CENTRAL BANK OF NIGERIA FINES MONIEPOINT AND OPAY
The Central Bank of Nigeria (CBN) has significantly intensified its scrutiny of fintech
startups. Recent reports indicate that two of the nation’s leading fintech companies,
Moniepoint and Opay, were each subjected to a penalty of ₦1 billion during the second
quarter of 2024. Numerous other fintech firms also faced sanctions due to compliance
deficiencies, emphasizing the critical nature of regulatory checks in the CBN's oversight
responsibilities. To promote adherence to regulatory standards, the CBN has
increasingly implemented financial penalties.
AN OVERVIEW OF THE SOUTH AFRICAN INFORMATION REGULATOR’S GUIDANCE NOTE ON THE PROCESSING OF VOTER’S PERSONAL INFORMATION AND THE COUNTERING OF MISINFORMATION AND DISINFORMATION DURING ELECTIONS
The South African Information Regulator (IR) published a Guidance Note on Processing
Voters’ Personal Information and Countering Misinformation and Disinformation during
Elections ( Guidance Note).
¹ This Guidance note provides political parties and
independent candidates with a clear framework for ensuring adherence to the
Protection of Personal Information Act 4 (POPIA) 2013. The Guidance Note outlines lawful
methods for processing personal data in the electoral process and offers strategies to
counter misinformation and disinformation, promoting transparency.
The Guidance Note strongly emphasizes the delicate balance between the free flow of
accurate information during elections and personal data protection. It underscores that
data protection, particularly in elections, is a cornerstone of democratic fairness. The
Guidance Note further highlights the necessity for political parties and candidates to
respect privacy and operate transparently. This transparency is crucial in ensuring the
integrity of the electoral process.
RECENT DEVELOPMENT IN AFRICA DATA PROTECTION SPACE
Nigeria Data Protection Commission (NDPC) investigates Optasia’s data processing activities
The NDPC is investigating Optasia, a leading Fintech services provider, following concerns about non-compliant data processing practices. The investigation primarily focuses on Optasia’s utilization of privacy-invasive technologies for marketing, credit scoring, and other financial services, which pose potential privacy risks. The NDPC emphasized the significance of data controllers and processors ensuring that their third-party partners are duly registered with the Commission to uphold data security and safeguard Nigeria’s data sovereignty. The company deployed privacy-invading technologies to process personal data for marketing, credit scoring, and other financial services. This was discovered during routine regulatory oversight of data controllers and data processors of major importance. All data controllers and processors of significant importance who rely on subprocessors are required to be registered with the NDPC per Nigerian law.
COUNCIL OF EUROPE CONVENTION ON AI IS READY FOR SIGNING
The Council of Europe (COE) adopted the first international and multilateral treaty on Artificial Intelligence (AI) on the 17th May 2024, known as the COE Framework Convention on Artificial Intelligence and human rights, democracy, and the rule of Law, CETS No. 225 (the Convention). The Convention aims to ensure respect for human rights, the rule of law, and democracy in the development and deployment of AI. The Convention aligns with the objective of the COE, which, among other things, seeks to achieve greater unity amongst member states, particularly in the areas of respect for human rights, democracy, and the rule of law. The Convention was adopted in Strasbourg during the yearly meeting of ministers of foreign affairs of the 46 Council of Europe member states. The Convention seeks to address specific challenges that arise throughout the lifecycle of AI systems while encouraging the consideration of the broader risks and impacts related to these technologies, including, but not limited to, human health, the environment, and socio-economic aspects, such as employment and labor.
LATEST NEWS IN THE GLOBAL DATA PROTECTION SPACE
The global data protection scene is rapidly evolving with frequent global developments. Some recent developments around the world are highlighted below.
Our response to UNESCO’s open consultation on AI regulation: Emerging approaches across the world
AI (AI) stands at the forefront of technological innovation, reshaping industries across the globe. As AI becomes more integrated into our daily lives, the line between innovation and privacy invasion blurs, underscoring the urgent need for comprehensive regulatory intervention that protects all stakeholders. Effective regulation ensures that technological advancements yield positive societal outcomes, incentivizing responsible behaviours and establishing safeguards. Crafting such an approach requires contextually balancing the benefits and risks of AI rather than assessing them in absolute terms. In response to these growing concerns, UNESCO has released a ‘Consultation Paper on AI Regulation: Emerging Approaches Across the World’, outlining various strategies for regulating AI. The document tackles issues such as governance, ethics, and the broader societal impacts of AI, with the primary goal of guiding the development and regulation of AI systems to ensure they remain ethical, safe, and responsible.
Harnessing AI for Africa’s Development and Prosperity: A review of the (African) Continental AI strategy
Artificial Intelligence (AI) is reshaping industries, economies, and societies globally, with Africa poised to harness its transformative power. The potential for AI to drive socio-economic growth across the continent is immense, but achieving this requires a unified approach. The African Union has drafted a Continental AI Strategy, which serves as a comprehensive roadmap to ensure that AI’s benefits reach every African while addressing the continent’s unique challenges.
AN OVERVIEW OF THE GENERAL APPLICATION AND IMPLEMENTATION DIRECTIVE (GAID) 2024 OF THE NIGERIA DATA PROTECTION ACT (NDPA)
The Nigerian Data Protection Commission (NDPC) recently released a draft implementation directive known as General Application and Implementation Directive (GAID) 2024. Its primary objective is the implementation of the Nigerian Data Protection Act (NDPA), designed to safeguard the right to privacy, in accordance with Nigeria’s 1999 constitution (as amended). It provides for guidance in areas of disruptive technologies involving the processing of personal data around the world. While the NDPA is the primary data protection legislation in Nigeria, the GAID seeks to regulate the interpretation and implementation of the provisions of the NDPA. This Article considers the GAID draft policy vis-à-vis the NDPA while highlighting the implications of some of its provisions.
AN OVERVIEW OF NIGERIA’S NATIONAL ARTIFICIAL INTELLIGENCE STRATEGY
AN OVERVIEW OF NIGERIA’S NATIONAL ARTIFICIAL INTELLIGENCE STRATEGY. Download Article Nigeria’s ministry of communications, innovation and digital economy recently drafted a National Artificial Intelligence Strategy (NAIS). Its objectives are to develop a high-level national AI strategy and implementation plan for the country. This strategy adoption becomes necessary to help Nigeria harness her AI transformative capacity […]
DATA BREACHES IN NIGERIA: THE CASE OF THE NATIONAL IDENTIFICATION NUMBER
DATA BREACHES IN NIGERIA: THE CASE OF THE NATIONAL IDENTIFICATION NUMBER Download Article There have been suspicions of a data breach on the database of the National Identity Management Commission (NIMC), the Commission responsible for establishing a National identity data base and issuing identity cards. These suspicions were fueled by reports from the Foundation for […]
