Duty of service providers to reveal customer information
The right of individuals
to protect their data is very sacred and fundamental. Section 37 of the 1999
Nigerian Constitution provides that; “the privacy of citizens, their
homes, correspondence, telephone conversations and telegraphic communications
is hereby guaranteed and protected”.
to protect their data is very sacred and fundamental. Section 37 of the 1999
Nigerian Constitution provides that; “the privacy of citizens, their
homes, correspondence, telephone conversations and telegraphic communications
is hereby guaranteed and protected”.
The Nigerian Communications
Commission also provides
that all licensees must take reasonable steps to protect customer information
against “improper or accidental disclosure” and must ensure that such
information is securely stored. It also provides that customer information must
“not be transferred to any party except as otherwise permitted or required by
other applicable laws or regulations”.
This right is however constantly at logger
heads with government intrusion, as governments and security agencies are always
looking for ways to collect, intercept and interpret user data for security and
administrative reasons.
heads with government intrusion, as governments and security agencies are always
looking for ways to collect, intercept and interpret user data for security and
administrative reasons.
An international
illustration was the legal battle between mobile phone giant, Apple and the U.S
government, when Apple refused to help F.B.I investigators gain access to an
iPhone used by Syed Rizwan Farook in the December, 2015, mass shooting in San
Bernardino, Calif. Apple argued, that such access could create a permanent way
to bypass iPhone password protection for law enforcement officials or even the
spy agencies of other countries[i].
illustration was the legal battle between mobile phone giant, Apple and the U.S
government, when Apple refused to help F.B.I investigators gain access to an
iPhone used by Syed Rizwan Farook in the December, 2015, mass shooting in San
Bernardino, Calif. Apple argued, that such access could create a permanent way
to bypass iPhone password protection for law enforcement officials or even the
spy agencies of other countries[i].
Sadly, if the above
scenario were to play out in Nigeria, the outcome may not have been as eventful
as the Apple case, as service providers in Nigeria usually cooperate with
directives from security agencies to give out customer user information and
data. This is as a result of the provisions of the Cybercrimes Act, 2015 which
mandates the service providers to do so.
scenario were to play out in Nigeria, the outcome may not have been as eventful
as the Apple case, as service providers in Nigeria usually cooperate with
directives from security agencies to give out customer user information and
data. This is as a result of the provisions of the Cybercrimes Act, 2015 which
mandates the service providers to do so.
Does this mean all user
data are not protected? Certainly not. User information is protected in-line with
the fundamental right to privacy under the Nigerian Constitution. However, does
this mean all user data is accessible by security agencies in Nigeria? The
answer is yes.
data are not protected? Certainly not. User information is protected in-line with
the fundamental right to privacy under the Nigerian Constitution. However, does
this mean all user data is accessible by security agencies in Nigeria? The
answer is yes.
By virtue of Section 38 of
the Cybercrimes Act, 2015, service providers are mandated to keep all traffic
data and subscriber information as may be prescribed by relevant authority, for
a period of 2 years. Furthermore, service providers shall, at the request of
the relevant authority or any law enforcement agency preserve, hold or retain
any traffic data, subscriber information, non-content information, and content
data; and release any such information upon request. It is worthy of note that the law prescribes
that any person who contravenes the above mentioned law shall be liable to 3
years imprisonment or fine of up toN7,000,000 (Seven Million Naira) or both.
the Cybercrimes Act, 2015, service providers are mandated to keep all traffic
data and subscriber information as may be prescribed by relevant authority, for
a period of 2 years. Furthermore, service providers shall, at the request of
the relevant authority or any law enforcement agency preserve, hold or retain
any traffic data, subscriber information, non-content information, and content
data; and release any such information upon request. It is worthy of note that the law prescribes
that any person who contravenes the above mentioned law shall be liable to 3
years imprisonment or fine of up to
Section 39, also empowers
security agencies by virtue of a court order, to request that electronic
communications of service users be intercepted, collected or recorded. The
above makes it clear that security agencies most likely have unbridled access
to customer information in Nigeria and if Mr. Syed Rizwan Farook had been in Nigeria,
the service providers will most likely have handed his information on a platter
to the FBI.
security agencies by virtue of a court order, to request that electronic
communications of service users be intercepted, collected or recorded. The
above makes it clear that security agencies most likely have unbridled access
to customer information in Nigeria and if Mr. Syed Rizwan Farook had been in Nigeria,
the service providers will most likely have handed his information on a platter
to the FBI.
