SlideShare a Scribd company logo

Appraising Nigeria’s new Federal Competition and Consumer Protection Act through a Data Subject’s Prism

D
DikeIbegbulemLLMNig

This document discusses the protection of consumer rights and personal data in Nigeria, particularly in the context of e-commerce and digital transactions. It provides background on consumer rights and protections. It then summarizes recent developments in Nigeria's data protection and consumer protection laws and regulations, including the new Federal Competition and Consumer Protection Act and Nigerian Data Protection Regulation. The document also discusses surveys that found Nigerians have concerns about their privacy and data security in the digital space.

Law
1 of 11
Download to read offline
Appraising Nigeria’s new Federal Competition and Consumer Protection Act through a Data Subject’s Prism By Dike Justin Ibegbulem1 Introduction ‘Consumer protection’ refers to the ‘act of safeguarding the interests of the consumer in matters relating to the supply of goods and services’.2 Accordingly, the concept of consumer protection is generally used to classify measures that seek to ensure that consumers are fairly treated and that their rights are protected in commercial transactions that involve the supply of goods or services. The eight universally accepted basic rights of a consumer are: (i) The right to safety: this requires that consumers are to be safeguarded against goods or services that are defective or risk prone; (ii) The right to information: this implies that consumers are to be informed adequately with respect to the accurate price, as well as the quality, or quantity of goods or services; (iii) The right to choose: this implies that consumers are to be provided with a wide variety of goods or services to choose from; (iv) The right to be heard: this entitles consumers to make complaints and receive a response from the suppliers of goods or services; (v) The right to seek redress: this implies that consumers are entitled to seek redress for their complaints in complaint resolution forums; (vi) The right to consumer education: this requires that consumers are to be educated about their rights, as well as the products or services they wish to purchase; and, (vii) The right to a healthy environment: this implies that people have the right to live and work in an environment which is neither threatening nor dangerous and which permits a life of dignity and well-being; and (viii) The right to representation: this is the right to express consumer interests in the making and execution of government policies.3 The goal of the law in consumer protection is to prevent harm or injury to, and provide redress for the consumer where he or she suffers harm or injury in his or her relationship with the producer or supplier of goods and services.4 In the information or computer age, the ultimate goal is to build ‘a digital age consumers can trust.’5 For this writer, although it is yet to be accorded full 1 LL.M (Nig.), LL.B (Ilorin), B.L (Abuja); Doctoral Candidate (Maritime Law) University of Nigeria Nsukka. 2 See F N Monye, Law of Consumer Protection (Spectrum Books Ltd 2003) 19 . 3 See the revised UN Guidelines for Consumer Protection. 4 F O Ukwueze ‘Towards a New Consumer Rights Paradigm: Elevating Consumer Rights to Human Rights in South Africa’, South African Journal on Human Rights, (2016) 6. 5 F N Monye, ‘Protecting Consumers of Products and Services in the Digital Age’ News Commentary to mark the World Consumer Rights Day 2017: 15 March 2017 <http://www.consumerawarenessng.org/events/protecting- consumers-of-products-and-services-in-the-digital-age.html> accessed 15 April 2019.
recognition as a species of ‘consumer rights’ in Nigeria;6 the right to personal data protection is indeed a class of consumer rights that is not just cognizable; but also enforceable under the law of consumer protection in this digital age. In today’s world, Information and Communications Technology (ICT) now provides the cheapest and fastest means of conducting commercial transactions via the Internet.7 Buying and selling on the Internet otherwise called electronic commerce (e-commerce), is rapidly growing around the globe.8 Every day, commercial transactions ranging from banking transactions on banking Apps, to telecommunication transactions on mobile devices; and of course online retail transactions on websites such as lawpavilionplus.com; allfwlr.com; E-bay, Jumia.com, Konga.com, Amazon.com, and Alibaba.com; etc. take place. With particular regard to online retail transactions; these transactions mostly take place on the Internet and sometimes do involve the transfer of huge sums of money. They most times, also entail the exposure of customers’ personal details or data on the trading platform; without the customers even noticing that their personal details data have been exposed beyond the expected point of sale; thereby increasing their vulnerability to the vagaries of internet hackers or fraudsters; and identity or data thieves.9 In Nigeria today, there appears to be a hodgepodge of instruments regulating personal data protection on electronic commerce platforms. It has for instance been submitted by Udoma and Osagie that; apart from the provisions of s.37 of the 1999 Constitution that guarantees the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications; there is no other law that sets out in detail the protection of the privacy of individuals in Nigeria.10 Udoma and Osagie further argue that there is presently no specific or comprehensive data privacy or protection law in Nigeria; but that there are a few ‘industry- specific’ and targeted laws and regulations that provide some additional privacy-related protections. According to them, one of such industry-specific regulations is the Consumer Code of Practice Regulations 2007 (the ‘NCC Regulations’) issued by the Nigerian Communications Commission (NCC) – the country’s telecommunications regulator.11 6 See ss. 114 – 131 of the freshly enacted Federal Competition and Consumer Protection Act, 2019. 7 M Nuruddeen, Y Yusof, and A Abdulla; ‘Legal Framework for E-Commerce Transactions and Consumer Protection: A Comparative Study’ being an updated version of the article, titled ‘Electronic Commerce and Consumer Protection in Malaysia: Lessons for Nigeria’; presented at the 8th International Legal Conference (ILC) 2015, held on 25th to 26th August, 2015 at Golden Flower Hotel, Bandung, Indonesia. The Conference was organized by the School of Law, Universiti Utara Malaysia (UUM) <https://www.researchgate.net/publication/315730418_Legal_Framework_for_Ecommerce_Transactions_and_Consu mer_Protection_A_Comparative_Study> accessed 15 April 2019. 8 C Omar and T Anas, ‘E-Commerce in Malaysia: Development, Implementation and Challenges,’ irmbrjournal.com 3, no. 1 (2014): 291–298. 9 M Nuruddeen, ‘An Appraisal of the Legal Requirements of Electronic Commerce Transactions in Nigeria’ Bayero University Journal of Public Law (BUJPL) 3, no. 1 (2011): 164–183. In the Internet today, the term ‘Phishing’ is rife. It simply means the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Jones and Vijayasarathy for instance, have suggested that individuals have unfavorable perceptions of Internet shopping security as they are wary of giving credit card details over the Internet. (See J. M. Jones & L. R. Vijayasaratgy, ‘Internet Consumer Catalog Shopping: Findings from an Exploratory Study and Directions for Future Research’ Internet Research: Electronic Networking Applications and Policy 8(4) 322 – 330. See also M Bourlakis, S Papagiannidis, and H Fox, ‘E-Consumer Behaviour: Past, Present and Future Trajectories of an Evolving Retail Revolution’ International Journal of E-Business Research, 4(3), 64-76, July-September 2008). 10 See: U Udoma and B Osagie, ‘Data Privacy Protection in Nigeria’ <https://www.uubo.org/media/1337/data- privacy-protection-in-nigeria.pdf> accessed 23 April 2019. 11 Ibid. In this writer’s view, the submission that the NCC Consumer Code of Practice Regulation makes provision
On the other hand, some have argued that Nigeria indeed has a data protection regime. Aderibigbe for instance, submits that the Cybercrime Act 2015 prevents the interception of electronic communications and imposes data retention requirements on financial institutions; while the Consumer Code of Practice Regulations, 2007 issued by the Nigerian Communications Commission (the telecommunications industry regulator) requires telecommunication operators to take reasonable steps to protect customer information from accidental disclosure. It also restricts the transfer of customer information. Similarly, the Consumer Protection Framework issued by the Central Bank of Nigeria in 2016 contains provisions that restrain financial institutions from disclosing the personal information of their customers.12 She further submits that besides the Constitution13 , there are several other legislation that contain provisions that touch on the protection of privacy rights; such as the Child Rights Act, 2003 which reiterates the constitutional right to privacy as it relates to children.14 She further argues that the Freedom of Information Act15 , which in the whole is an Act to enable public access to public records and information; in essence, prevents a public institution from disclosing personal information to the public unless the individual involved consents to the disclosure.16 In the opinion of this writer, the acknowledged dearth or absence of a principal legal instrument comprehensively regulating personal data protection in Nigeria; is what has heightened the angst of e-commerce enthusiasts in Nigeria over the safety of their personal data and privacy on various e-commerce platforms. Background According to Monye for example, an unimaginable number of people carry out different transactions online in Nigeria.17 This notwithstanding, there are still no ‘definite and accessible channels of redress; thus giving suppliers the liberty to prescribe company-based terms and conditions as well as redress platforms which may be inaccessible to consumers’. What is more, the ease with which sensitive information is circulated to ‘unauthorized destinations’ has now become worrisome.18 In 2014, a research report published by Consumers International;19 on the state of consumer protection in Nigeria omitted entirely; reference to personal data protection rights of e-commerce users.20 In 2017 however, two other NGOs - World Wide Web Foundation21 and Paradigm for Personal Data Protection may not be very correct. Extensive research by this writer on the provisions of NCC Act and NCC Consumer Code of Practice Regulation revealed that there is no such provision Personal Data Protection under the Act as well as the Regulation. The implication of this omission in both the Act and the Regulation is that Personal Data Protection rights are as of yet, not recognized as consumer rights under the NCC Act. 12 See N Aderibigbe, ‘Nigeria Has a Data Protection Regime’ < http://www.jacksonettiandedu.com/nigeria-has-a- data-protection-regime/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original> accessed 20 April 2019. 13 Constitution of the Federal Republic of Nigeria,1999 (as amended) (hereinafter, the 1999 Constitution). 14 Ibid. 15 No. 4 of 2011. 16 Aderibigbe note 12 17 F N Monye, note 5 18 Ibid. 19 Consumers International though an NGO registered in England and Wales; is the umbrella body of consumer groups worldwide. 20 See Consumers International, ‘Research Report on the State of Consumer Protection In Nigeria: A Review of Consumer protection in the Telecommunications sector in Nigeria’; <https: www.consumerawareness-ng.org/>
