WARNING: I’m about to sound weird.
Forces of limitation ensured that it didn’t occur to me that I could actually just write one, if I was so bent on the high that comes with privacy policies. And I have been stalling to put one together for my soon-to-be-launched social enterprise.
Yesterday, however, I decided to write one for this website and it was lit!
Starting at home, you have the Constitution of the Federal Republic of Nigeria which provides that “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.” (Section 37). Suffice to say that the draftsman probably did not envisage this right to be applicable to websites, but I’m thankful that the language is not restrictive because it does apply to every conceivable platform.
Let’s move to the International Convention on Civil and Political Rights which Nigeria acceded est. 1993. Article 17 provides that no one shall be subject to arbitrary or unlawful interference with his privacy…. This also falls within this scope.
In fact, in 2013, the United Nations General Assembly (and yes, Nigeria is represented in the G.A. est. 1960) passed a resolution (resolutions are to non-living corporate entities what decisions are to human beings) noting that the rapid pace of technological improvements will enable the use of ICTs which might enhance the capacity of government, individuals and companies to engage in surveillance, data collection and other privacy-infringing activities. So in that resolution , the Assembly called on all states to respect the right to privacy in the context of digital communications, to review procedures, practices and legislation that may enable surveillance and to ensure transparency.
There’s also the African Declaration on Internet Rights and Freedom which pointedly states that
- It’s short for General Data Protection Regulation;
- It comes into force on the 25th of May 2018;
- It basically regulates the use of personal data of its specific data subjects;
- The data subjects it envisages are EU residents;
- But don’t be deceived and think that because you run a Nigerian entity, you’re not captured;
- It also applies to you, as long as you process the data of EU residents; whether or not you’re in the EU or the processing takes place in the EU. As long as you offer good or services to those data subjects OR you’re monitoring a behavior that takes place in the EU, you are captured.
- What data you’ll be collecting
- What you will do with the data
- What you won’t do with the data
- Laws that you’re binding yourself to/obeying/letting guide you
Uh… are there are cool privacy policies we can emulate?
Oh sure. I’ve heard of one really cool one and it’s the one I drafted yesterday!
Check it out here
(P.S. It’s not foolproof! It’s probably more fool than it’s proof 😀 )