Abuja, April 9, 2020 – Paradigm Initiative, a pan-African social enterprise working to advance digital rights and inclusion in Africa, is deeply concerned about the Nigeria Governors’ Forum’s attempts to collaborate with telcos to mitigate the effect of the COVID-19 pandemic.
In these austere moments when the vulnerability of humans, and the community at large, is at its peak, Paradigm Initiative is still committed to protecting the digital rights of Africans from further vulnerabilities.
A report that MTN & the Nigeria Governors’ Forum have entered into a data-sharing partnership, following a presentation by MTN, to mine and provide its users’ data “to profile States vulnerability to the spread of the coronavirus” came to our attention.
While efforts to mitigate and control the spread and sting of this novel coronavirus are appreciated, the existing and sacred fundamental rights of users MUST be protected at all times.
First, it is important to iterate that, no other time than now presents MTN and other Mobile Network Operators with the opportunity to “be transparent with the public about the sharing of Mobile Operator Data with Governments or Agencies” and to “help counter misinformation and raise awareness of data sharing to help combat COVID-19”. This is further buttressed by the COVID-19 Privacy Guidelines released by the GSM Association (GSMA) on April 6.
However, in light of the report, Paradigm Initiative humbly asserts that it does not lie in the power of @MTNNG to arbitrarily use, distribute or grant third-party access for the processing of users’ data. Information such as the travel history of MTN users, their current location, and other sensitive information are private data that should absolutely not be commodity in a partnership, irrespective of noble intentions.
The reported sharing (or potential sharing) of users’ personal data by MTN to the Nigeria Governors’ Forum (NGF) will constitute a sheer breach of users’ trust and would adversely hamper on the right to the privacy of data of its users especially if the data being shared is personally identifiable data.
According to the GSMA COVID-19 Privacy Guidelines, Mobile Network Operators (MNOs) should “take proactive steps to implement privacy best practices… and consider the ethical implications of lawful sharing of Mobile Operator Data for the purposes of helping Governments or Agencies to contain, delay or research the spread of the virus or to mitigate its impact on public health”.
We are all navigating through this time with no playbook – there is definitely a global need for innovation by the government, private companies and even citizens alike. Things are changing and thinking outside the box has become a survival skill but some things do not change. And one of such is that data subjects have the right to privacy of their data and such right may only be derogated from in constitutionally stipulated conditions and IMPORTANTLY, by legally stipulated processes.
The GSMA COVID-19 Guidelines advise MNOs such as MTN to “engage with Governments or Agencies and, where appropriate courts, to seek clarity when the legal basis for a request is unclear or uncertain or where additional emergency powers may be required to support a request”.
If the NGF believes that accessing and processing the location and travel history data of MTN users is the most innovative way to help public health in Nigeria, then Paradigm Initiative calls on the Forum to follow the legally stipulated process to transparently secure such data. Alternatively, MTN may share “insights or aggregated non-identifiable data… to the extent that they are truly anonymous” in accordance with the GSMA COVID-19 Guidelines.
Even in the sharing of insights or aggregated non-identifiable data, both MTN and the NGF must engage in the process in a lawful and fair manner, taking all circumstances and potential impacts into account. According to the GSMA COVID-19 Guidelines: “To the extent the request is based on a specific law in the interests of public security that such laws are necessary and proportionate to achieve a specified and legitimate aim that is consistent with internationally recognised privacy standards, human rights and other relevant laws.”
Finally, it is important to iterate that fundamental rights are still fundamental even in a pandemic. Decisions made, and actions taken, during crises will be with us when the crisis ends so we should avoid creating a problem in the name of solving another problem.