Why we licensed law firms as DPCOs – NITDA

Malicious

Why we licensed law firms as DPCOs – NITDA

The National Information Technology Development Agency (NITDA) says licensing some law firms as Data Protection Compliance Organisations (DPCO) is to protect constitutional rights.

This clarification is contained in a statement signed by Mrs Hadiza Umar, Head, Corporate Affairs and External Relations of the agency in Abuja on Friday.

It said that the clarification was necessary due to a social media post by a legal practitioner.

According to the post, licensing law firms as DPCOs to provide data-privacy related services to the public stifles the growth of data privacy in the country.

“The right to privacy is a constitutional right guaranteed by Section 37 of the Constitution of the Federal Republic of Nigeria, 1999, as amended.

“However, it is factual and legal inaccuracy to equate the right of data privacy, or indeed the provision of data privacy-related services, to the right of data protection.

“Data protection goes beyond protecting personal data privacy.

“It also involves the processes, systems and rules to ensure the confidentiality, integrity and availability of data,’’ the statement read in part.

The agency further stated that the Nigeria Data Protection Regulation (NDPR) does not seek to inhibit, restrict or curtail the rights of the legal practitioner as provided by the Legal Practitioners Act.

“NDPR has rather opened a new vista of opportunities for lawyers to expand their practice into the area of data protection”.

“NITDA licensed law firms to understand that they represent the agency in entrenching compliance, help data holding entities to bridge the historical and systemic gap in data protection compliance in Nigeria.’’

It explained that lawyers had a right to conduct, take part in proceedings and file court and administrative processes relating to the enforcement or defence of the right to privacy.

“However, not every lawyer has the competence to conduct and file annual data audit report as prescribed by Article 4.1:5,6,7 of the NDPR,’’ it stated.

According to the agency, the criteria for licensing as DPCO required knowledge of data protection compliance and enforcement, which was not part of the residual knowledge of every lawyer.

The opinion of the author that the DPCO scheme lacks precedent was a testimony to the innovation NITDA is bringing into its regulatory mandate.

“Moreover, as the evergreen Lord Denning said in the case of Parker v. Parker if we never do anything which has not been done before, we shall never get anywhere.

“While lawyers retain their privilege to traditional privacy rights advocacy and enforcement in most other jurisdictions, NDPR further recognises and institutionalises the capacity of prepared legal practitioners.

“NDPR prepares the legal practitioner to participate in the audit, training and compliance services for data controllers and processors,’’ it added.

NITDA said that Nigeria’s model had become subject of intense studies for adoption within and outside Africa, which was encouraging.

It added that licensing of DPCOs by the agency had entrenched training and awareness on data privacy protection degenerating to jobs creation.

“Bureaucratic bottlenecks have been eliminated in the bid to comply and the country is fast-tracking its progress towards digital economy maturity.’’ (NAN)