By 
“[It’s] a precedent that undermines all known data privacy frameworks and related global norms” – AHA.
Abdul-Hakeem Ajijola (AhA), a global cybersecurity resource, ranked No.13 in the IFSEC 2018 Global Cybersecurity professionals and thought leaders, has faulted the recent order by an Abuja court asking the Nigerian Immigration Service (NIS), the National Identity Management Commission (NIMC) and some banks in the country to release the biodata of David Ukpo to a former Deputy President of the Nigerian Senate at the centre of criminal proceedings in UK for alleged organ-harvesting scheme against a young Nigerian (David Ukpo).
The data security expert described it as “a precedent that undermines all known data privacy frameworks and related global norms.”
He believes “those drafting Nigeria’s data protection and privacy legislation, [can now] be pre-emptive and factor such possibilities with a view to providing pathways that prevent one private citizen gaining access to another citizens personal data, in line with Nigeria’s treaty obligations.”
RELATED: Court orders NIMC, Immigration, others to release Ukpo’s biodata to Ekweremadu, Wife
Ajijola, who is also the Chairman, Consultancy Support Services (CS2) Ltd noted: “Releasing a citizens (data subjects) bio data directly to another citizen because of a private contractual breach, not a national security or government-government matter, sets a terrible precedent and undermines all known data privacy frameworks, laws, and related global norms.”
According to Ajijola, “the court, though its decision, has effectively “hacked” and “breached” NIMC and bypassed all its protocols, trained experts, and costly technological investments to extract sensitive biodata – hacking is not restricted to cyber actors.”
Read the full Ajijola’s full statement below.
Abdul-Hakeem Ajijola (AhA)
A precedent that undermines all known data privacy frameworks and related global norms
Release Ukpo’s biodata to Ekweremadu, Court orders Immigration, others
https://huhuonline.com/index.php/home-4/huhuonline-more-news/15610-release-ukpo-s-biodata-to-ekweremadu-court-orders-immigration-others
Releasing a citizens (data subjects) bio data directly to another citizen because of a private contractual breach, not a national security or government-government matter, sets a terrible precedent and undermines all known data privacy frameworks, laws, and related global norms – the negative effect on our societies drive to evolve a digital economy is likely to be profound and long lasting. It will also be used as justification by other nations to avoid hosting their data in Nigeria or on Nigerian platforms, as the value of such data increases.
This is compounded by the fact that the courts and the litigants already know the content of the young man’s passport and his age based on this official document. On that note, Immigration ought not to publicly comment or release information on someone’s passport details without permission. What happens if the NIMC, BVN and passport ages are different? No Nigeria document will then ever be taken seriously. What if the ages tally across the three platforms? Then obtaining them will not further the case, as the passport data is sufficient, but undermines the sanctity of accessing and extracting data from the NIMC database by well-connected persons.
Furthermore, the court, though its decision, has effectively “hacked” and “breached” NIMC and bypassed all its protocols, trained experts, and costly technological investments to extract sensitive biodata – hacking is not restricted to cyber actors. As a precedent, in future, a person of “means” who has a contractual misunderstanding with a company can conceivably seek the biometric data of all the firms’ employees to make their “case.” This is something that NIMC must test in court, else its credibility to safeguard citizens biometric data is jeopardised.
At the very least the court would pass such information through official channels to the UK court and not provide it to one of the belligerents, given that they are both Nigerian citizens and theoretically equal under the law.
The court has reinforced the scepticism of many, especially in our diaspora, that their biometric and related personally identifiable information (PII) is not safe in Nigeria.
Trust is earned not purchased and this case has repercussions beyond the belligerents and undermines the trust needed to build a sustainable digital society.
To those drafting Nigeria’s data protection and privacy legislation, please be pre-emptive and factor such possibilities with a view to providing pathways that prevent one private citizen gaining access to another citizens personal data, in line with Nigeria’s treaty obligations.
AhA