Initiative22 jointly commissioned a review of the data collection practices in Nigeria, the policies and regulations in place to govern their collection, and the protection and use of this data. The findings of this latter study23 showed that there are five primary concerns around the collection and use of personal data - both online and offline - in Nigeria, namely that: i. the use of personal data may be incompatible with the purpose for which it was collected; ii. individuals have no rights in relation to the collection, use, and storage of their personal information; iii. Nigerians are not offered adequate opportunities to consent to or opt out of data collection; iv. there is limited-to-no transparency around the processing of personal data, and there is limited information available around how this personal data is used and stored, leading to greater risk of a personal data breach; and v. children are exposed to privacy risks online and often lack the legal capacity to give valid consent, and may unknowingly disclose personal information to online platforms due to the appealing nature of their visual content.24 Barely two years after that study; on January 25, 2019, the National Information Technology (IT) Development Agency (NITDA) issued a data protection regulation, namely - the Nigerian Data Protection Regulation, 2019 (NDPR). The objectives of this Regulation as stated therein include - safeguarding the rights of natural persons to data privacy; fostering safe conduct for transactions involving the exchange of personal data; preventing manipulation of personal data; and ensuring that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practices.25 Interestingly, just five days after the NDPR was published by NITDA, on January 30 2019; a new federal legislation on consumer protection was signed into law, namely – the Federal Competition and Consumer Protection Act, 2019 (FCCP Act). This Act also established a new Federal Competition and Consumer Protection Commission. Then, just two months thereafter, in March 2019, President Muhammadu Buhari withheld his assent and refused signing into law, a bill for the protection of Internet users in Nigeria from infringement of their fundamental freedoms (the Digital Rights and Freedom Bill);26 which had accessed 13 March 2019. The Research Team comprised of Prof. Felicia Monye; (National President of Consumer Awareness Organisation) as Principal Researcher; Dr. Boniface Umoh (Research Coordinator & Co-researcher) Ms. Chinyere Chukwunta (Research Assistant). 21 World Wide Web Foundation is an NGO that was established in 2009 by web inventor Sir Tim Berners-Lee to advance the open web as a public good and a basic right. They are also an independent, international organisation fighting for digital equality. See < https://webfoundation.org/about/> accessed 23 April 2019. 22 Paradigm Initiative is an NGO that builds an ICT-enabled support system and advocates digital rights in order to improve livelihoods for under-served youth. 23 See <https://bit.ly/nigeriadataprotection> 24 See Web Foundation Report ‘Personal Data Protection in Nigeria’ < https://webfoundation.org/research/personal- data-protection-in-nigeria/> accessed 24 April 2019. For this review, an online survey was created for individuals interested in and/or concerned about the topic, to answer a series of important questions, either multiple choice or short-answer. A total of 106 respondents participated in this online survey from 30 August to 13 September 2017. 25 The Regulations are discussed in more detail hereinafter in this article on pp.14, 29 - 33. 26 The bill seeks to protect Internet users in Nigeria from infringement of their fundamental freedoms. See for example: A Ojekunle, ‘President Buhari Has Rejected a Bill Seeking to Protect the Rights of Internet Users in Nigeria from Infringement’ 21 March 2019 <https://www.pulse.ng/bi/politics/buhari-rejects-digital-rights-bill-a-bill-seeking- to-protect-the-rights-of-internet/zztwxz1> accessed 19 April 2019.
been passed by both Houses of the National Assembly. Contrastingly, in the same month of March 2019, Consumers International and the Internet Society27 commissioned a survey of consumers’ perceptions and attitudes around the world to Internet of Things (IoT).28 Their findings were quite outstanding. They include that: i. Connected devices are everywhere - but concerns about privacy and security remain. ii. 63% of people surveyed find connected devices ‘creepy’ in the way they collect data about people and their behaviours iii. This sentiment is echoed throughout the survey, with half of people across markets distrusting their connected devices to protect their privacy and handle their information in a respectful manner (53%). iv. On top of not trusting the device itself to keep data secure, 75% of people agree there is reason for concern about their data being used by other organisations without their permission. v. The security concerns are serious enough to deter almost a third (28%) of people who do not own smart devices from buying one; security concerns are as strong a deterrent as the price of a device. vi. People have concerns about security and privacy but do not know how to adapt and adjust device settings in a way that might allay these fears. 80% of people surveyed are aware of how to set and reset passwords, but only 50% are aware of how to disable the collection of data about users and their behaviours. From this survey, Consumers International concluded that a high number of people actually think that privacy and security standards should be assured by regulators (88%), followed by manufacturers (81%) and championed by retailers (80%).29 With these recent developments, particularly the coming into force of the new FCCP Act and the establishment of the new Federal Competition and Consumer Protection Commission; the question now being asked is - how will this new Commission competently handle the protection of data subjects (i.e. e-consumers) in matters relating to data processing by data controllers and processors who are invariably subjects of the FCCP Act?30 Put differently – does the FCCP Act guarantee any personal data protection and security for e-consumers? The above query essentially, is the challenge that this article speaks to. To answer this question, this writer considered it vital to review the scope and application of the FCCP Act, its regulatory framework for e-commerce in Nigeria, along with the nature of rights afforded to ‘e-consumers’ or ‘data subjects’ thereunder. 27 The Internet Society is a global cause-driven organization governed by a diverse Board of Trustees. It was founded in 1992 by a number of people involved with the Internet Engineering Task Force (IETF). One of their principal rationales is to provide an organizational home for and financial support for the Internet standards process. Believing also that “the Internet is for everyone,” the Internet Society has worked since its founding to make that goal a reality. 28 The internet of things (IoT) is a computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices. The term is closely identified with RFID as the method of communication, although it also may include other sensor technologies, wireless technologies or QR codes. The IoT is significant because an object that can represent itself digitally becomes something greater than the object by itself. No longer does the object relate just to its user, but it is now connected to surrounding objects and database data. When many objects act in unison, they are known as having ‘ambient intelligence.’ 29 Ibid. 30 See T Ndunagu, ‘Nigeria’s Journey to Richland: Turning things up a notch with the Federal Competition and Consumer Protection Act’ <https://lawyers.com/nigerias-journey-to-richland-turning-things-up-a-notch-with-the- federal-competition-and-consumer-protection-act/> accessed 23 April 2019.
Overview of the Federal Competition and Consumer Protection Act 2019 The FCCP Act was just signed into law in January 2019. The key objectives of the Act are majorly to (a) promote and maintain competitive markets in the Nigerian economy; (b) promote economic efficiency; (c) protect and promote the interests and welfare of consumers by providing consumers with wider variety of quality products at competitive prices; (d) prohibit restrictive or unfair business practices which prevent, restrict or distort competition or constitute an abuse of a dominant position of market power in Nigeria; and (e) contribute to the sustainable development of the Nigerian economy.31 A. Applicability and Scope of the FCCP Act The FCCPA applies to ‘all commercial activities’ undertaken in the country for profit and satisfaction of public demand. This is regardless of whether these activities are undertaken by privately or publicly held corporate entities, corporate bodies in which either the Federal, State or Local Government has controlling stake, or agencies of the Federal Government,32 The FCCPA also overrides the provisions of other laws in all matters relating to competition and consumer protection, but subject to the provisions of the Nigerian Constitution.33 B. The Federal Competition and Consumer Protection Commission Prior to the enactment of the FCCPA, its precursor the Consumer Protection Council Act, 1992 was the applicable law, and under that Act, there was established, a Consumer Protection Commission. Under the current FCCPA, there is now a Federal Competition and Consumer Protection Commission. The new Commission’s functions include administering and enforcing the provisions of the FCCPA and any other competition and consumer protection law; eliminating anti-competitive agreements, misleading, unfair, deceptive, or unconscionable marketing, trading, and business practices; and giving and receiving advice from other regulatory authorities or agencies within the relevant industry or sector on consumer protection and competition matters. Other functions include authorizing, prohibiting, or approving mergers and encouraging trade, industry, and professional associations to develop and enforce in their various fields quality standards designed to safeguard the interest of consumers.34 C. Consumer Privacy and Personal Data Protection under the FCCP Act Under the FCCP Act, there is a long list of rights for the protection of recognized consumer rights. These rights include - right to information in plain and understandable language;35 right to disclosure of price of goods or services;36 right to product labeling and trade descriptions;37 right to disclosure of reconditioned or second-hand goods;38 right to sales records;39 right to select suppliers;40 right to cancel advance reservation, booking or order;41 right to choose or examine goods;42 right to return goods;43 right to general standards for the marketing of goods and 31 See FCCPA s.1 para. (e). 32 Ibid.s.2 33 Ibid.s.104 34 FCCPA s. 9 and s.17 sub paras (b),(c), (f), (i), (p), (u), and (w) 35 Ibid. s.114 36 Ibid. s.115 37 Ibid. s.116 38 Ibid. s.117 39 Ibid. s.118 40 Ibid. s.119 41 Ibid. s.120 42 Ibid. s.121
services;44 right to fair dealings;45 rights pertaining to the quality and safety of goods and services;46 and the right to safe, good quality goods.47 As can be gleaned from the above, of all the 13 recognized consumer rights in the FCCPA; none touches directly on consumer privacy or personal data protection for data subjects. The obvious implication of this omission is that consumer privacy or personal data protection rights are yet to be accorded full recognition as a species of consumer rights, under Nigeria’s primary consumer protection regime. One is thus left to wonder whether the drafters of this current consumer protection instrument did take into account, the principles under the extant United Nations Guidelines for Consumer Protection, 2015; which stipulates that the legitimate needs that the guidelines intend to meet include the provision of ‘a level of protection for consumers using electronic commerce that is not less than that afforded in other forms of commerce’; and ‘the protection of consumer privacy and the global free flow of information’. Remarkably too, under the FCCPA; (which ordinarily should be an upgrade of the previous Consumer Protection Council Act48 ); there is another awful omission. That is with regard to the regulation of e-commerce. The Act contains no provisions for the regulation of e-commerce. Indeed, this omission also calls into the question the all-inclusiveness of the Act and by extension, the Federal Competition and Consumer Protection Commission’s jurisdiction over e-commerce. The fact that the Commission is vested with concurrent jurisdiction with other agencies or relevant authorities49 in the data-protection space; is however, not lost upon this writer. In the IT sector for instance, the Commission now has concurrent jurisdiction with NITDA. Similarly, in the communications sector for instance, the Commission now has contemporaneous jurisdiction with NCC. Likewise, in the financial sector, the Commission is now vested with parallel jurisdiction with the Central Bank of Nigeria (CBN); (regardless of CBN’s already existing Consumer Protection Framework). The Act however provides that to enable it carry out its tasks efficiently and effectively, the Commission is required to collaborate with other regulatory authorities; trade, industry, and professional organizations locally and internationally.50 These collaborations will necessarily involve Ministries, Departments and Agencies (MDAs), especially regulatory bodies such as National Information Technology Development Agency (NITDA), Nigerian Communications Commission (NCC), Standards Organisation of Nigeria (SON), and National Agency for Food Drugs Administration and Control (NAFDAC), and others in competition and consumer protection regulation and related matters.51 To avoid possible regulatory frictions with other regulatory authorities, it is provided in s.104 of the Act that the Act is superior to all other laws in Nigeria; apart from the Constitution. Thus, the Commission’s powers take precedence over and above the powers of other relevant government agencies. This provision for coordinate jurisdiction with other agencies in the Act, as some have rightly submitted, ‘literally kicks things up a notch.’52 43 Ibid. s.122 44 Ibid. s.123 45 Ibid. s.124 46 Ibid. s.130 47 Ibid. s.131 48 Cap. C25, Laws of the Federation of Nigeria, 2004. 49 FCCPA, s. 105 sub ss.2 50 FCCPA, s. 105 51 Ibid. 52 See T. Ndunagu, note 30
