Hey there! Welcome to another edition of the Privacy Note.
In this edition we will be looking at what the NDPR says about the Transfer of Personal Data outside Nigeria.
So, can organizations transfer data to locations outside Nigeria? Yes! What then needs to be done to ensure such transfer is compliant with the requirements of the regulation?
But before we go into the crux of today’s edition, let us take a look at a certain trend which closely borders on the international transfer of personal Data; Targeted Advertisements
It is also possible that your Personal Data may have been transferred (sold or exchanged for some benefit) across border to foreign businesses who then send targeted adverts to you. The NDPR has provisions to ensure that no Data Controller can arbitrarily transfer or exchange your Personal Data without a Legal Basis, especially without your consent.
One core principle of the NDPR on foreign transfer of Personal Data is that the foreign country where your Data is to be transferred to must have an adequate level of Data protection regulation and enforcement. The Attorney General of the federation is tasked with supervising the accreditation of foreign countries as fit for the transfer of Personal Data. In doing this Attorney General shall pay particular attention to such country’s respect for the rule of law and human rights amongst other things.
However, a foreign transfer of Personal Data may as well take place without the supervision of the Attorney General. The NDPR provides for the following exceptions:
- Where you have explicitly consented to the transfer; this is the most common method used by Data Controllers. Once again, ensure you take time to read the privacy policies before interacting with different platforms because the permission for consent would usually be inserted into the policy.
- Where the transfer is necessary for the performance of a contract with you or which is performed in your favor.
- Where the transfer is necessary for reasons of public interest.
- Where the transfer is important for the protection of your vital interest!
For further reading and a broader understanding, reference can be made to Article 2.11 (a-e), 2.12(a-f) of the NDPR.
That’s it for this week’s edition of Privacy notes folks! Now that you know those Jumia Ads are not magic (Lol), maybe you’d take a little time to read those long annoying privacy notices before clicking ‘I Accept’. Take a look at the cookies policy, you would usually have the liberty to select the cookies you approve of or none at all. Be safe, relax and enjoy the last weekend for the month of April.
See you next week.