NIGERIA Law and Practice Contributed by: Tiwalola Osazuwa, Peretimi Akinmodun, Lazarus Uwa Kalu and Mubaraq Popoola, ǼLEX
4. Internet of Things 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection Laws, Regulations and Industry Codes of Conduct in Relation to the Internet of Things (IoT) While there is no specific law on the internet of things (IoT) in Nigeria, the provisions of the NDPA, the Nigeria Communications Act, the Cybercrimes Act and intellectual property laws will all impact the use of IoT technologies. Relevant Elements Machine-to-machine communications, communications secrecy and data protection The IoT primarily thrives on data exchange. To promote confidentiality and integrity of the data, it is necessary that data exchange is done securely. It is therefore expedient to deploy data protection and information security strategies to ensure data protection. Nigeria has enacted adequate data protection laws to ensure safe data processing in the course of deploying the IoT. The Cybercrimes Act also criminalises intention - ally accessing a computer system or network to obtain computer data, gain access to any programme, commercial or industrial secrets or classified information. 4.2 Compliance and Governance Compliance Challenges for IoT Solutions in Nigeria There are no specific laws on IoT technologies and so it may be difficult for IoT companies to understand the regulatory landscape. Addition - ally, in deploying IoT solutions, companies are usually faced with requirements to comply with multiple regulations which can be very complex.
Governance Frameworks for Managing IoT Deployments in Nigeria To manage IoT deployments in Nigeria, compa - nies should implement: • a data management framework to cater for data protection and the ethical use of data; • a risk management framework that will specify the process of risk identification and management; • a cybersecurity framework; • a regulatory compliance framework to moni - tor compliance with the applicable legislation; • an incident response and management framework; and • a disaster recovery framework. 4.3 Data Sharing Key Data Sharing Requirements for IoT Companies IoT companies intending to share data with third parties may enter into a formal data shar - ing agreement and non disclosure agreements with third parties. When the data to be shared includes personal data, the IoT companies are required by the NDPA to enter into a data processing agreement with the third party and ensure that the third party: • complies with the data protection principles outlined in the NDPA; • has adequate processes in place to respect and uphold the rights of data subjects; and • implements appropriate technical and organi - sational measures to safeguard the security, integrity and confidentiality of personal data. These data sharing requirements apply to all companies that share personal data with third parties.
314 CHAMBERS.COM
Powered by FlippingBook