On July 7, 2023, Spaces for Change | S4C hosted a private sector consultative dialogue in Lagos, bringing together experts from the public and private sectors to discuss ways of increasing respect for human rights while achieving business and security objectives. Participants comprised representatives from the National Communications Commission (NCC), National Identity Management Commission, National Human Rights Commission, telecommunication companies, internet service providers, fintech companies, digital rights lawyers, journalists, cyber security experts, and civil society organizations.
Discussions at the dialogue were predicated on the findings of a recent research report, “Security Playbook of Digital Authoritarianism in Nigeria,” authored by S4C and members of Action Group on Free Civic Space, which interrogated the extent, huge budgetary allocations for combating insecurity and terrorism have been repurposed to limit the online and offline spaces for civic participation. Among several findings, the report found that counterterrorism laws, tools, and security rhetoric are potentially becoming the dominant driver of closing civic space in Nigeria. It identified the new technologies, regulations, laws, and tactics employed by state actors to repress the constitutionally-protected freedom of expression, assembly, association, and the right to privacy. The report particularly highlighted the role of the private sector—especially telecommunication companies, internet service providers, fintechs—in facilitating restrictions that stifle civic freedoms and constrain civil society. Against this backdrop, the dialogue was convened to increase the role of the private sector, in partnership with civil society, in safeguarding the civic space in Nigeria.
The morning session led by a group of seasoned experts from the federal regulatory agencies, cyber security specialists, and civil society, focused on the importation and use of surveillance equipment in Nigeria and the use of technology to combat insecurity. The conversations shed light on the nature and scope of NCC’s licensing responsibilities particularly for telecommunication equipment capable of microwave transmissions. Established in 2003, NCC licenses telecommunication devices that are not for warfare but for social good and service delivery to operators, licensees, institutions, and citizens. Devices used in Nigeria must pass electromagnetic compatibility tests and surveillance technologies outside this remit are not regulated by the NCC. Critical national infrastructure (CNI) that supports the transmission of electronic information also falls under the supervisory scope of the NCC.
Recognizing that security agencies are leveraging advancements in digital technologies to increase their crime detection and risk mitigation capabilities, one issue that dominated the discussions is how to strike a healthy balance between fighting insecurity and protecting civil liberties. One step taken by state authorities in this regard is to ensure that lawful interception of private communications is conditioned on judicial approval. In other words, security authorities need to obtain a court order before they can lawfully intercept private communications.
Agreed that certain criminal activities such as cyber-crimes, disinformation, hateful incitement, online attacks, child pornography, and fake news, are real threats that require regulation, it is evident that some of the security laws that give legal backing for combating these crimes have outlived their usefulness. With the numerous examples shared by participants in the room, corroborating S4C’s research findings, the CyberCrimes Act was singled out as a security legislation that has been serially invoked the most to crush civil liberties. The Cybercrimes Act is an omnibus legal framework attempting to cover too many things—national security, data protection, cybercrimes, and cyberstalking—at the same time, hence the need for total unbundling and overhaul of that law. Beyond the issue of legislative repeal of some security laws, there was a consensus that surveillance ecosystems are about to get worse with the rapid advancement of artificial intelligence (AI). For the regulations of the future, emphasis must be placed on developing legal standards that are stakeholder-driven, privacy-based, and principle-based: inclusion, fairness, transparency, and accountability. Where human rights and national security objectives clash, security agencies are obligated to carefully consider the weight of national security pursuits on citizens’ rights.
During the second panel, experts from telecommunication companies, fintech associations, and civil society, took a deep dive into balancing business interests and human rights in a digital economy. The discussions centered on addressing the challenges arising from the involvement of multiple corporations in data collation, data storage, and harvesting of massive amounts of personal data, with a high incidence of data privacy breaches. The poor implementation of data protection regulations was identified as a key contributing factor. Telecommunication companies shared various policies and measures they put in place to improve data protection, and institute corporate controls designed to enhance privacy. For instance, personal data can only be released based on a court order, or when requested by most senior security officers of a particular level. Companies periodically evaluate the risks their business operations pose to privacy rights and propose solutions to them based on an internal risk assessment. They warned against subscribers and online users installing and signing off too many applications, without reading the terms and conditions. Reading the fine print is an important step toward controlling the amount of permissions to our personal data given to modern apps we subscribe to. They also highlighted the challenges faced by businesses in adhering to data privacy regulations, advocating for streamlined and standardized policy approaches to ensure compliance.
There are three major takeaways from the dialogue. First, achieving a harmonious balance between business operations and human rights protection requires the active involvement of all stakeholders. The stakeholder consultative dialogue offers a vehicle for this multisectoral involvement. Second, there is a need to strengthen collaboration between the corporate sector, government, and civil society to exchange ideas, share best practices, and develop actionable recommendations for improving digital safety anchored on the principles of human rights, transparency, and accountability. And finally, constant constructive dialogue and continuous engagement among stakeholders are key to building a digital economy that not only drives business growth but also safeguards human rights.