By Adeboye Adegoke
It is no longer news that Cambridge Analytica’s transgression is not just about the Donald Trump’s 2016 elections campaign or the role of Russia in the United States’ election. Evidence has now shown that it had its footprints in the very toxic 2015 elections in Nigeria and the very highly contested Kenya elections in 2016. The implication of this must not be lost on us. This is not just about elections, this is not just about the failure of an intermediary to justify the trust of its customers in it but this is also about the significance of data in the 21st century. While there are barely any data protection frameworks across many countries in Africa, the thirst for data harvesting by the government is almost unquenchable. The risk that we face in Africa is not only about what or how private companies handle our data and who they connive with but also how government use data as a tool of control and manipulations of citizens. In Nigeria like many African countries, security agencies have unfettered access to citizens’ data irrespective of whom it was shared with (government or private companies), in a very opaque manner with no system of accountability or judicial oversight in place and the absence of the opportunity to seek redress is like adding insult to injury.
Attitude Must Change
The subject of data protection is never really taken seriously in Africa. The laissez-faire attitudes of not just data custodians but of data owners are very alarming. On a continent with unbridled data harvesting processes completed and ongoing, not many appreciate nor care about what’s been done with those data. A government agency in an African country once sold laptops used for some data harvesting exercise to private individuals without completely erasing the private data mined with the computer. Kenya and Nigeria, the two African countries that we are sure to have the footprint of Cambridge analytical has no data protection Laws. The process to have one has been ongoing for years in both countries. In Nigeria, draft data protection legislation has sat in the country’s National Assembly for 8 years and this is despite the fact that the bill was sponsored by the speaker of Nigeria’s House of Representatives and the number 4 citizen of the country. One would have thought with the profile, the bill should be making accelerated progress. The closest Nigeria is to a Data protection framework, is the Digital Rights and freedom Bill which has been passed by both houses of Nigeria’s National Assembly and awaiting Presidential assent.
Frameworks must be put in Place
In Africa, only about 14 countries have a data protection law according to a report on Data Protection published by Delloite. The report further shows that in the whole of Anglophone West Africa, only Ghana has Data protection frameworks. While Nigeria’s process is ongoing, Liberia has no frameworks at all. Sierra Leone and The Gambia has some level of constitutional coverage which isn’t sufficient given new realities. Central Africa is worse. From the Central Africa Republic to Congo DR and Congo Brazzaville, South Sudan and Cameroon, No frameworks exists! The EU General Data Protection Regulations (GDPR) is widely regarded as the most comprehensive — data protection framework in the world. And Nigeria’s and Kenya’s Data Protection Bill were modelled on the GDPR. The two countries definitely need whatever it takes to complete the ongoing process. This may be a low hanging fruit within an African context while those countries that have not started the process now needs to do so immediately.
Intermediaries need to do better
In the meantime, and while we examine what lessons are there for us in the cambridge analytica whistle blower revelations, we must emphasize the paramount importance of company’s responsibility to protect the data held in trust for their customers. Citizens’ data are openly advertised for political or business patronage in many countries in Africa and not many are worried by this trend. What we are seeing now is how the fundamental choice in elections is shaped by forces outside our territory. How we think we are in charge of our actions but are being just a puppet to data manipulators who shapes our beliefs and choices in ways unknown to many. Many elections have held in Africa in the last 12 months from Rwanda, Kenya, Angola, Liberia and lately Sierra Leone. How much of this have their outcome been manipulated by technology or connivance with a technology company? Lately, blockchain technology was said to have been deployed in the recently held Sierra Leone elections. Although Sierra Leone authorities have denied this but we do know there is no smoke without fire. The question isn’t about whether it is appropriate to embrace the use of technology to make better choices but that of attitude and disposition to same and ensuring this is done right and is not manipulated to the unfair advantage of some. Technology must not be used to manipulate voters’ preference. The role of companies as intermediaries comes with huge responsibilities. African companies must develop and implement internal data protection guidelines and must not be subjected to the Government’s whims and caprices. In most African countries, security agencies have unfettered access to data being held by telcos and have connived with political leadership to infringe on privacy rights of many citizens.
Fire Brigade Approach will not solve the problem
In the wake of the recent revelations, Facebook has suspended the account of Cambridge Analytica and the other companies connected to the scandal, but this is only typical of a fire brigade approach to the issue. It is same way most countries around here react rather than proactively position to avoid breaches by failing to put frameworks in place.
It remained to be seen whether African Government will now take the subject of data privacy more seriously. Now that we know that the eMail account of Nigeria’s President was hacked and his health record retrieved in the wake of the election that brought him to power, he shouldn’t really be needing anyone to convince him on the importance of signing into Law the Digital Rights and Freedom Bill passed by the Nigerian parliament and he should bemounting needed pressure on Nigeria’s parliament to complete the legislative process for the Data protection Bill so he can assert that as well.
Adeboye Adegoke leads Paradigm Initiative Digital Rights Advocacy work in Anglophone West Africa. He can be found on Twitter at @adeboyeBGO .