Ndunagu for instance submits that, while it is a noble idea to have a unified competition and consumer-protection laws regulating all sectors, having such a law govern the affairs of all sectors - including sectors already being regulated - is not quite practicable. His reasoning is that there is still the possibility of regulatory friction in terms of the regulatory role that NITDA for instance, is required to play regarding data protection and privacy of data subjects under the Nigerian Data Protection Regulation 2019.53 He further submits that making the Act take precedence over sector-specific regulations may result in inefficiency in regulation and consequently defeat the objective of the FCCPA. According to him, the superiority of the Act over other relevant laws and regulations on competition and consumer protection particularly consumer protection - in Nigeria; may still result in undesired consequences. The same goes for the attempt under the Act to provide a way out through negotiation between the Commission and relevant agency or agencies; under s.104 (4); (where negotiation is stipulated as the primary mode of resolving any impasse that may arise between the Commission and the relevant regulatory agency).54 He opines that this provision still puts the Commission in a favoured position; as the Commission will always prevail in such negotiations. He therefore suggests that there is a need for some level of deference on the Commission’s part and recognition of the capabilities, experience, expertise, and technical knowledge of the relevant regulatory agency; otherwise, the level of harmonization the Act requires and contemplates will be difficult to attain. Consequently, in his view, the Commission working together with the relevant regulatory authorities; with the common aim of promoting competition and protecting consumers; is the sure means by which the Commission can achieve its set aims and objectives seamlessly.55 This writer agrees entirely with Ndunagu’s submissions. In furtherance thereto; it is perhaps pertinent to also point out here that in other African countries like Ghana and South Africa; as well as in some ASEAN countries like Malaysia and Singapore, separate data protection legislation have been put in place to address the privacy concerns of data subjects. These legislation - for instance, the Ghana Data Protection Act;56 the South African Protection of Personal Information Act;57 the Malaysian Consumer Protection Act58 and Singapore’s Personal Data Protection Act59 ; each recognizes and protects consumer privacy rights and/or the right to personal data protection of data subjects or e-consumers.60 There is therefore no reason why this kind of recognition and protection should not be conferred on personal data privacy in Nigeria. 53 Ibid 54 S. 104(4) of the Act provides that the Commission shall negotiate with all government agencies whose mandate includes enforcement of competition and consumer protection for the purpose of coordinating and harmonising the exercise of jurisdiction over competition and consumer 5 protection matters within the relevant industry or sector, and to ensure the consistent application of the provisions of the Act. 55 Ibid. 56 Data Protection Act 2012 57 Protection of Personal Information Act No 4 of 2013 58 Malaysian Consumer Protection Act 1999 59 Personal Data Protection Act 2012. Nigeria may well adopt the Singaporean model of enacting separate ‘Personal Data Protection’ legislation. That is, in addition to the anticipated Electronic Communications and Transactions Act; whenever that instrument does come into force. 60 In Malaysia in particular, the CPA 1999 specifically provides for the protection of e-consumers against misleading and deceptive conduct, false representations and unfair practices. Under the Act, unfair trade practices in online shopping are defined to include deceptive advertising technique such as ‘bait and switch’. Furthermore, in the CPA (Amendment) Act 2010, a new Part 111A, which deals with unfair contract terms has been inserted into the Act. Under this provision, e-consumers may now challenge the validity of standard terms of online contracts for being either procedurally or substantively unfair. Most importantly e-consumers who are dissatisfied with online dealings can file their claims in the Tribunal for Consumer Claims which was set up to provide speedy, inexpensive and informal redress of consumers’ grievances.
Thus, it is submitted that in Nigeria’s case, in addition to the FCCP Commission; there should also be established, a separate Personal Data Protection Commission, as is obtainable in countries like Singapore. The Prognosis There is no doubt that proper regulation of the e-commerce subsector is crucial to the future of national and economic development of any country, nay Nigeria. What it therefore means is that the FCCPA as is, already comes across as inchoate; having failed to address genuine privacy concerns of e-consumers – an ever-growing population in Nigeria’s consumer demography. No regulation for e-commerce will be complete without adequate consumer privacy or personal data protection mechanisms. Such mechanisms are what will ensure that key players are properly guided as to the required ethics; e-consumers are assured of their personal data safety; and government generates the needed revenue to invest in the economy.61 Given the evident shortfalls in the FCCPA in consumer privacy protection, the following policy recommendations are hereby suggested, viz: 1) The National Assembly must include the following elements in any data protection framework or bill under its consideration:  That the use of personal data must be in accordance with the purpose for which it was collected (purpose specification);  That the consent of the individual must be obtained prior to collecting his/her personal data;  That the rights of the individual to seek legal remedies for misuse and/or unauthorised access to his/her personal data must be guaranteed. This can be achieved via the following legislative mechanisms:  Elevation of the Status of Personal Data Protection and Consumer Privacy rights: Personal data protection and consumer privacy rights must as of necessity; now be elevated to the status of consumer rights cognizable under the Federal Competition and Consumer Act 2019.  A Revision of Federal Competition and Consumer Protection Act: A revision in this sense; it is recommended, should entail an adaptation of US state of California’s most recent Consumer Privacy Act (CCPA).62 The CCPA is to take effect in January 2020 and contains some the following innovative provisions viz – i. The Act provides for consumers’ right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.63 ii. The Act requires a business to make disclosures about the information and the purposes for which it is used.64 iii. The Act grants a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified.65 61 See for instance, A. A. Oluwatobi, ‘Legal Issues in Regulating the E-Commerce Sub-sector in Nigeria’ < https://www.lawyard.ng/legal-issues-in-regulating-the-e-commerce-sub-sector-in-nigeria-by-ayokunle-akinpelu/> 4 April 2016 accessed 20 April 2109. 62 California Consumer Privacy Act, 2018. The Act is to take effect from January 2020. 63 See California Consumer Privacy Act 2018 Legislative Counsel’s Digest; available at https://www.pbwt.com/content/uploads/2018/06/California-Consumer-Privacy-Act1.pdf; accessed on 14 May 2019 64 Ibid. 65 Ibid.
iv. The Act grants a consumer a right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed.66 v. The Act requires a business to provide this information in response to a verifiable consumer request.67 vi. The Act authorizes a consumer to opt out of the sale of personal information by a business and would prohibit the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.68 vii. The Act authorizes businesses to offer financial incentives for collection of personal information.69 viii. The Act prohibits a business from selling the personal information of a consumer under 16 years of age, unless affirmatively authorized, as specified, to be referred to as the right to opt in.70 ix. The Act prescribes requirements for receiving, processing, and satisfying these requests from consumers.71 x. The Act prescribes various definitions for its purposes and would define “personal information” with reference to a broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information.72 xi. The Act prohibits the provisions described above from restricting the ability of the business to comply with federal, state, or local laws, among other things.73 xii. The Act provides for its enforcement by the Attorney General, as specified, and would provide a private right of action in connection with specified security breaches; certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s non-encrypted or non-redacted personal information, as defined.74  Enactment of Separate Data Protection Act: Such an enactment can also be an adaptation of Singapore’s Personal Data Protection Act,75 which contains data protection principles consistent with those contained in the African Union Convention on Cyber Security and personal data protection; and/or an adaptation of the EU’s General Data Protection Regulation (GDPR). Conclusion Globalization and the Internet no doubt have turned the world into a global hamlet, and ushered in the era of e-commerce. In Nigeria as of today, there are still security concerns relating to Internet transactions and personal data safety; amongst consumers of e-commerce products and services. This apprehension is heightened by the seemingly fragmented and inadequate existing legal framework for personal data protection in the country; stemming largely from the delayed 66 Ibid. 67 Ibid. 68 Ibid. 69 Ibid. 70 Ibid. 71 Ibid. 72 Ibid. 73 Ibid. 74 Ibid. 75 Personal Data Protection Act 2012.
passage into law of the long-awaited Electronic Communications and Transactions Bill. As we have shown in this article, under the new primary Consumer Protection legislation, consumer privacy or personal data protection rights are virtually unrecognized as a species of consumer rights. The non-recognition of consumer privacy rights in the new FCCP Act’s bill of rights patently cuts across the grain of the spirit and letters of the Nigeria’s National Data Protection Regulations 2019; which instrument on its part contains copious provisions on data subject rights; and which rights are also ranked ‘in conformity with constitutionally guaranteed principles of law for the general protection and enforcement of fundamental rights’. Consequently, it is submitted that in order to boost trust in the existing regulatory framework, personal data protection rights (as a species of consumer rights) must be given due recognition in any subsequent consumer protection regime. It is also imperative to enact separate personal data protection legislation in addition to the FCCPA.

