Nigeria’s new investment law grants the Securities and Exchange Commission (SEC) the authority to request user data from telecommunications companies as part of its regulatory oversight. The law, which aligns with the government’s efforts to strengthen financial transparency and combat illicit activities in the investment sector, empowers the SEC to obtain call records, messages, and other telecom-related data when investigating securities violations.
The enactment of Nigeria’s investment law raises significant concerns about privacy, regulatory overreach, and potential abuse. While governments worldwide access telecom records for law enforcement and national security purposes, Nigeria’s new framework lacks the judicial oversight seen in more established democracies, making it vulnerable to misuse.
This move is potentially a part of a broader pattern. Nigeria has a history of leveraging telecom data in ways that threaten personal freedoms, often without proper accountability. The move also raises questions about its alignment with global best practices and the potential for violations of citizens’ constitutional rights.
Nigeria’s use of telecom data for surveillance has been a recurring issue. In 2018, journalist Samuel Ogundipe was arrested after security agencies accessed his call records without a warrant, tracking his location and detaining him over a report he published. This was not an isolated incident. Law enforcement agencies have repeatedly used telecom data to monitor critics, activists, and opposition figures, often bypassing legal safeguards.
Reports have also emerged that the Defence Intelligence Agency (DIA) acquired equipment capable of intercepting calls and text messages, further fueling concerns about unauthorized surveillance. This raises critical questions about whether regulatory bodies like the SEC could extend their reach beyond investment-related investigations into broader, unchecked data access.
Notably, many countries allow government agencies to access phone records, but they do so under strict legal conditions.
In the United States, the USA PATRIOT Act initially enabled the mass collection of telecom data, but after the Snowden revelations in 2013, reforms were introduced through the USA FREEDOM Act. Now, U.S. agencies must obtain a court order to access specific phone records, and bulk data collection by the government has been curtailed.
The United Kingdom’s Investigatory Powers Act (IPA) 2016, known as the “Snooper’s Charter,” grants intelligence agencies access to telecom data but includes judicial and ministerial oversight. Despite these safeguards, the law has been challenged in court, with rulings emphasizing that indiscriminate data collection violates privacy rights.
The European Union, through its General Data Protection Regulation (GDPR), places heavy restrictions on government access to personal data, including telecom records. Authorities must prove proportionality and necessity before requesting such information. Even in countries with metadata retention laws, strict privacy safeguards are in place to prevent abuse.
On the other end of the spectrum, China and Russia operate under laws that grant broad, warrantless access to telecom data. China’s Cybersecurity Law and Russia’s Yarovaya Law require telecom companies to store call records, texts, and even internet browsing data for long periods, with little to no independent oversight. Critics argue that these laws enable state surveillance and suppress dissent.
Nigeria’s new investment law appears to align more closely with the Chinese and Russian model rather than the legal frameworks of the U.S., U.K., or E.U. The most concerning aspect is the absence of clear judicial oversight. Unlike in the U.S. or U.K., where a court order is required to access telecom records, Nigeria’s SEC may obtain user data without a well-defined legal check.
This potentially raises several critical questions:
•Who within the SEC has the authority to request telecom data?
•What independent oversight mechanisms exist to prevent misuse?
•Are there penalties for unauthorized or excessive data collection?
•Will affected individuals be notified if their data is accessed?
In a country where security agencies have previously misused telecom data to track journalists and political opponents, the lack of transparency in this new law poses a serious risk. The Nigerian Communications Act of 2003 already allows service providers to assist authorities in preventing crime, but it has been criticized for enabling warrantless data collection. The Cybercrimes (Prohibition, Prevention, Etc.) Act of 2015 similarly mandates telecom companies to retain subscriber information for two years, allowing law enforcement access upon request—yet it fails to outline clear safeguards against abuse.
While regulatory oversight is necessary for ensuring a stable investment climate, unchecked access to telecom data could erode public trust and discourage investment – the very outcome this law seeks to prevent.
To strike a balance between regulatory needs and individual privacy, Nigeria must:
1.Establish transparent guidelines that define the scope and limits of data access by regulatory bodies.
2.Implement judicial review mechanisms, ensuring that all requests for telecom data are subject to legal scrutiny.
3.Introduce accountability measures that penalize misuse of telecom data by government agencies.
4.Align its policies with global best practices to prevent potential human rights violations.
Nigeria’s new investment law represents a significant shift in regulatory power, but without the necessary checks and balances, it risks becoming a tool for surveillance rather than economic oversight. If the government is serious about fostering investor confidence, it must ensure that its regulatory actions do not infringe on citizens’ rights. Otherwise, Nigeria may find itself on a path where privacy is compromised under the guise of economic progress.
