election can instil voter confidence and ensure your organization follows all proper procedures… While online voting is generally secure and accurate, audits are just as necessary for digital voting as physical ballot submissions. Both methods can work together to ensure accurate results… Currently, manually reviewing and recounting through an objective third party is the best way to audit elections and ensure an accurate vote count.”[7]
The NDPA requires personal data (election results in this case) to be accurate, not misleading and in the event of inaccuracy, it must be corrected and updated to reflect current reality.[8] This accuracy can only be ensured after a proper audit exercise has been conducted on the election. On the essentiality of audits, it has been advised that:
“Appropriate audits can be used to enable trust in the accuracy of election outcomes even if the integrity of software, hardware, personnel, or other aspects of the system on which an election is run were to be questioned.”[9]
In similar terms, Mello-Stark and Lamagna rightly argue that:
“In order for an election system to be trusted, it needs to be verifiable. Methods must exist to check that the votes are cast as intended by the voters. There must be strong evidence that the machines function as they are supposed to function. Voters should feel confident that the election is conducted fairly and accurately.”[10]
Driving further their advocacy for e-voting audits, the authors suggest, the following types of audits: receipts audits, tally audits and system self-checking audits using various methods.[11] In a much recent research paper, Khlaponin et al confirmed the necessity and option of ‘building a system of secret Internet voting, in which a full-fledged audit is available to all voters and their proxies. A full-fledged audit should be understood as such an audit, in which everything that may be in doubt is checked.’[12]
From the foregoing intervention, conducting audits on e-voting systems is not only necessary but essential for the integrity, transparency, and trustworthiness of electoral processes. Audits serve as a crucial mechanism to verify the accuracy of votes, ensure compliance with legal and regulatory standards, and identify any irregularities or security risks. Moreover, the credibility of NBA elections hinges on its members’ confidence in the electoral process. Regular audits can help to reassure stakeholders—including voters, political parties, and regulatory bodies—that the e-voting system operates as intended, free from manipulation or technical failures. By systematically assessing the security, functionality, and overall accuracy of these systems, audits can enhance accountability and contribute to a more robust democratic process.
Conclusion
The 2024 Nigerian Bar Association’s elections together with its post-election controversies provide a valuable case study for the practical and academic assessment of the intersection of data protection and e-voting systems. As technology continues to transform electoral processes across the World, the importance of safeguarding personal data, ensuring voter privacy and ascertaining the accuracy and credibility of voting platforms has never been more pronounced. This retrospective analysis highlights the pre- and post election intrigues, emphasizing the need for robust data protection measures including the respect for voters/candidates’ rights.
Effective data protection in e-voting systems is not merely a regulatory requirement but a cornerstone of public trust in the electoral process. The lessons learned from the 2024 elections underscore the necessity for continuous improvement in the security and transparency of e-voting systems. Moving forward, it is imperative that future elections incorporate best practices in data protection, including regular audits, stakeholder engagement, and adherence to established standards. As we advance into an increasingly digital future, the commitment to protecting voter data will play a pivotal role in fostering confidence and ensuring that bar elections remain fair, transparent, and secure.
Olumide Babalola
(PhD Researcher, University of Portsmouth; Member, Author, Privacy and Data Protection Law in Nigeria; Co-Author, Annotated Nigeria Data Protection Act 2023; Co-Founder, The Privacy Academy)
References
[1] C-434/16 delivered by the Court of Justice of the European Union on the 20th day of December 2017.
[2] Application no. 50001/12: Patrick Breyer v Germany delivered by the European Court of Human Rights on the 20th day of January 2020.
[3] NDPA, section 34(1)(a) –(b).
[4] Michael John Durant v Financial Services Authority [2003] EWCA Civ 1746. Delivered in 2003 by the UK Court of Appeal.
[5] Mbanefo v Molokwu (2014) LPELR-22257(SC).
[6] See section 34 of the NDPA.
[7] electionbuddyadmin, ‘Do Elections Get Audited?’ (ElectionBuddy, 24 May 2023) <https://electionbuddy.com/blog/2023/05/24/do-elections-get-audited/> accessed 5 October 2024.
[8] NDPA, section 24(1)(e) and 34(1)(c).
[9] National Academies of Sciences, Engineering, and Medicine ‘Securing the Vote: Protecting American Democracy’ at NAP.Edu <https://nap.nationalacademies.org/read/25120/chapter/7> accessed 5 October 2024.
[10] Suzanne Mello-Stark and Edmund A Lamagna, ‘The Need for Audit-Capable E-Voting Systems’, 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA) (2017) <https://ieeexplore.ieee.org/document/7929736/?arnumber=7929736> accessed 8 October 2024.
[11] ibid.
[12] Yuriy Khlaponin, Volodymyr Vyshniakov and Oleg Komarnytskyi, ‘Proof of the Possibility for a Public Audit of a Secret Internet Voting System’ (19 January 2023) <https://papers.ssrn.com/abstract=4330966> accessed 8 October 2024.