Recommended

Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson Slides
 
Online marketing legal issues
Online marketing legal issuesOnline marketing legal issues
Online marketing legal issuesRamakrishna Kongalla
 
Iare e marketing_pp_ts_e2
Iare e marketing_pp_ts_e2Iare e marketing_pp_ts_e2
Iare e marketing_pp_ts_e2AditiVeda1
 
Effects of mediation of trust on effect of quality service e-commerce, servi...
Effects of mediation of trust on effect of quality service e-commerce, servi... Effects of mediation of trust on effect of quality service e-commerce, servi...
Effects of mediation of trust on effect of quality service e-commerce, servi...inventionjournals
 
Legal Issues in Online Environment
Legal Issues in Online EnvironmentLegal Issues in Online Environment
Legal Issues in Online EnvironmentMSC Malaysia Cybercentre @ Bangsar South City
 
Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internetguesta5c32a
 
3213ijist01
3213ijist013213ijist01
3213ijist01jh1234jh
 
E – COMMERCE AND CONSUMER RIGHTS
E – COMMERCE AND CONSUMER RIGHTSE – COMMERCE AND CONSUMER RIGHTS
E – COMMERCE AND CONSUMER RIGHTSKenneth Muhangi Esq.
 

Recommended

Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson Slides
 
Online marketing legal issues
Online marketing legal issuesOnline marketing legal issues
Online marketing legal issuesRamakrishna Kongalla
 
Iare e marketing_pp_ts_e2
Iare e marketing_pp_ts_e2Iare e marketing_pp_ts_e2
Iare e marketing_pp_ts_e2AditiVeda1
 
Effects of mediation of trust on effect of quality service e-commerce, servi...
Effects of mediation of trust on effect of quality service e-commerce, servi... Effects of mediation of trust on effect of quality service e-commerce, servi...
Effects of mediation of trust on effect of quality service e-commerce, servi...inventionjournals
 
Legal Issues in Online Environment
Legal Issues in Online EnvironmentLegal Issues in Online Environment
Legal Issues in Online EnvironmentMSC Malaysia Cybercentre @ Bangsar South City
 
Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internetguesta5c32a
 
3213ijist01
3213ijist013213ijist01
3213ijist01jh1234jh
 
E – COMMERCE AND CONSUMER RIGHTS
E – COMMERCE AND CONSUMER RIGHTSE – COMMERCE AND CONSUMER RIGHTS
E – COMMERCE AND CONSUMER RIGHTSKenneth Muhangi Esq.
 
Legal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commerceLegal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commercePrince Sharma
 
Important Issues in Global E-commerce
Important Issues in Global E-commerce Important Issues in Global E-commerce
Important Issues in Global E-commerce Dr. Prashant Vats
 
Prospect of E-Retailing In India
Prospect of E-Retailing In IndiaProspect of E-Retailing In India
Prospect of E-Retailing In IndiaIOSR Journals
 
Blockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer AcceptanceBlockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer AcceptanceThe International Journal of Business Management and Technology
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanDebra Farber, JD, CISSP, CIPP/US, CIPT, CIPM
 
Hi tech banking
Hi tech bankingHi tech banking
Hi tech bankingsaid masoud
 
E Commerce Platform Data Ownership and Legal Protection
E Commerce Platform Data Ownership and Legal ProtectionE Commerce Platform Data Ownership and Legal Protection
E Commerce Platform Data Ownership and Legal Protectionijtsrd
 
5362098
53620985362098
5362098AditiVeda1
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content RegulationEndcode_org
 
Adoption of Internet banking
Adoption of Internet bankingAdoption of Internet banking
Adoption of Internet bankingIOSR Journals
 
Ijciet 10 01_194-2
Ijciet 10 01_194-2Ijciet 10 01_194-2
Ijciet 10 01_194-2IAEME Publication
 
E commerce - ppt
E commerce - ppt E commerce - ppt
E commerce - ppt Saiqa Hashmi
 
E commerce in india
E commerce in indiaE commerce in india
E commerce in indiaraman109
 
internet-banking
internet-bankinginternet-banking
internet-bankingAshish Chaurasia
 
E-commerce regulation pria chetty
E-commerce regulation pria chettyE-commerce regulation pria chetty
E-commerce regulation pria chettyEndcode_org
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentEric BILLIAERT
 
Revolution of E Commerce in Rural Market
Revolution of E Commerce in Rural MarketRevolution of E Commerce in Rural Market
Revolution of E Commerce in Rural Marketijtsrd
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
E commerce law and ethics
E commerce law and ethicsE commerce law and ethics
E commerce law and ethicsXophia Montawal
 
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...YogeshIJTSRD
 
Philosophy of Personal Data Protection in Electronic Wallets
Philosophy of Personal Data Protection in Electronic WalletsPhilosophy of Personal Data Protection in Electronic Wallets
Philosophy of Personal Data Protection in Electronic WalletsAJHSSR Journal
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdflinda gichohi
 

More Related Content

What's hot

Legal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commerceLegal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commercePrince Sharma
 
Important Issues in Global E-commerce
Important Issues in Global E-commerce Important Issues in Global E-commerce
Important Issues in Global E-commerce Dr. Prashant Vats
 
Prospect of E-Retailing In India
Prospect of E-Retailing In IndiaProspect of E-Retailing In India
Prospect of E-Retailing In IndiaIOSR Journals
 
E Commerce Platform Data Ownership and Legal Protection
E Commerce Platform Data Ownership and Legal ProtectionE Commerce Platform Data Ownership and Legal Protection
E Commerce Platform Data Ownership and Legal Protectionijtsrd
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content RegulationEndcode_org
 
Adoption of Internet banking
Adoption of Internet bankingAdoption of Internet banking
Adoption of Internet bankingIOSR Journals
 
E commerce in india
E commerce in indiaE commerce in india
E commerce in indiaraman109
 
E-commerce regulation pria chetty
E-commerce regulation pria chettyE-commerce regulation pria chetty
E-commerce regulation pria chettyEndcode_org
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentEric BILLIAERT
 
