LAGOS, Nigeria (VOICE OF NAIJA) – The Nigerian Communications Commission (NCC) has considered enacting data regulation for the telecoms industry.
Despite being in draft form at the moment, NCC claimed the law would offer a legal framework for the security and privacy of data in the Nigerian communications sector.
The Commission stated that it was creating the regulation in the 25-page document named “Data Protection (Communications Services) Regulations, 2023” based on the authority granted to it by section 70 of the Nigerian Communications Act, 2003 and all other powers empowering it in that regard.
The NCC states that any licensee who violates the regulations will be subject to an administrative fine of N10,000,000.00 and, if the violation is permitted to persist, a daily default penalty of N1,000,000.00 until the violation is either remedied or discontinued.
In the regulation, which is divided into 10 parts, the Commission said according to the provisions of the Enforcement Processes, Regulations, it shall exercise its powers to enforce any sanction imposed in the regulations.
The 10 parts include the objective, scope and application of these regulations; Processing of Communication Data; Safety of Communications Data; Consent; Calling and Called Line Identification; Use of Communications Services for Direct Marketing Purposes; Transfer of Communications Data; Sanctions, Enforcement and Compensation and Miscellaneous Provisions.
Meanwhile, NCC disclosed that the provisions of these Regulations shall apply to –licensees; subscribers; users other third parties directly or indirectly engaged with any of the above in respect of processing of communications data.
READ ALSO: NCC, NAICOM, SEC, PenCom, Others for SUPERNEWS Conference
In processing communications data, the telecoms regulator said the basis for processing such data must be provided for under the Regulation, the Act, subsidiary legislations issued by it, or other relevant laws enacted by the National Assembly about communications services.
It further stated that any further processing of the data must not be inconsistent with the original purpose, with the exception of the provisions of Regulation 36(2), which shall be deemed consistent with the initial purposes stipulated under the regulation.
NCC noted that without prejudice to the provisions of the Registration of Communications Subscribers Regulations, the processing of Biometrics Information to uniquely identify data subjects is prohibited, unless –
“(a) the processing is necessary and proportionate for security or authorisation purposes to serve a compelling public interest; and (b) the Data Subject has given consent, having been provided with a real choice and an alternative.
“(2) Notwithstanding sub-regulation (1), the transfer of Biometrics Information of data subjects outside the territorial jurisdiction of Nigeria is prohibited.”
The document revealed that NCC wants every licensee to put in place technical and administrative measures to ensure the safety of its services and communications data.
According to the draft, a licensee is required to immediately notify its data subjects where their personal information has been leaked, to prevent secondary damage or there is occurrence of risk that threatens their network infrastructure or services.