NIGERIA Law and Practice Contributed by: Tiwalola Osazuwa, Peretimi Akinmodun, Lazarus Uwa Kalu and Mubaraq Popoola, ǼLEX
tions of Bank Accounts for Virtual Assets Service Providers (the “VASP Guidelines”), which per - mit financial institutions to open bank accounts for cryptocurrency businesses, provided the requirements set out in the VASP Guidelines are fulfilled, including obtaining a relevant licence or registration from the SEC. 2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection Laws, Regulations and Industry Codes of Conduct in Cloud and Edge Computing There is no specific legislation on cloud and edge computing in Nigeria. However, the NITDA issued the Nigeria Cloud Computing Policy 2019 (the “Policy”), which applies to public institutions and government-owned corporations. The aim of the Policy is to ensure an increase in the adop - tion of cloud computing by public institutions and small and medium enterprises that provide digital enabled services to the government. The Policy requires public sector entities to pri - oritise the procurement of cloud-based informa - tion and communication technologies where a cloud-based offer is essentially equivalent to As there is no specific legislation on cloud and edge computing, no industry is subject to great - er restrictions than others. Personal Data Processing in the Context of Cloud Computing In cloud computing, the provisions of the NDPA with regards to processing personal data must be complied with at all times specifically the fol - lowing. other kinds of technology solutions. Restrictions on Certain Industries
• Principles of processing personal data: cloud service providers should ensure that the principles of processing personal data are complied with. • In the context of cloud computing, it is essen - tial for the parties involved in the sharing of personal data to clearly define their respective roles and responsibilities. Under the NDPA, entities processing personal data may act as data controllers, data processors or joint controllers. Establishing a clear distinction of each party’s role is critical to ensuring compli - ance with regulatory obligations, accountabil - ity and safeguarding data subjects’ rights. • Compliance with cross-border data transfer regulations is essential when personal data is transferred outside Nigeria in the context of cloud computing. Under the NDPA, data con - trollers are prohibited from transferring per - sonal data outside Nigeria unless the Nigeria Data Protection Commission (the “NDPC”) has determined that the data protection laws of the destination country provide an adequate level of protection. If the NDPC has not determined that the destination country offers an adequate level of protection, a data controller may still transfer personal data to that country, provided it is based on an approved contractual clause or, in the case of intra-group transfers, on approved binding corporate rules. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights Laws, Regulations and Industry Codes of Conduct in Relation to the Use of Artificial Intelligence (AI) There is no legislation that specifically governs the use of AI in Nigeria. However, the provi -
312 CHAMBERS.COM
Powered by FlippingBook