A Civil Society Organisation (CSO), Law and Rights Awareness Initiative (LRAI), has dragged the National Identity Management Commission (‘NIMC’) before a Federal High Court sitting in Abeokuta, Ogun State over its decision to ditch plastic national ID cards in favour of digital identification cards.
In Suit No. FHC/AB/CS/79/20 filed by Olumide Babalola, its counsel, LRAI seeks a declaration that the right to privacy as guaranteed under Article 1.1(a) of the Nigeria Data Protection Regulation 2019 (‘NDPR’) and section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended) was likely interfered with by the NIMC’s processing of digital identity cards in its NIMC app.
The suit also seeks an order of perpetual injunction against the NIMC to halt them from releasing more digital identity cards of the NIMC or any other platform prior to an external independent review of the safety and security of the NIMC’s app.
It argues that the NIMC software was not secure and would breach the rights of Nigerians to privacy under Section 37 of the Constitution adding that NIMC also failed to file a data protection compliance audit report with the National Information Technology Development Agency (NITDA) before uploading the personal data of Nigerians on “their insecure software application.
One Adedayo Ade-Rufus, who deposed to an affidavit in support of the suit, alleged that “barely 48 hours after the release of the software by the respondent, Nigerian data subjects started complaining on social media about data breach and malfunctioning of the respondent’s software application as well as the leakage of their personal data to the entire world.
He said the CSO suit was motivated by the complaint of Daniel John whose personal data were amongst those uploaded by NIMC “on a software application that can be downloaded on android and IOS devices”.
Ade-Rufus said, “The respondent’s insecure software is in violation of its obligation to secure personal data against all hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
“The respondent’s processing of Daniel John’s personal data, including sensitive data, with an insecure software application threatens his right to private and family life.
“The Respondent’s continuous processing without an external audit will further interfere with Daniel John’s right to privacy.”
The CSO is praying the court to, among others, issue “a perpetual injunction, restraining the respondent from further releasing digital identity cards on their software application (NIMC app) or any other platform pending the independent report of external cyber security experts on the safety and security of the Respondent’s applications.”