Decisions made around how COVID-19 data are used are taken through established democratic processes
The primary source of data protection law is the Nigeria Data Protection Regulation 2019 which was issued by the Nigerian Information Technology Development Agency on 25 January 2019. The Regulation was issued pursuant to the Nigerian Information Technology Development Agency Act. This Regulation was not suspended by the Presidential declaration of Covid-19 as a dangerous disease in terms of the Quarantine Act. The National Assembly and State Houses of Assembly are provided with the responsibility by the 1999 Constitution to exercise oversight over Executive actions which impact data related rights. Although the Nigerian Parliament has continued to operate during the associated lockdown, public participation in parliamentary processes has been severely limited. The consideration of the Control of Infectious Diseases Bill, 2000, for example, did not initially include any scope for public input. The President has also refused to assent to the Digital Right and Freedom Bill which would have promoted freedom of expression, assembly and association online.
The public is consulted on how sensitive data (e.g. location data derived from mobile phones) are shared and used to tackle COVID-19, and their responses are used to inform policy interventions
After an extensive desktop search of online information, no information could be found to demonstrate that the public had been consulted on how sensitive data is used or shared to tackle Covid-19.
Any public-private data partnerships that are established to share and use COVID-19 related data should also include representatives from civil society and digital rights groups
After an extensive desktop search of online information, no information could be found which suggested that any public-private partnerships included representatives from civil society and digital rights groups.
The needs of vulnerable groups are taken into account and steps to protect ‘sensitive group data’ are included alongside actions to protect individuals’ data
After an extensive desktop search of online information, no information could be found to demonstrate that data regulation strategies considered the needs of vulnerable groups or that steps were taken to protect sensitive group data