Revolution of E Commerce in Rural Market
Revolution of E Commerce in Rural MarketRevolution of E Commerce in Rural Market
Revolution of E Commerce in Rural Marketijtsrd
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
E commerce law and ethics
E commerce law and ethicsE commerce law and ethics
E commerce law and ethicsXophia Montawal
 

What's hot (19)

Legal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commerceLegal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commerce
 
Important Issues in Global E-commerce
Important Issues in Global E-commerce Important Issues in Global E-commerce
Important Issues in Global E-commerce
 
Prospect of E-Retailing In India
Prospect of E-Retailing In IndiaProspect of E-Retailing In India
Prospect of E-Retailing In India
 
Blockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer AcceptanceBlockchain Factors for Consumer Acceptance
Blockchain Factors for Consumer Acceptance
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action Plan
 
Hi tech banking
Hi tech bankingHi tech banking
Hi tech banking
 
E Commerce Platform Data Ownership and Legal Protection
E Commerce Platform Data Ownership and Legal ProtectionE Commerce Platform Data Ownership and Legal Protection
E Commerce Platform Data Ownership and Legal Protection
 
5362098
53620985362098
5362098
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content Regulation
 
Adoption of Internet banking
Adoption of Internet bankingAdoption of Internet banking
Adoption of Internet banking
 
Ijciet 10 01_194-2
Ijciet 10 01_194-2Ijciet 10 01_194-2
Ijciet 10 01_194-2
 
E commerce - ppt
E commerce - ppt E commerce - ppt
E commerce - ppt
 
E commerce in india
E commerce in indiaE commerce in india
E commerce in india
 
internet-banking
internet-bankinginternet-banking
internet-banking
 
E-commerce regulation pria chetty
E-commerce regulation pria chettyE-commerce regulation pria chetty
E-commerce regulation pria chetty
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernment
 
Revolution of E Commerce in Rural Market
Revolution of E Commerce in Rural MarketRevolution of E Commerce in Rural Market
Revolution of E Commerce in Rural Market
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
 
E commerce law and ethics
E commerce law and ethicsE commerce law and ethics
E commerce law and ethics
 

Similar to Appraising Nigeria’s new Federal Competition and Consumer Protection Act through a Data Subject’s Prism

Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...YogeshIJTSRD
 
Philosophy of Personal Data Protection in Electronic Wallets
Philosophy of Personal Data Protection in Electronic WalletsPhilosophy of Personal Data Protection in Electronic Wallets
Philosophy of Personal Data Protection in Electronic WalletsAJHSSR Journal
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdflinda gichohi
 
Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information EconomyEricsson
 
THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR
THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR
THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR RahulRanjan352
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...
Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...
Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...AJHSSR Journal
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxUsmanMAmeer
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...
LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...
LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...AJHSSR Journal
 
LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...throwaw4y
 
The FDA’s role in the approval and subsequent review of Vioxx, a.docx
The FDA’s role in the approval and subsequent review of Vioxx, a.docxThe FDA’s role in the approval and subsequent review of Vioxx, a.docx
The FDA’s role in the approval and subsequent review of Vioxx, a.docxmehek4
 
Consumer rights and responsibilities
Consumer rights and responsibilitiesConsumer rights and responsibilities
Consumer rights and responsibilitiesmaynardteacher
 
The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...
The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...
The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...AnweshaPanda15
 
Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...
Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...
Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...YogeshIJTSRD
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Ted Myerson
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil LibertiesUpekha Vandebona
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in IndiaLATHA H C
 

Similar to Appraising Nigeria’s new Federal Competition and Consumer Protection Act through a Data Subject’s Prism (20)

Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
Research on Electronic Commerce Platform Consumer Data Rights and Legal Prote...
 
Philosophy of Personal Data Protection in Electronic Wallets
Philosophy of Personal Data Protection in Electronic WalletsPhilosophy of Personal Data Protection in Electronic Wallets
Philosophy of Personal Data Protection in Electronic Wallets
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
 
Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy
 
THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR
THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR
THE LEGAL EFFECTS OF CONSUMER PROTECTION LAW IN ZANZIBAR
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...
Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...
Consumer Protection for Sale of Goods under the Malaysian Sale of Goods Act 1...
 
Final projet
Final projetFinal projet
Final projet
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...
LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...
LEGAL PROTECTION FOR CONSUMERS OF ELECTRONIC TRANSACTIONS (E-COMMERCE) BY PRE...
 
LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_11_dealing_with_consum...
 
The FDA’s role in the approval and subsequent review of Vioxx, a.docx
The FDA’s role in the approval and subsequent review of Vioxx, a.docxThe FDA’s role in the approval and subsequent review of Vioxx, a.docx
The FDA’s role in the approval and subsequent review of Vioxx, a.docx
 
Consumer rights and responsibilities
Consumer rights and responsibilitiesConsumer rights and responsibilities
Consumer rights and responsibilities
 
The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...
The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...
The Impact of the Consumer Protection Act 2019 on the E-Commerce Sector in In...
 
Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...
Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...
Research on Legal Protection of Personal Data Privacy of E Commerce Platform ...
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
 

Recently uploaded

Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Abdul-Hakim Shabazz
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargainingbartzlawgroup1
 
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证trryfxkn
 
Types of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM ITypes of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM Iyogita9398
 
Common Legal Risks in Hiring and Firing Practices.pdf
Common Legal Risks in Hiring and Firing Practices.pdfCommon Legal Risks in Hiring and Firing Practices.pdf
Common Legal Risks in Hiring and Firing Practices.pdfbartzlawgroup1
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee
 
Mischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutesMischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutesshobhna jeet
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceBridgeWest.eu
 
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理e9733fc35af6
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Nilendra Kumar
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...ZurliaSoop
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理ss
 
一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理
一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理
一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理e9733fc35af6
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理Airst S
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYJulian Scutts
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理Airst S
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理F La
 

Recently uploaded (20)

Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
 
Types of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM ITypes of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM I
 
Common Legal Risks in Hiring and Firing Practices.pdf
Common Legal Risks in Hiring and Firing Practices.pdfCommon Legal Risks in Hiring and Firing Practices.pdf
Common Legal Risks in Hiring and Firing Practices.pdf
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
 
Mischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutesMischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutes
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in Greece
 
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
 
一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理
一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理
一比一原版(UCB毕业证书)英国伯明翰大学学院毕业证如何办理
 
Chambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&AChambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&A
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 

Appraising Nigeria’s new Federal Competition and Consumer Protection Act through a Data Subject’s Prism

