Laws and Rights Awareness Initiative, a non-governmental organization, has sued the National Identity Management Commission over the agency’s plan to replace the plastic national ID cards with digital identification.
Laws and Rights Awareness Initiative, formerly known as Know Your Constitution Initiative, on Monday approached the Federal High Court in Abeokuta, Ogun State, to compel the NIMC to stop the digital identification cards being introduced by the agency.
NIMC said last week that it was discarding its plastic ID cards for digital identification. But within a few days after that announcement, LRAI said there had been reports of identities being compromised.
LRAI argued that NIMC’s software lacked the security to prevent breaches on the rights of Nigerians to privacy, citing Section 37 of the Constitution.
Olumide Babalola, Managing Partner at Olumide Babalola LP, and counsel to LRAI informed the court that NIMC had failed to conduct a Data Protection Impact Assessment prior to before embarking on the digital identification project.
He said that LRAI sought a declaration that the right to privacy as provided for under Article 1.1(a) of the Nigeria Data Protection Regulation 2019 (‘NDPR’) and section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended) had possibly been interfered with by the NIMC’s processing of digital identity cards in its NIMC app.
He contended that the NIMC had failed to file a data protection compliance audit report with the National Information Technology Development Agency (NITDA) before uploading the personal data of Nigerians on “their insecure software application.”
Adedayo Ade-Rufus deposed to an affidavit to support the suit declared that “barely 48 hours after the release of the software by the respondent, Nigerian data subjects started complaining on social media about data breach and malfunctioning of the respondent’s software application as well as the leakage of their personal data to the entire world.”
According to him, the suit followed a complaint by complaints by Daniel John, whose personal data he said were among those uploaded by the NIMC “on a software application that can be downloaded on android and IOS devices.”
“The respondent’s insecure software is in violation of its obligation to secure personal data against all hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damaged by rain, fire or exposure to other natural elements.
“The respondent’s processing of Daniel John’s personal data, including sensitive data, with an insecure software application threatens his right to private and family life.
“The Respondent’s continuous processing without an external audit will further interfere with Daniel John’s right to privacy.”
He added that LRAI was asking for “a perpetual injunction, restraining the respondent from further releasing digital identity cards on their software application (NIMC app) or any other platform pending the independent report of external cybersecurity experts on the safety and security of the Respondent’s applications”.
