If you are like me, who has given up on Nigerian Journalists regarding their subject accuracy and innovation, I am sure this issue will be of interest to you.
A Police Officer arrested a wanted/suspected criminal, along with a young lady who was with him at the time of the arrest .
In cuffs, kneeling and in total humiliation, He asked her very many personal questions unrelated to the matter under investigation, including “Who dis-virgined you?”.Right there, and captured on video, which he later shared to boast and celebrate/project his prowess.
You see, the Police Officer may have violated the lady’s Fundamental Human Rights, and I am sure the Human Rights and Feminists etc will not spare them.
You see, The Nigerian Police as an Institution, with the Police man as an accomplice, may have violated the new “Nigerian Data Protection Regulation (NDPR)” .
We need some smart lawyers to test this law, and probably help make Nigeria a safer place, by assuring compliance by law enforcement officers.
Asking the young lady “who deflowered her?”, is collecting personal information. What effort was made to secure and protect the information and her identity, even when she has not been found guilty?
1. Is the Police force guilty of NDPR violation?
2. Do police officers know about the NDPR?
3. Who is the Data Controller for the Police?
4. Who is the police Data Protection Officer?
5. Who are the recipients and categories of recipient of these personal data?
6. How long will the data have been stored?
7. It is now permanently on youtube … How liable is the Police Force?
According to the NDPR:
2.13.6 Prior to collecting personal data from a Data Subject, the Controller shall provide the Data Subject with all of the following information:
a) the identity and the contact details of the Controller;
b) the contact details of the Data Protection Officer;
c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
d) the legitimate interests pursued by the Controller or by a third party;
e) the recipients or categories of recipients of the personal data, if any;
f) where applicable, the fact that the Controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Agency;
g) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
h) the existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
i) the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
j) the right to lodge a complaint with a relevant authority;
k) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the Data Subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
l) the existence of automated decision-making, including profiling and, at least, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the
m) Where the Controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information; and
n) where applicable, that the Controller intends to transfer personal data to a recipient in a foreign country or international organisation and the existence or absence of an adequacy decision by the Agency.
Credit: Sunday Folayan