Why Fintechs Need Data Protection Framework In Nigeria - Sundiata Tech


Home Top Ad

Post Top Ad

Friday, March 16, 2018

Why Fintechs Need Data Protection Framework In Nigeria

Data is a mainstay for financial technology (Fintech) firms. In fact, their survival and success often hinge on how well they interact with the data in their possession. In view of that, they require enabling laws to ensure the data they handle are not abused but are judiciously applied in a responsible manner to spur innovation and at the same time build investors’ confidence in the ecosystem.

In a recent report titled ‘Fintech Forward Outlook’ Olaniwun Ajayi, a Nigerian-based law firm with expertise in the space, acknowledged that continued absence of a data protection regime stifles the growth of investment in Fintech and the adoption of other sophisticated technologies.

Data protection refers to the process of safeguarding important information from corruption, compromise and loss.

Being mostly digital-based, Fintech companies mine data on a daily basis as they recruit more and more customers onto their platforms. Everything from names, date of birth, residential information, to bank account details are collected by Fintech firms. The forward-looking companies will analyse the data and use the intelligence to provide better services for their customers.

As the volume of data created and stored grows to unprecedented levels the importance of data protection becomes even more acute.

In Nigeria, apart from section 37 of the 1999 Constitution which guarantees and protects “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications”, the country does not possess a comprehensive data protection framework. At best, different agencies have at some point come up with data protection policies.

The Credit Reporting Act, 2017 (Part III, Section 6) which seeks to create and protect a database of parties involved in credit transactions is another document that comes close but failed in scope.

The Freedom of Information Act, 2011 (FOI Act) also seeks to protect personal privacy. Section 14 of the Act provides that a public institution is obliged to deny an application for information that contains personal information unless the individual involved consents to the disclosure, or where such information is publicly available.

“This is insufficient,” notes the report from Olaniwun Ajayi. “As innovation is interwoven with fintech and the ever changing landscape, a traditional regulatory approach to data protection may not be effective.”

The UK Data Protection Act, for instance, ensures that the a customer’s information is used fairly and lawfully; used for limited, specifically stated purposes; used in a way that is adequate, relevant and not excessive; accurate; kept for no longer than is absolutely necessary; handled according to people’s data protection rights; kept safe and secure; and not transferred outside the recognised economic area without adequate protection.

The India government in January, 2018, set up a committee of experts to study various issues relating to data protection in the country. The committee will make specific suggestions on principles underlying a data protection bill and draft such a bill, with the objective to ensure growth of the digital economy while keeping personal data of citizens secure and protected.

The National Information Technology Development Agency (NITDA) has recently come up with a set of guidelines that prescribe the minimum data protection requirements for the collection, storage, processing, management, operation and technical controls for information.

The guidelines are the arguably the only set of regulations that contains specific and detailed provisions on the protection, storage, transfer, or treatment of personal data in Nigeria but they are not backed by the force of law. Hence, companies can flout the guidelines without fear of punishment.

What is needed, according to Olaniwun Ajayi, is a holistic and robust regulation on data protection, like the EU Data Protection Directive ‘Directive 95/46/EC’ adopted by the EU to protect the privacy and protection of all personal data about EU citizens collected for public and commercial use.

A firm legal framework for data protection is the foundation on which data-driven innovation and entrepreneurship can thrive in Nigeria. Fostering such innovation and entrepreneurship is essential if Nigeria is to lead its citizens and the world into a digital future committed to empowerment, experiment and equal access. Businessday.

No comments:

Post a Comment

Post Bottom Ad