The advent of COVID-19 disrupted what was and has to a large extent introduced a new normal in various aspects of personal lives and corporate operations.

From working remotely and holding official meetings and classroom lectures via online conferencing tools to organizing and hosting all trainings, workshops, seminars through webinars, also using online conferencing tools.

A report credited to Rack Centre (a Certified Data Centre) showed that since the lockdown, daily usage of online conferencing tools, for instance, Microsoft teams and Zoom, increased from 44 million to 900 million and 10 million to 200 million daily uses respectively. About half of these figures were deployed for Webinars by firms, companies and individuals to sustain and increase market visibility, and wider access to new customers through their Personal Data. Hence, third party event management and ticketing firms (e.g. Eventribe), are engaged to elicit certain Personal Data from prospective participants and in some cases, participation fee, as a pre-condition for participating in the Webinars. The information usually harvested from interested participants include name, address, employer’s detail, phone numbers, electronic banking details and etc., besides device fingerprint. In reality, the major target seems to be you! Yes, your Personal Data which is needed for future direct or indirect marketing and big data analytical purpose for business decisions.

It is now a common phrase that ‘data is the new oil.’ This phrase dates back to 2017, following a publication by The Economist titled “The World’s most valuable resource is no longer oil, but data”. The publication posited that the ‘five most valuable listed firms in the world’, that is, Alphabet (Google’s parent company), Amazon, Apple, Facebook and Microsoft are reaping a surging profit from Personal Data. That phrase is truer today than it was in 2017, because, as at January 2020, these companies have market caps above the four-comma threshold with combined valuation of Five Trillion United States Dollars! It is undeniably clear that Personal Data is a treasure trove.

An entity or individual with access to your Personal Data, with or without informed consent and full disclosure of processing purposes, can manipulate your actions, reactions and economic choices (see Cambridge Analytical scandal). To understand the encompassing nature of Personal Data, we culled its definition from the Nigerian Data Protection Regulation 2019 (NDPR), specifically Reg. 1.3(q), which provides that: ‘Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM and others’.

The NDPR was put in place to enable individuals have control over the use and processing of their Personal Data by human and legal entities. A cardinal principle of data protection is consent -which must be freely given, specific, informed and unambiguous. The key word here is – ‘informed’, i.e., the consent must be based on information compulsorily required by NDPR to be provided to owners of Personal Data (Data Subject). NDPR’s Reg. 2.13.6 requires that before an entity collects Personal Data, the Data Subject must be provided with: the identity and contact details of the Controller (refers to webinar hosts) and Data Protection Officer; the purpose and legal basis for the collection; the existence of the right – to withdraw consent, have access to, rectification, deletion and portability of Personal Data, to lodge a complaint with the relevant authority; the period for which the Personal Data will be stored, detail of third party recipients who these Personal Data may be sold to and etc. It is concerning to note that 80% of these required information disclosures were not and are not being provided by most Webinar hosts while collecting Personal Data. Hence, people are being induced to give ‘uninformed’ consent to the harvesting of their Personal Data in breach of data privacy rights. It is also obvious that Personal Data is being harvested for possible exploitation and future commercial benefits of webinar hosts and third-party entities without the informed consents of Data Subjects who are the objects of the trade.

I believe it has become expedient for the data protection Regulator (National Information Technological Development Agency), to actively investigate and checkmate this trend to protect the privacy of Personal Data of Nigerian citizens and residents.

FRANCIS ALOH
Francis is an attorney at law, chartered arbitrator, management consultant, certified international privacy and data expert.
aloh_francis@yahoo.com