2.1 Relationship between information privacy and data protection
The international discourse on privacy has from inception proceeded along two main conceptual parameters, each with its own preferred nomenclature. In the US, the discourse began in 1890 with the epochal article, ―The Right to Privacy‖,86 and as a consequence, the terminology of ―Privacy‖ was adopted. Public, academic and judicial debate over the concept of ―privacy‖ accelerated in the 1960s in reaction to the then growing computer industry and the capabilities of the computer to process personal information. The concept of ―information privacy‖ came to the fore during this time.87 In Europe, the same fears were expressed but preference was given to ―data protection‖, perhaps because of the more diverse spread of languages. Bygrave traces the nomenclature to the German term ―Datenschutz‖.88 Both concepts, information privacy and data protection, however, refer to the same core values and interests, not only in the US and Europe, but also worldwide. Moreover, one common quality holds them all together and that is the fact that both suffer from definitional challenges.89
84 Eg s 37 Constitution of the Federal Republic of Nigeria 1999.
85 Stuntz 1995 (93) Mich Telecomm. & Tech L Rev 1016.
86 Warren and Brandeis 1890 (4) Harv L Rev 193.
87 See par 3.5 below for an explanation of the distinction between information privacy and data protection.
The diminished ability of the individual to control access to, collection of and use of his or her personal information by others gave rise to the recognition of a right of information privacy. See Solove and Rotenberg Information Privacy Law 1.
88 Bygrave 2004 (47) Sc St L 319-348.
89 See Chp 4 par 1.1.2 below for a brief analysis of the varying definitions of privacy.
24 2.2 Information privacy in the ICT environment
The adoption and application of ICTs in Nigeria is much more widespread in the telecommunications and financial services sectors of the economy. It is especially in these spheres of activities that personal information of the users of the technologies are collected. The corporate entities that collect personal information also have the capability to distribute or disclose such information to third parties without the knowledge or consent of the user or data subject. As the uptake of technology increases in Nigeria, the individual‘s ability or capacity to control how his personal information is collected, processed and disclosed is seriously eroded. It is inevitable that personal information is disclosed to facilitate the necessary transactions. The opening of bank accounts, getting driving licenses and other similar transactions elicit the voluntary disclosure of personal information. However, in an increasing number of cases, such disclosure is either deceptively or unobtrusively obtained without the knowledge or consent of the person concerned.90 The collection of personal information by ICTs calls to question the adequacy of extant laws in Nigeria to protect transaction- generated personal information.
Whilst the rapid development of the new Information and Communication Technologies (ICTs) have had a number of beneficial consequences, such as the rapid increase in telephone density in Nigeria, this study is concerned with the fact that the human rights implications (particularly concerning privacy) of a wholesale adoption of these technologies and their capacities to intrude upon the users‘ privacy have so far failed to receive adequate or any attention at all in Nigeria. There is a dearth of information and research both from the government and from academia touching upon the interplay between technology and the fundamental rights of the people. It is this concern that informs this research.
90 Gordon Kaye v Andrew Robertson and Sport Newspapers Ltd (1991) FSR 62. In this case, information about the plaintiff, a television celebrity, was deceptively obtained by a journalist without the consent of the plaintiff.
25 2.3 Data protection and Trans-border Data Flows (TBDF)
The trend towards an international harmonisation of domestic data protection laws provides a particularly compelling reason for examining the issues relating to data protection91 in Nigeria. This is all the more necessary because at the international level, trade issues are increasingly turning away from commodities, the main source of comparative advantage for developing countries, to trade in services. The developed countries control this sector of world trade and set the terms for trade which others must follow.92 The convergence of computers with communications networks has had a huge impact on world trade. According to Braga, the impact of information technology on trade in services has led to the introduction of new products such as financial derivatives, computer reservation systems for airlines and telemedicine, as well as qualitative changes in the provision of existing services such as distance education which are powered by technological advances in information technology.93 The cross-border flow of information is indispensable to these services and they account for a significant portion of trans-border data flow in world trade.
The regulation of cross-border flow of traffic whether of goods, services or information is largely controlled by large trading blocs like the EU and the US; the rest of the world can either comply with the terms of the trade or be shut out. Nigeria cannot afford to ignore such developments. However, the question arises whether the EU‘s threat, implicit in its Directive, to restrict the flow of information to third countries whose data protection levels are considered inadequate, is against WTO rules and its General Agreement on Trade in Services (GATS). This issue will be considered in chapter 7.
91 See par 2.1.
92 See n 46. A state‘s large market provides it with leverage on other states‘ domestic policies because their access to its market is important to them. Shaffer refers to this as ―market power‖ because it derives from the threat, implicit or explicit, of a denial of market access. The combined market power of the European Union is so enormous that it can leverage domestic policies in other economic giants like the USA and more so the smaller and economically weaker nations. The EU Directive implicitly or explicitly threatens a denial of market access to those nations that do not meet the adequacy test on data protection and since many of the developing nations have not enacted such laws, they are more at risk depending of course on if their level of trade with the EU is big enough to warrant such a concern.
93 Hoekman and Braga Protection and Trade in Services 4 [online].
26 2.4 Critical questions to be answered
The global trend referred to above has implications for Nigeria and raises a number of questions which this thesis seeks to answer. Some of the specific questions that will be addressed are:
Whether a vigorous privacy protection regime would undermine the freedom of information and thereby inhibit the discovery and disclosure of the truth in a manifestly corrupt society;
Whether the constitutional protection of privacy and statute law at present is sufficient for the protection of information privacy in Nigeria;
Whether the EU Directive on Data Protection requires any response from Nigeria, and if Nigeria does not respond to the Directive‘s requirement for adequate data protection laws, what the consequences will be;
Assuming that there is a compelling need to protect, or rather strengthen the protection of information privacy in Nigeria, to explore what approach or model of protection should be adopted.
2.5 Assumptions
Implicit in the perspective of this research is the assumption, on the one hand, that technology is a necessary adjunct to national development in Nigeria, but, on the other hand, that privacy is a human right, the importance of which must not be undermined in the inexorable march of technological advancement in Nigeria.
This thesis will therefore proceed on the following premises:
The Global Network Economy that the ICTs have given birth to is increasingly being governed by new rules in an emerging legal order that transcends geographical boundaries.
To be a meaningful participant in this New Economy, each nation must agree to abide by these emerging norms and rules in order to minimise conflicts and maximise benefits.
The chief currency of this New Economy is information in its different manifestations and it must be allowed to flow freely through the ICTs that make up the international communications network. This freedom of movement must however take account of the compelling demands of privacy.
To achieve this, each nation must put in place within its own national
27 jurisdiction, a legal framework that is supportive of the new and evolving legal order and its norms, from which the New Economy is expected to derive its legality, certainty and continuance. It is accepted that different nations have different conceptions of privacy and how it should be protected. Nevertheless, harmonisation between information privacy laws is needed in order to allow free flow of information between different jurisdictions.