  • 1. Appraising Nigeria’s new Federal Competition and Consumer Protection Act through a Data Subject’s Prism By Dike Justin Ibegbulem1 Introduction ‘Consumer protection’ refers to the ‘act of safeguarding the interests of the consumer in matters relating to the supply of goods and services’.2 Accordingly, the concept of consumer protection is generally used to classify measures that seek to ensure that consumers are fairly treated and that their rights are protected in commercial transactions that involve the supply of goods or services. The eight universally accepted basic rights of a consumer are: (i) The right to safety: this requires that consumers are to be safeguarded against goods or services that are defective or risk prone; (ii) The right to information: this implies that consumers are to be informed adequately with respect to the accurate price, as well as the quality, or quantity of goods or services; (iii) The right to choose: this implies that consumers are to be provided with a wide variety of goods or services to choose from; (iv) The right to be heard: this entitles consumers to make complaints and receive a response from the suppliers of goods or services; (v) The right to seek redress: this implies that consumers are entitled to seek redress for their complaints in complaint resolution forums; (vi) The right to consumer education: this requires that consumers are to be educated about their rights, as well as the products or services they wish to purchase; and, (vii) The right to a healthy environment: this implies that people have the right to live and work in an environment which is neither threatening nor dangerous and which permits a life of dignity and well-being; and (viii) The right to representation: this is the right to express consumer interests in the making and execution of government policies.3 The goal of the law in consumer protection is to prevent harm or injury to, and provide redress for the consumer where he or she suffers harm or injury in his or her relationship with the producer or supplier of goods and services.4 In the information or computer age, the ultimate goal is to build ‘a digital age consumers can trust.’5 For this writer, although it is yet to be accorded full 1 LL.M (Nig.), LL.B (Ilorin), B.L (Abuja); Doctoral Candidate (Maritime Law) University of Nigeria Nsukka. 2 See F N Monye, Law of Consumer Protection (Spectrum Books Ltd 2003) 19 . 3 See the revised UN Guidelines for Consumer Protection. 4 F O Ukwueze ‘Towards a New Consumer Rights Paradigm: Elevating Consumer Rights to Human Rights in South Africa’, South African Journal on Human Rights, (2016) 6. 5 F N Monye, ‘Protecting Consumers of Products and Services in the Digital Age’ News Commentary to mark the World Consumer Rights Day 2017: 15 March 2017 <http://www.consumerawarenessng.org/events/protecting- consumers-of-products-and-services-in-the-digital-age.html> accessed 15 April 2019.
  • 2. recognition as a species of ‘consumer rights’ in Nigeria;6 the right to personal data protection is indeed a class of consumer rights that is not just cognizable; but also enforceable under the law of consumer protection in this digital age. In today’s world, Information and Communications Technology (ICT) now provides the cheapest and fastest means of conducting commercial transactions via the Internet.7 Buying and selling on the Internet otherwise called electronic commerce (e-commerce), is rapidly growing around the globe.8 Every day, commercial transactions ranging from banking transactions on banking Apps, to telecommunication transactions on mobile devices; and of course online retail transactions on websites such as lawpavilionplus.com; allfwlr.com; E-bay, Jumia.com, Konga.com, Amazon.com, and Alibaba.com; etc. take place. With particular regard to online retail transactions; these transactions mostly take place on the Internet and sometimes do involve the transfer of huge sums of money. They most times, also entail the exposure of customers’ personal details or data on the trading platform; without the customers even noticing that their personal details data have been exposed beyond the expected point of sale; thereby increasing their vulnerability to the vagaries of internet hackers or fraudsters; and identity or data thieves.9 In Nigeria today, there appears to be a hodgepodge of instruments regulating personal data protection on electronic commerce platforms. It has for instance been submitted by Udoma and Osagie that; apart from the provisions of s.37 of the 1999 Constitution that guarantees the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications; there is no other law that sets out in detail the protection of the privacy of individuals in Nigeria.10 Udoma and Osagie further argue that there is presently no specific or comprehensive data privacy or protection law in Nigeria; but that there are a few ‘industry- specific’ and targeted laws and regulations that provide some additional privacy-related protections. According to them, one of such industry-specific regulations is the Consumer Code of Practice Regulations 2007 (the ‘NCC Regulations’) issued by the Nigerian Communications Commission (NCC) – the country’s telecommunications regulator.11 6 See ss. 114 – 131 of the freshly enacted Federal Competition and Consumer Protection Act, 2019. 7 M Nuruddeen, Y Yusof, and A Abdulla; ‘Legal Framework for E-Commerce Transactions and Consumer Protection: A Comparative Study’ being an updated version of the article, titled ‘Electronic Commerce and Consumer Protection in Malaysia: Lessons for Nigeria’; presented at the 8th International Legal Conference (ILC) 2015, held on 25th to 26th August, 2015 at Golden Flower Hotel, Bandung, Indonesia. The Conference was organized by the School of Law, Universiti Utara Malaysia (UUM) <https://www.researchgate.net/publication/315730418_Legal_Framework_for_Ecommerce_Transactions_and_Consu mer_Protection_A_Comparative_Study> accessed 15 April 2019. 8 C Omar and T Anas, ‘E-Commerce in Malaysia: Development, Implementation and Challenges,’ irmbrjournal.com 3, no. 1 (2014): 291–298. 9 M Nuruddeen, ‘An Appraisal of the Legal Requirements of Electronic Commerce Transactions in Nigeria’ Bayero University Journal of Public Law (BUJPL) 3, no. 1 (2011): 164–183. In the Internet today, the term ‘Phishing’ is rife. It simply means the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Jones and Vijayasarathy for instance, have suggested that individuals have unfavorable perceptions of Internet shopping security as they are wary of giving credit card details over the Internet. (See J. M. Jones & L. R. Vijayasaratgy, ‘Internet Consumer Catalog Shopping: Findings from an Exploratory Study and Directions for Future Research’ Internet Research: Electronic Networking Applications and Policy 8(4) 322 – 330. See also M Bourlakis, S Papagiannidis, and H Fox, ‘E-Consumer Behaviour: Past, Present and Future Trajectories of an Evolving Retail Revolution’ International Journal of E-Business Research, 4(3), 64-76, July-September 2008). 10 See: U Udoma and B Osagie, ‘Data Privacy Protection in Nigeria’ <https://www.uubo.org/media/1337/data- privacy-protection-in-nigeria.pdf> accessed 23 April 2019. 11 Ibid. In this writer’s view, the submission that the NCC Consumer Code of Practice Regulation makes provision
  • 3. On the other hand, some have argued that Nigeria indeed has a data protection regime. Aderibigbe for instance, submits that the Cybercrime Act 2015 prevents the interception of electronic communications and imposes data retention requirements on financial institutions; while the Consumer Code of Practice Regulations, 2007 issued by the Nigerian Communications Commission (the telecommunications industry regulator) requires telecommunication operators to take reasonable steps to protect customer information from accidental disclosure. It also restricts the transfer of customer information. Similarly, the Consumer Protection Framework issued by the Central Bank of Nigeria in 2016 contains provisions that restrain financial institutions from disclosing the personal information of their customers.12 She further submits that besides the Constitution13 , there are several other legislation that contain provisions that touch on the protection of privacy rights; such as the Child Rights Act, 2003 which reiterates the constitutional right to privacy as it relates to children.14 She further argues that the Freedom of Information Act15 , which in the whole is an Act to enable public access to public records and information; in essence, prevents a public institution from disclosing personal information to the public unless the individual involved consents to the disclosure.16 In the opinion of this writer, the acknowledged dearth or absence of a principal legal instrument comprehensively regulating personal data protection in Nigeria; is what has heightened the angst of e-commerce enthusiasts in Nigeria over the safety of their personal data and privacy on various e-commerce platforms. Background According to Monye for example, an unimaginable number of people carry out different transactions online in Nigeria.17 This notwithstanding, there are still no ‘definite and accessible channels of redress; thus giving suppliers the liberty to prescribe company-based terms and conditions as well as redress platforms which may be inaccessible to consumers’. What is more, the ease with which sensitive information is circulated to ‘unauthorized destinations’ has now become worrisome.18 In 2014, a research report published by Consumers International;19 on the state of consumer protection in Nigeria omitted entirely; reference to personal data protection rights of e-commerce users.20 In 2017 however, two other NGOs - World Wide Web Foundation21 and Paradigm for Personal Data Protection may not be very correct. Extensive research by this writer on the provisions of NCC Act and NCC Consumer Code of Practice Regulation revealed that there is no such provision Personal Data Protection under the Act as well as the Regulation. The implication of this omission in both the Act and the Regulation is that Personal Data Protection rights are as of yet, not recognized as consumer rights under the NCC Act. 12 See N Aderibigbe, ‘Nigeria Has a Data Protection Regime’ < http://www.jacksonettiandedu.com/nigeria-has-a- data-protection-regime/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original> accessed 20 April 2019. 13 Constitution of the Federal Republic of Nigeria,1999 (as amended) (hereinafter, the 1999 Constitution). 14 Ibid. 15 No. 4 of 2011. 16 Aderibigbe note 12 17 F N Monye, note 5 18 Ibid. 19 Consumers International though an NGO registered in England and Wales; is the umbrella body of consumer groups worldwide. 20 See Consumers International, ‘Research Report on the State of Consumer Protection In Nigeria: A Review of Consumer protection in the Telecommunications sector in Nigeria’; <https: www.consumerawareness-ng.org/>
