May 21, 2019

Data Protection Bill 2019: Google, Facebook Other Internet Intermediaries Must Keep Data Within Nigeria

The Data Protection Bill (HB 01) 2019 which is before the Nigerian Senate and has been passed by the House of Representatives is set to ensure that all data belonging to residents of Nigerians would be stored in servers situated within the territory of Nigeria. This principle is known as data localisation or data residency.

Section 36 of the bill proposes that

” The Data Commissioner shall mandate Data Controllers and Data Processors of Personal Data pursuant to this Bill, to record, systematize, accumulate, store, host, amend, update and retrieve Personal Data on devices that are physically located within Nigeria’s territorial jurisdiction.

The bill further provides in section 49 that a contravention of section 36 would lead to a fine of 8,000,000.00 (Eight Billion Naira) or not less than ten years imprisonment. The passage of this provision would lead to online Content sharing and service providers such as Google, Facebook, Whatsapp, Microsoft would have to store all personal data belonging to data subjects in Nigeria within Nigeria. The provision is set to create jobs for Nigerians.

Renown Nigerian privacy professional and data protection lawyer Adavize Alao was of the opinion that while the intentions of the drafters may be genuine the data localisation provision of the bill is a protectionist clause which seeks to help Nigerian businesses and secure data within Nigeria. Alao stated that the bill may lay to rest the horror of the Nigerian government having to deal with cybersecurity threats or individuals worrying about the right to privacy. 

Alao also stated that the provision is merely ratifying what Clause 12.1 of the Guidelines for Nigerian Content Development in Information and Communications Technology (ICT) released by the National Information Technology Development Agency (NITDA) in 2018 stipulate on the storage of subscriber and consumer data.

The lawyer also added that the data protection clause would lead to a development known as splinternet or cyber-balkanization which means the segregation of the internet by various regions due to factors such as technology, nationalism, commerce and laws.

He further noted that a fundamental flaw with data localisation policies is that it has the effect of undermining innovation and may stifle the development and advancement of Nigeria’s IT sector.

Ridwan Oloyede a research fellow at African Academic Network on Internet Policy and Nigerian Lawyer shared his view on data localisation. The lawyer stated that while data localisation could create new jobs and a thriving industry, it decimates the borderless nature of the internet and hurt trade liberalisation facilitated by cross-border data transfer. “The digital economy depends on the cross-border mobility of data.”

The legal practitioner advocated that in extreme situation, it could impact the use of basic services like social media, restricts access to information, facilitate censorship and limit free expression.

According to Oloyede, “For entities operating within Nigeria, it means, the imposition of onerous obligations to comply. Think of the economic cost of setting up and maintaining a data centre, and separation and movement of data. Think of slower operational process. Data localisation is a clog on innovation. It’s a trade barrier and an unreasonable burden on businesses.

“The provision of Section 36 and 49 of the Bill on data localization is confusing and would be subject to possible contention. The provision merely stated data should be stored physically in Nigeria without distinguishing whether it is sourced outside Nigeria, about residents in Nigeria, or outside the scope of the Bill, and it appears not to tolerate an exception. 

Photo Credit -