Cambridge Analytica: Bringing the lessons home

Cambridge Analytica: Bringing the lessons home –  Adeboye Adegoke

It is no longer news that Cambridge Analytica’s transgression is not just about Donald Trump’s 2016 elections campaign or the role of Russia in the United States election. Evidence has now shown that it had its footprints in the very toxic 2015 elections in Nigeria and the very highly contested Kenya elections in 2016. The implication of this must not be lost on us. This is not just about elections, this is not just about the failure of an intermediary to justify the trust of its customers in it but this is also about the significance of data in the 21^st century. While there are barely any data protection frameworks across many countries in Africa, the thirst for data harvesting by the government is almost unquenchable. The risk that we face in Africa is not only about what or how private companies handle our data and who they connive with but also how the government uses data as a tool of control and manipulation of citizens. In Nigeria like many African countries, security agencies have unfettered access to citizens’ data irrespective of whom it was shared with (government or private companies), in a very opaque manner with no system of accountability or judicial oversight in place and the absence of the opportunity to seek redress is like adding insult to injury.

Attitude Must Change

The subject of data protection is never really taken seriously in Africa. The laissez-faire attitudes of not just data custodians but of data owners are very alarming. On a continent with unbridled data harvesting processes completed and ongoing, not many appreciate nor care about what’s been done with those data. A government agency in an African country once sold laptops used for some data harvesting exercises to private individuals without completely erasing the private data mined with the computer. Kenya and Nigeria, the two African countries that we are sure to have the footprint of Cambridge analytical has no data protection Laws. The process to have one has been ongoing for years in both countries. In Nigeria, draft data protection legislation has sat in the country’s National Assembly for 8 years and this is despite the fact that the bill was sponsored by the speaker of Nigeria’s House of Representatives and the number 4 citizen of the country. One would have thought with the profile, the bill should be making accelerated progress. The closest Nigeria is to a Data protection framework, is the Digital Rights and Freedom Bill which has been passed by both houses of Nigeria’s National Assembly and awaiting Presidential assent.

Frameworks must be put in Place

In Africa, only about 14 countries have a data protection law according to a report on Data Protection published by Delloite. The report further shows that in the whole of Anglophone West Africa, only Ghana has Data protection frameworks. While Nigeria’s process is ongoing, Liberia has no frameworks at all. Sierra Leone and The Gambia have some level of constitutional coverage which isn’t sufficient given new realities. Central Africa is worse. From the Central Africa Republic to Congo DR and Congo Brazzaville, South Sudan, and Cameroon, No frameworks! The EU General Data Protection Regulations (GDPR) is widely regarded as the most comprehensive — data protection framework in the world. And Nigeria’s and Kenya’s Data Protection Bill were modeled on the GDPR. The two countries definitely need whatever it takes to complete the ongoing process. This may be a low-hanging fruit within an African context while those countries that have not started the process now need to do so immediately.

Intermediaries need to do better

In the meantime, and while we examine what lessons are there for us in the Cambridge Analytica revelations, we must emphasize the paramount importance of the company’s responsibility to protect the data held in trust for their customers. Citizens’ data are openly advertised for political or business patronage in many countries in Africa and not many are worried by this trend. What we are seeing now is how the fundamental choice in elections is shaped by forces outside our territory. How we think we are in charge of our actions but are just a puppet to data manipulators who shapes our beliefs and choices in ways unknown to many. Many elections have been held in Africa in the last 12 months in Rwanda, Kenya, Angola, Liberia, and lately Sierra Leone. How much of this has their outcome been manipulated by technology or connivance with a technology company? Lately, blockchain technology was said to have been deployed in the recently held Sierra Leone elections. Although Sierra Leone authorities have denied this we do know there is no smoke without fire. The question isn’t about whether it is appropriate to embrace the use of technology to make better choices but that of attitude and disposition to the same and ensuring this is done right and is not manipulated to the unfair advantage of some. Technology must not be used to manipulate voters. The role of companies as intermediaries comes with huge responsibilities. African companies must develop and implement internal data protection guidelines and must not be subjected to the Government’s whims and caprices. In most African countries, security agencies have unfettered access to data being held by telcos and have connived with political leadership to infringe on the privacy rights of many citizens.

Fire Brigade Approach will not solve the problem

In the wake of the recent revelations, Facebook has suspended the account of Cambridge Analytica and the other companies connected to the scandal, but this is only typical of a fire brigade approach to the issue. It is the same way most countries around here react rather than proactively position to avoid breaches by failing to put frameworks in place.

It remained to be seen whether the African Government will now take the subject of data privacy more seriously. Now that we know that the email account of Nigeria’s President was hacked and his health record retrieved in the wake of the election that brought him to power, he shouldn’t really be needing anyone to convince him of the importance of signing into Law the Digital Rights and Freedom Bill passed by the Nigerian parliament and he should be mounting needed pressure on Nigeria’s parliament to complete the legislative process for the Data Protection Bill so he can assent that as well.