  • 4. Initiative22 jointly commissioned a review of the data collection practices in Nigeria, the policies and regulations in place to govern their collection, and the protection and use of this data. The findings of this latter study23 showed that there are five primary concerns around the collection and use of personal data - both online and offline - in Nigeria, namely that: i. the use of personal data may be incompatible with the purpose for which it was collected; ii. individuals have no rights in relation to the collection, use, and storage of their personal information; iii. Nigerians are not offered adequate opportunities to consent to or opt out of data collection; iv. there is limited-to-no transparency around the processing of personal data, and there is limited information available around how this personal data is used and stored, leading to greater risk of a personal data breach; and v. children are exposed to privacy risks online and often lack the legal capacity to give valid consent, and may unknowingly disclose personal information to online platforms due to the appealing nature of their visual content.24 Barely two years after that study; on January 25, 2019, the National Information Technology (IT) Development Agency (NITDA) issued a data protection regulation, namely - the Nigerian Data Protection Regulation, 2019 (NDPR). The objectives of this Regulation as stated therein include - safeguarding the rights of natural persons to data privacy; fostering safe conduct for transactions involving the exchange of personal data; preventing manipulation of personal data; and ensuring that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practices.25 Interestingly, just five days after the NDPR was published by NITDA, on January 30 2019; a new federal legislation on consumer protection was signed into law, namely – the Federal Competition and Consumer Protection Act, 2019 (FCCP Act). This Act also established a new Federal Competition and Consumer Protection Commission. Then, just two months thereafter, in March 2019, President Muhammadu Buhari withheld his assent and refused signing into law, a bill for the protection of Internet users in Nigeria from infringement of their fundamental freedoms (the Digital Rights and Freedom Bill);26 which had accessed 13 March 2019. The Research Team comprised of Prof. Felicia Monye; (National President of Consumer Awareness Organisation) as Principal Researcher; Dr. Boniface Umoh (Research Coordinator & Co-researcher) Ms. Chinyere Chukwunta (Research Assistant). 21 World Wide Web Foundation is an NGO that was established in 2009 by web inventor Sir Tim Berners-Lee to advance the open web as a public good and a basic right. They are also an independent, international organisation fighting for digital equality. See < https://webfoundation.org/about/> accessed 23 April 2019. 22 Paradigm Initiative is an NGO that builds an ICT-enabled support system and advocates digital rights in order to improve livelihoods for under-served youth. 23 See <https://bit.ly/nigeriadataprotection> 24 See Web Foundation Report ‘Personal Data Protection in Nigeria’ < https://webfoundation.org/research/personal- data-protection-in-nigeria/> accessed 24 April 2019. For this review, an online survey was created for individuals interested in and/or concerned about the topic, to answer a series of important questions, either multiple choice or short-answer. A total of 106 respondents participated in this online survey from 30 August to 13 September 2017. 25 The Regulations are discussed in more detail hereinafter in this article on pp.14, 29 - 33. 26 The bill seeks to protect Internet users in Nigeria from infringement of their fundamental freedoms. See for example: A Ojekunle, ‘President Buhari Has Rejected a Bill Seeking to Protect the Rights of Internet Users in Nigeria from Infringement’ 21 March 2019 <https://www.pulse.ng/bi/politics/buhari-rejects-digital-rights-bill-a-bill-seeking- to-protect-the-rights-of-internet/zztwxz1> accessed 19 April 2019.
  • 5. been passed by both Houses of the National Assembly. Contrastingly, in the same month of March 2019, Consumers International and the Internet Society27 commissioned a survey of consumers’ perceptions and attitudes around the world to Internet of Things (IoT).28 Their findings were quite outstanding. They include that: i. Connected devices are everywhere - but concerns about privacy and security remain. ii. 63% of people surveyed find connected devices ‘creepy’ in the way they collect data about people and their behaviours iii. This sentiment is echoed throughout the survey, with half of people across markets distrusting their connected devices to protect their privacy and handle their information in a respectful manner (53%). iv. On top of not trusting the device itself to keep data secure, 75% of people agree there is reason for concern about their data being used by other organisations without their permission. v. The security concerns are serious enough to deter almost a third (28%) of people who do not own smart devices from buying one; security concerns are as strong a deterrent as the price of a device. vi. People have concerns about security and privacy but do not know how to adapt and adjust device settings in a way that might allay these fears. 80% of people surveyed are aware of how to set and reset passwords, but only 50% are aware of how to disable the collection of data about users and their behaviours. From this survey, Consumers International concluded that a high number of people actually think that privacy and security standards should be assured by regulators (88%), followed by manufacturers (81%) and championed by retailers (80%).29 With these recent developments, particularly the coming into force of the new FCCP Act and the establishment of the new Federal Competition and Consumer Protection Commission; the question now being asked is - how will this new Commission competently handle the protection of data subjects (i.e. e-consumers) in matters relating to data processing by data controllers and processors who are invariably subjects of the FCCP Act?30 Put differently – does the FCCP Act guarantee any personal data protection and security for e-consumers? The above query essentially, is the challenge that this article speaks to. To answer this question, this writer considered it vital to review the scope and application of the FCCP Act, its regulatory framework for e-commerce in Nigeria, along with the nature of rights afforded to ‘e-consumers’ or ‘data subjects’ thereunder. 27 The Internet Society is a global cause-driven organization governed by a diverse Board of Trustees. It was founded in 1992 by a number of people involved with the Internet Engineering Task Force (IETF). One of their principal rationales is to provide an organizational home for and financial support for the Internet standards process. Believing also that “the Internet is for everyone,” the Internet Society has worked since its founding to make that goal a reality. 28 The internet of things (IoT) is a computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices. The term is closely identified with RFID as the method of communication, although it also may include other sensor technologies, wireless technologies or QR codes. The IoT is significant because an object that can represent itself digitally becomes something greater than the object by itself. No longer does the object relate just to its user, but it is now connected to surrounding objects and database data. When many objects act in unison, they are known as having ‘ambient intelligence.’ 29 Ibid. 30 See T Ndunagu, ‘Nigeria’s Journey to Richland: Turning things up a notch with the Federal Competition and Consumer Protection Act’ <https://lawyers.com/nigerias-journey-to-richland-turning-things-up-a-notch-with-the- federal-competition-and-consumer-protection-act/> accessed 23 April 2019.
  • 6. Overview of the Federal Competition and Consumer Protection Act 2019 The FCCP Act was just signed into law in January 2019. The key objectives of the Act are majorly to (a) promote and maintain competitive markets in the Nigerian economy; (b) promote economic efficiency; (c) protect and promote the interests and welfare of consumers by providing consumers with wider variety of quality products at competitive prices; (d) prohibit restrictive or unfair business practices which prevent, restrict or distort competition or constitute an abuse of a dominant position of market power in Nigeria; and (e) contribute to the sustainable development of the Nigerian economy.31 A. Applicability and Scope of the FCCP Act The FCCPA applies to ‘all commercial activities’ undertaken in the country for profit and satisfaction of public demand. This is regardless of whether these activities are undertaken by privately or publicly held corporate entities, corporate bodies in which either the Federal, State or Local Government has controlling stake, or agencies of the Federal Government,32 The FCCPA also overrides the provisions of other laws in all matters relating to competition and consumer protection, but subject to the provisions of the Nigerian Constitution.33 B. The Federal Competition and Consumer Protection Commission Prior to the enactment of the FCCPA, its precursor the Consumer Protection Council Act, 1992 was the applicable law, and under that Act, there was established, a Consumer Protection Commission. Under the current FCCPA, there is now a Federal Competition and Consumer Protection Commission. The new Commission’s functions include administering and enforcing the provisions of the FCCPA and any other competition and consumer protection law; eliminating anti-competitive agreements, misleading, unfair, deceptive, or unconscionable marketing, trading, and business practices; and giving and receiving advice from other regulatory authorities or agencies within the relevant industry or sector on consumer protection and competition matters. Other functions include authorizing, prohibiting, or approving mergers and encouraging trade, industry, and professional associations to develop and enforce in their various fields quality standards designed to safeguard the interest of consumers.34 C. Consumer Privacy and Personal Data Protection under the FCCP Act Under the FCCP Act, there is a long list of rights for the protection of recognized consumer rights. These rights include - right to information in plain and understandable language;35 right to disclosure of price of goods or services;36 right to product labeling and trade descriptions;37 right to disclosure of reconditioned or second-hand goods;38 right to sales records;39 right to select suppliers;40 right to cancel advance reservation, booking or order;41 right to choose or examine goods;42 right to return goods;43 right to general standards for the marketing of goods and 31 See FCCPA s.1 para. (e). 32 Ibid.s.2 33 Ibid.s.104 34 FCCPA s. 9 and s.17 sub paras (b),(c), (f), (i), (p), (u), and (w) 35 Ibid. s.114 36 Ibid. s.115 37 Ibid. s.116 38 Ibid. s.117 39 Ibid. s.118 40 Ibid. s.119 41 Ibid. s.120 42 Ibid. s.121
  • 7. services;44 right to fair dealings;45 rights pertaining to the quality and safety of goods and services;46 and the right to safe, good quality goods.47 As can be gleaned from the above, of all the 13 recognized consumer rights in the FCCPA; none touches directly on consumer privacy or personal data protection for data subjects. The obvious implication of this omission is that consumer privacy or personal data protection rights are yet to be accorded full recognition as a species of consumer rights, under Nigeria’s primary consumer protection regime. One is thus left to wonder whether the drafters of this current consumer protection instrument did take into account, the principles under the extant United Nations Guidelines for Consumer Protection, 2015; which stipulates that the legitimate needs that the guidelines intend to meet include the provision of ‘a level of protection for consumers using electronic commerce that is not less than that afforded in other forms of commerce’; and ‘the protection of consumer privacy and the global free flow of information’. Remarkably too, under the FCCPA; (which ordinarily should be an upgrade of the previous Consumer Protection Council Act48 ); there is another awful omission. That is with regard to the regulation of e-commerce. The Act contains no provisions for the regulation of e-commerce. Indeed, this omission also calls into the question the all-inclusiveness of the Act and by extension, the Federal Competition and Consumer Protection Commission’s jurisdiction over e-commerce. The fact that the Commission is vested with concurrent jurisdiction with other agencies or relevant authorities49 in the data-protection space; is however, not lost upon this writer. In the IT sector for instance, the Commission now has concurrent jurisdiction with NITDA. Similarly, in the communications sector for instance, the Commission now has contemporaneous jurisdiction with NCC. Likewise, in the financial sector, the Commission is now vested with parallel jurisdiction with the Central Bank of Nigeria (CBN); (regardless of CBN’s already existing Consumer Protection Framework). The Act however provides that to enable it carry out its tasks efficiently and effectively, the Commission is required to collaborate with other regulatory authorities; trade, industry, and professional organizations locally and internationally.50 These collaborations will necessarily involve Ministries, Departments and Agencies (MDAs), especially regulatory bodies such as National Information Technology Development Agency (NITDA), Nigerian Communications Commission (NCC), Standards Organisation of Nigeria (SON), and National Agency for Food Drugs Administration and Control (NAFDAC), and others in competition and consumer protection regulation and related matters.51 To avoid possible regulatory frictions with other regulatory authorities, it is provided in s.104 of the Act that the Act is superior to all other laws in Nigeria; apart from the Constitution. Thus, the Commission’s powers take precedence over and above the powers of other relevant government agencies. This provision for coordinate jurisdiction with other agencies in the Act, as some have rightly submitted, ‘literally kicks things up a notch.’52 43 Ibid. s.122 44 Ibid. s.123 45 Ibid. s.124 46 Ibid. s.130 47 Ibid. s.131 48 Cap. C25, Laws of the Federation of Nigeria, 2004. 49 FCCPA, s. 105 sub ss.2 50 FCCPA, s. 105 51 Ibid. 52 See T. Ndunagu, note 30
