Nigeria’s telecommunications industry grapples with new privacy concerns
The Nigerian Communications Commission (NCC) has refuted media reports which claim that subscribers to telecommunications services would be required to submit their International Mobile Equipment Identity (IMEI) number from 1 July 2021.
It is understood that media reports have emerged based on a section of the Revised National Identity Policy for SIM Card Registration recently launched by Nigeria’s president, Muhammadu Buhari.
According to a statement released by the NCC, the regulator denied any intention to demand subscribers’ IMEI details. Instead, it said it is in the process of deploying a Device Management System (DMS) that will essentially protect subscribers against phone theft and will identify and enable the elimination of fake devices from telecom networks.
The NCC added that subscribers will not be required to register their IMEI with their networks.
“The system will capture IMEI automatically without any requirement for subscribers to submit the same,” the regulator stated.
Nigerian tech developer, Michael Ajah, said the unfolding situation reflects reluctance on the part of mobile network operators to share data with the regulator.
“Network providers already have the IMEI number of any device on their network. It's an essential part of communication between phones and cell towers,” said Ajah.
Ajah added that opposition to the IMEI number request stemmed from the government’s policies that compelled subscribers to register for their National Identification Numbers (NIN) and to connect the details with their SIM registration information with the operators and regulators. This was aside from the Bank Verification Number (BVN) policy of the government.
“BVN, NIN … now you want to add IMEI. If you cannot fix the problem with NIN, do you think you can use IMEI to resolve it? If it helps improve security, no problem, I am not against it. But if it is used to track unsuspecting citizens then it’s a serious privacy violation. And an android phone's IMEI can be changed. So it's not even a full-proof measure,” said Ajah.
According to the policy, WhatsApp will share information about the users on their platform with their parent company (Facebook), as well as other Facebook companies.
The details to be shared include transaction data, service-related information, information on how WhatsApp users interact with others (including businesses) when using WhatsApp services, mobile device information, and IP address.
“The Federal Government released the Nigeria Data Protection Regulations (NDPR) in 2019 and is committed to upholding the data privacy of Nigerians. We are also aware that the European region is exempt from the provisions of the updated Policy and it is also being challenged in a number of countries,” the Minister stated.
While assuring Nigerians that the government has prioritised the privacy of their data, the Minister directed Nigeria’s National Information Technology Development Agency (NITDA) to engage with Facebook “to understand the processes, level of security, etc. of the data of Nigerian users in order to ensure that policies proposed for Nigeria strictly adhere to the provisions of NDPR”.