Introduction

Data privacy has become increasingly important in this era. Usually, individuals (Data Subjects) provide their data to businesses (Data Controllers) to access information; and with the growth of internet use in Africa, a continent of 1 billion people. This ubiquity has been fueled by rapidly expanding mobile broadband networks and ever more affordable phones through which data is increasingly harnessed. More than half of Africa’s 54 countries have no data protection or privacy laws. And, of the 14 countries that do, nine have no regulators to enforce them, the group says.[1]

The major law regulating data privacy in Nigeria is the Nigeria Data Protection Regulation 2019; while in in South Africa; The Protection of Personal Information Act 4 of 2013 (“POPI”) was signed by President Zuma on 19 November 2013. As stated in the preamble, the purpose of POPI was, in line with international standards, to regulate “the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justifiable limitations that are aimed at protecting other rights and important interests; However, it is important to mention that most Data Controllers are unaware that they are subject to grave liability from failure to adhere to these regulations or by data subjects avoiding its website which could cost it financial loss due to its ability to protect the privacy of data subjects or hedge itself from the breach.

Does Every Website Need a Privacy Policy?

With the growth of the internet, websites have now become a common tool for business to brand themselves; however, it is important to mention that websites have gone beyond being pocket tools, they are instruments with impressed personalities that the law recognises which could lead to liability for a business if not handled well. Apart from that, you need a privacy policy to use all the most common marketing tools on the market. And partly because it is legally required for websites. Either way, it is one of the easiest, least-expensive things you can ever do to advance your business. However, below are some of the concrete reasons required to brand a website with a privacy policy.

 

  1. Nigerian Law Requires It

The provisions of the law in Article 2.5 of the Regulation provides for the publicity and clarity of Privacy Policy, it states that any medium through which Personal Data is being collected or processed shall display a simple and conspicuous privacy policy that the class of Data Subject being targeted can understand. The privacy policy shall in addition to any other relevant information. The liability it imposes are:

  1. in the case of a Data Controller dealing with more than 10,000 Data Subjects, payment of the fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira, whichever is greater;
  2. in the case of a Data Controller dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million Naira, whichever is greater.

Privacy policy (and cookie policy) is required by as Data Collectors collect information from your customers (email address, first and last name, billing and shipping address, credit information).

As a Data Subject uses your service or scrolls your website, he or she will want to know:

  1. why you collect his/her data;
  2. what kinds of data you collect from him/her;
  3. whether you will disclose the data to law enforcement agents if there will be a case; and
  4. how he/she can unsubscribe from your emails.

As a matter of fact, you need your privacy policy when launching your website.

  • It Increases the Prospect of a Business

The content of a Data Collector’s website is sophisticated, and it is one targeted to clients that are usually buoyant, enlightened, and not nationals of Nigeria.

The implication of this is that where you have clients who cannot guarantee that their privacy and details will be protected, they will immediately not browse through your website; and it is certain that they will never sign up for your website. The implication? You lose serious prospects as clients. With the rise in identity theft and corporate data breaches, at a government and corporate level, consumers are extremely interested in protecting their personal information. Savvy customers want to know that you are safeguarding their information and how you will be using it.

Similarly, by staying on the safe side and providing users with what would make them feel secure and protected, you automatically increase your assets. Research has shown that if you are honest and upfront with visitors, many more of them will do what you want them to do

  • Build Trust

Being transparent towards your users is possibly the most important moral reason. Providing your clients and customers with a clear picture of why and how you process their personal data makes your clients feel secure.

In addition to having a clear, concise, transparent and easily accessible Privacy Policy, trust-building can be reinforced by a visual “privacy safe trust seal”. Such a visual representation, apart from emphasizing on the fact that you have an up-to-date Privacy Policy, immediately increases the levels of trust between you, as a business owner and your visitors and users.

Last, but not least, those who actually do thoroughly read that key legal document will feel safer, more comfortable, will use your website or mobile app longer and are much likely to refer friends or recommend your product. Therefore, do give your users a peace of mind!

Recommendation

  • It is recommended that you diligently draft this privacy policy in compliance with legal requirements in Nigeria.
  • It is recommended that you avoid copying and pasting privacy policies of other Data Controllers, you may copy blind, it is advisable you give it to someone with qualities in reviewing these policies in line with country specific laws.
  • The Privacy Policy is undoubtedly within the MUST-HAVE documents to have on your website or mobile app

The author, Adedoyin Fadare, is a Legal practitioner who specialises in IT, Data privacy and intellectual property Law in Nigeria. He is also the Chief Publisher at The People’s Accolade Law Magazine (www.thepalmagazine.com)

[1] https://www.reuters.com/article/us-facebook-africa/in-africa-scant-data-protection-leaves-internet-users-exposed-idUSKCN1HB1SZ