  • 8. Ndunagu for instance submits that, while it is a noble idea to have a unified competition and consumer-protection laws regulating all sectors, having such a law govern the affairs of all sectors - including sectors already being regulated - is not quite practicable. His reasoning is that there is still the possibility of regulatory friction in terms of the regulatory role that NITDA for instance, is required to play regarding data protection and privacy of data subjects under the Nigerian Data Protection Regulation 2019.53 He further submits that making the Act take precedence over sector-specific regulations may result in inefficiency in regulation and consequently defeat the objective of the FCCPA. According to him, the superiority of the Act over other relevant laws and regulations on competition and consumer protection particularly consumer protection - in Nigeria; may still result in undesired consequences. The same goes for the attempt under the Act to provide a way out through negotiation between the Commission and relevant agency or agencies; under s.104 (4); (where negotiation is stipulated as the primary mode of resolving any impasse that may arise between the Commission and the relevant regulatory agency).54 He opines that this provision still puts the Commission in a favoured position; as the Commission will always prevail in such negotiations. He therefore suggests that there is a need for some level of deference on the Commission’s part and recognition of the capabilities, experience, expertise, and technical knowledge of the relevant regulatory agency; otherwise, the level of harmonization the Act requires and contemplates will be difficult to attain. Consequently, in his view, the Commission working together with the relevant regulatory authorities; with the common aim of promoting competition and protecting consumers; is the sure means by which the Commission can achieve its set aims and objectives seamlessly.55 This writer agrees entirely with Ndunagu’s submissions. In furtherance thereto; it is perhaps pertinent to also point out here that in other African countries like Ghana and South Africa; as well as in some ASEAN countries like Malaysia and Singapore, separate data protection legislation have been put in place to address the privacy concerns of data subjects. These legislation - for instance, the Ghana Data Protection Act;56 the South African Protection of Personal Information Act;57 the Malaysian Consumer Protection Act58 and Singapore’s Personal Data Protection Act59 ; each recognizes and protects consumer privacy rights and/or the right to personal data protection of data subjects or e-consumers.60 There is therefore no reason why this kind of recognition and protection should not be conferred on personal data privacy in Nigeria. 53 Ibid 54 S. 104(4) of the Act provides that the Commission shall negotiate with all government agencies whose mandate includes enforcement of competition and consumer protection for the purpose of coordinating and harmonising the exercise of jurisdiction over competition and consumer 5 protection matters within the relevant industry or sector, and to ensure the consistent application of the provisions of the Act. 55 Ibid. 56 Data Protection Act 2012 57 Protection of Personal Information Act No 4 of 2013 58 Malaysian Consumer Protection Act 1999 59 Personal Data Protection Act 2012. Nigeria may well adopt the Singaporean model of enacting separate ‘Personal Data Protection’ legislation. That is, in addition to the anticipated Electronic Communications and Transactions Act; whenever that instrument does come into force. 60 In Malaysia in particular, the CPA 1999 specifically provides for the protection of e-consumers against misleading and deceptive conduct, false representations and unfair practices. Under the Act, unfair trade practices in online shopping are defined to include deceptive advertising technique such as ‘bait and switch’. Furthermore, in the CPA (Amendment) Act 2010, a new Part 111A, which deals with unfair contract terms has been inserted into the Act. Under this provision, e-consumers may now challenge the validity of standard terms of online contracts for being either procedurally or substantively unfair. Most importantly e-consumers who are dissatisfied with online dealings can file their claims in the Tribunal for Consumer Claims which was set up to provide speedy, inexpensive and informal redress of consumers’ grievances.
  • 9. Thus, it is submitted that in Nigeria’s case, in addition to the FCCP Commission; there should also be established, a separate Personal Data Protection Commission, as is obtainable in countries like Singapore. The Prognosis There is no doubt that proper regulation of the e-commerce subsector is crucial to the future of national and economic development of any country, nay Nigeria. What it therefore means is that the FCCPA as is, already comes across as inchoate; having failed to address genuine privacy concerns of e-consumers – an ever-growing population in Nigeria’s consumer demography. No regulation for e-commerce will be complete without adequate consumer privacy or personal data protection mechanisms. Such mechanisms are what will ensure that key players are properly guided as to the required ethics; e-consumers are assured of their personal data safety; and government generates the needed revenue to invest in the economy.61 Given the evident shortfalls in the FCCPA in consumer privacy protection, the following policy recommendations are hereby suggested, viz: 1) The National Assembly must include the following elements in any data protection framework or bill under its consideration:  That the use of personal data must be in accordance with the purpose for which it was collected (purpose specification);  That the consent of the individual must be obtained prior to collecting his/her personal data;  That the rights of the individual to seek legal remedies for misuse and/or unauthorised access to his/her personal data must be guaranteed. This can be achieved via the following legislative mechanisms:  Elevation of the Status of Personal Data Protection and Consumer Privacy rights: Personal data protection and consumer privacy rights must as of necessity; now be elevated to the status of consumer rights cognizable under the Federal Competition and Consumer Act 2019.  A Revision of Federal Competition and Consumer Protection Act: A revision in this sense; it is recommended, should entail an adaptation of US state of California’s most recent Consumer Privacy Act (CCPA).62 The CCPA is to take effect in January 2020 and contains some the following innovative provisions viz – i. The Act provides for consumers’ right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.63 ii. The Act requires a business to make disclosures about the information and the purposes for which it is used.64 iii. The Act grants a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified.65 61 See for instance, A. A. Oluwatobi, ‘Legal Issues in Regulating the E-Commerce Sub-sector in Nigeria’ < https://www.lawyard.ng/legal-issues-in-regulating-the-e-commerce-sub-sector-in-nigeria-by-ayokunle-akinpelu/> 4 April 2016 accessed 20 April 2109. 62 California Consumer Privacy Act, 2018. The Act is to take effect from January 2020. 63 See California Consumer Privacy Act 2018 Legislative Counsel’s Digest; available at https://www.pbwt.com/content/uploads/2018/06/California-Consumer-Privacy-Act1.pdf; accessed on 14 May 2019 64 Ibid. 65 Ibid.
  • 10. iv. The Act grants a consumer a right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed.66 v. The Act requires a business to provide this information in response to a verifiable consumer request.67 vi. The Act authorizes a consumer to opt out of the sale of personal information by a business and would prohibit the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.68 vii. The Act authorizes businesses to offer financial incentives for collection of personal information.69 viii. The Act prohibits a business from selling the personal information of a consumer under 16 years of age, unless affirmatively authorized, as specified, to be referred to as the right to opt in.70 ix. The Act prescribes requirements for receiving, processing, and satisfying these requests from consumers.71 x. The Act prescribes various definitions for its purposes and would define “personal information” with reference to a broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information.72 xi. The Act prohibits the provisions described above from restricting the ability of the business to comply with federal, state, or local laws, among other things.73 xii. The Act provides for its enforcement by the Attorney General, as specified, and would provide a private right of action in connection with specified security breaches; certain unauthorized access and exfiltration, theft, or disclosure of a consumer’s non-encrypted or non-redacted personal information, as defined.74  Enactment of Separate Data Protection Act: Such an enactment can also be an adaptation of Singapore’s Personal Data Protection Act,75 which contains data protection principles consistent with those contained in the African Union Convention on Cyber Security and personal data protection; and/or an adaptation of the EU’s General Data Protection Regulation (GDPR). Conclusion Globalization and the Internet no doubt have turned the world into a global hamlet, and ushered in the era of e-commerce. In Nigeria as of today, there are still security concerns relating to Internet transactions and personal data safety; amongst consumers of e-commerce products and services. This apprehension is heightened by the seemingly fragmented and inadequate existing legal framework for personal data protection in the country; stemming largely from the delayed 66 Ibid. 67 Ibid. 68 Ibid. 69 Ibid. 70 Ibid. 71 Ibid. 72 Ibid. 73 Ibid. 74 Ibid. 75 Personal Data Protection Act 2012.
  • 11. passage into law of the long-awaited Electronic Communications and Transactions Bill. As we have shown in this article, under the new primary Consumer Protection legislation, consumer privacy or personal data protection rights are virtually unrecognized as a species of consumer rights. The non-recognition of consumer privacy rights in the new FCCP Act’s bill of rights patently cuts across the grain of the spirit and letters of the Nigeria’s National Data Protection Regulations 2019; which instrument on its part contains copious provisions on data subject rights; and which rights are also ranked ‘in conformity with constitutionally guaranteed principles of law for the general protection and enforcement of fundamental rights’. Consequently, it is submitted that in order to boost trust in the existing regulatory framework, personal data protection rights (as a species of consumer rights) must be given due recognition in any subsequent consumer protection regime. It is also imperative to enact separate personal data protection legislation in addition to the FCCPA.