As seen in Section 40 of
the Cybercrimes Act, service providers have a duty to disclose information
requested by any law enforcement agency or otherwise render assistance
howsoever in any inquiry or proceeding under this Act. Such duties include –
the Cybercrimes Act, service providers have a duty to disclose information
requested by any law enforcement agency or otherwise render assistance
howsoever in any inquiry or proceeding under this Act. Such duties include –
(a) the identification, apprehension and prosecution of
offenders;
offenders;
(b)
the identification, tracking and tracing of proceeds of any offence or any property,
equipment or device used in the commission of any offence; or
the identification, tracking and tracing of proceeds of any offence or any property,
equipment or device used in the commission of any offence; or
(c)
the freezing, removal, erasure or cancellation of the services of the offender which
enables the offender to either commit the offence, hide or preserve the proceeds
of any offence or any property, equipment or device used in the commission of
the offence.
the freezing, removal, erasure or cancellation of the services of the offender which
enables the offender to either commit the offence, hide or preserve the proceeds
of any offence or any property, equipment or device used in the commission of
the offence.
Any service provider who
contravenes these provisions commits an offence and shall be liable on conviction
to a fine of not more thanN10,000,000.00.
Also, each director, manager or officer of the service provider shall be liable
on conviction to imprisonment for a term of not more than 3 years or a fine of
not more thanN7,000,000.00 or to both
such fine and imprisonment. With such stringent statutory provisions of the
law, hardly will any service provider put up a fight in Nigeria as Apple did in
the US.
contravenes these provisions commits an offence and shall be liable on conviction
to a fine of not more than
Also, each director, manager or officer of the service provider shall be liable
on conviction to imprisonment for a term of not more than 3 years or a fine of
not more than
such fine and imprisonment. With such stringent statutory provisions of the
law, hardly will any service provider put up a fight in Nigeria as Apple did in
the US.
In Conclusion, the court
held in FRN V. DANIEL, (2011) LPELR-4152(CA); that –
held in FRN V. DANIEL, (2011) LPELR-4152(CA); that –
“Undoubtedly, by virtue of the provision of
section 37 of the 1999 constitution, the privacy of every Nigerian Citizen, the
home, correspondence, telephonic and other telegraphic communications are
cherishingly guaranteed and protected. However, notwithstanding the provision
of section 37 (supra), section 45(1) of the 1999 constitution has provided in
unequivocal terms that nothing in sections 37, 38, 39, 40 and 41 thereof shall
invalidate what appears to be reasonably justifiable in a democratic society –
section 37 of the 1999 constitution, the privacy of every Nigerian Citizen, the
home, correspondence, telephonic and other telegraphic communications are
cherishingly guaranteed and protected. However, notwithstanding the provision
of section 37 (supra), section 45(1) of the 1999 constitution has provided in
unequivocal terms that nothing in sections 37, 38, 39, 40 and 41 thereof shall
invalidate what appears to be reasonably justifiable in a democratic society –
(a) in the interest of defence, public safety,
public order, public morality or public health; or
public order, public morality or public health; or
(b) for the purpose of protecting the rights and
freedom of other persons.”
freedom of other persons.”
Adedunmade Onibokun, Esq.
Adedunmade is the Principal
Partner of Adedunmade Onibokun & Co., a corporate commercial law firm
located in Lagos, Nigeria. He can be reached via dunmadeo@yahoo.com and www.adedunmadeonibokun.com
Partner of Adedunmade Onibokun & Co., a corporate commercial law firm
located in Lagos, Nigeria. He can be reached via dunmadeo@yahoo.com and www.adedunmadeonibokun.com
[i] [i] New York
Times. (2016). Breaking Down Apple’s iPhone Fight With the U.S. Government.
Available:
http://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html?_r=0.
Last accessed 29th November, 2016.
Times. (2016). Breaking Down Apple’s iPhone Fight With the U.S. Government.
Available:
http://www.nytimes.com/interactive/2016/03/03/technology/apple-iphone-fbi-fight-explained.html?_r=0.
Last accessed 29th November, 2016.