Comparitech Report: Nigeria’s SIM Card Registration Laws Don’t Protect Privacy
Since it was initiated by the NCC at the beginning of the last decade, SIM registration has been an on-going exercise in Nigeria. Subscribers are required to provide their biodata and biometrics for the process.
However, a recent report by Comparitech has described Nigeria’s SIM card registration laws as “invasive” and ranked it among the worst in the world.
The Comparitech report considered a number of factors before arriving at its damning conclusion. These factors include biometrics requirement, duration of data storage, who it is stored with, accessibility of the data to law enforcement and data privacy legislation protecting the collected information.
After these considerations, the report ranks Nigeria together with Bahrain, Bangladesh, China, Myanmar, Tajikistan and United Arab Emirates as countries where privacy under SIM card registration is not protected.
First, biometrics (fingerprints and facial scans) are required during the registration process, and data is stored with the NCC who holds the data for 3 years. During this period, the information can be shared with security agencies on request without informing the subscriber.
Nigeria also has strict laws for those who default the process, with punishment ranging from 200,000 Naira fine to prison sentences. All of these raise serious privacy concerns.
“Creating a database of citizens and their mobile numbers restricts private communications, increases the potential of them being tracked and monitored, enables governments to build in-depth profiles of their citizens, and risks private data falling into the wrong hands.”
Comparitech
According to the report, “authorities could selectively throttle, censor, or block internet connections of specific people or groups of people, giving way for harassment and persecution.”
In recent times, there has been a rise in internet censorship by African governments as well as intimidation of opposition critics and rights campaigners.
And in the case where there’s a paucity of data legislation, subscriber information could be provided to third parties including advertisers and government agencies without the owner’s consent.
There’s an alarming surge in spam calls and messages received by SIM card subscribers in Nigeria. There’s also the curious detainment of a Nigerian by the Department of State Services over the purchase and use of an MTN SIM card previously used by the President’s daughter. All these raise questions about the implementation of the 2019 Nigeria Data Protection Regulation by NITDA.
How seriously do Nigerians take their privacy?
There’s also the valid question of whether Nigerians care about their privacy enough to be worried. Receiving unsolicited messages has become pretty normal and nobody is really trying to stop it.
For some folks, the loss of an old SIM card means an opportunity to buy a new one. Thus, legally, they just gave the NCC 3 fresh years to hold on to their personal information as provided upon a new SIM card registration.
Furthermore, many Nigerians willingly sign up for services on the internet, filling in vital data, without reading their terms and conditions. In the end, such data could be harvested and sold to 3rd parties.
Nevertheless, the issue of SIM card registration still needs to be discussed and proper measures implemented to protect subscriber’s data from every third party including government and its agencies.
