My professional route in the United Kingdom has been a challenge that I have been facing each day. I have come across diverse fields to practice law as a legal practitioner in the United Kingdom wherein earlier, being a part of the Supreme Court of the Federal Republic of Nigeria, was altogether a different route than I had been earlier. My intent to learn and practice law as a world-class attorney has always been my dream which has put me here in the United Kingdom to pursue my master's in this famous institution. My core subject is Information Technology and specialize in Artificial Intelligence. This has played a major role in the current generation including individuals and corporates. Artificial Intelligence has been a boon to society keeping in mind the vulnerability that needs to be ensured at every step.[1] For such reasons, I believe that corporate entities ensure data protection that prevents corruption of critical information, conciliation, or the tendency of being lost. The quantity of generation of data seems to continue to expand at unprecedented rates leading to an increased growth of the need for data protection. There is also minimal tolerance for the downtime that might make necessary access to critical information impossible. As an outcome, the need to ensure that the data can be recovered rapidly after the corruption or the loss is an important aspect of the strategy of data protection. Data protection seems to include the safeguarding of data against compromises and the preservation of data privacy.[2] I have now come across that the main principles of data protection are to protect and make data available in all circumstances.
My curriculum in the United Kingdom has introduced me to the GDPR which has superseded all data privacy standards and the lifestyles have evolved since then, with people habitually revealing their personal information freely online.[3] In the context of the EU, I believe GDPR has created for harmonizing data privacy regulations across all of its member nations while also giving individuals better protection and rights. For me, GDPR is a legend for the manner in which the system has changed companies and other organizations like Google and Meta in their management of the personal information of individuals.[4] Being found in violation of the regulations would lead to significant penalties and reputational harm. This rule makes significant modifications while building on existing data protection concepts. It resulted in the data protection community, including the UK information commissioner that compared GDPR to an evolution rather than a full reform of rights.[5]
From my childhood till the time I last worked with the Nigerian Bar, I had been associated with laws that were easy to grasp and understand. I now can relate my understanding of the Information Technology law in Nigeria wherein data protection is solely on the basis of the fundamental right to privacy having been enshrined in Section 37 of the Federal Republic of Nigeria Constitution of 1999.[6] The major data protection legislation of Nigeria is the Nigeria Data Protection Act 2023 ('NDPA') which became law on June 12, 2023 and has been in force ever since then. However, I studied the times wherein the Nigerian Data Protection Policy, 2019 ('NDPR') was the go-to data protection policy. Fortunate enough to say that it is still enforceable, but considered a secondary law, and there is no official body for supervising the data protection. The NDPR served as a stopgap until the NDPA was enacted. In order to help with supervision temporarily, the Nigerian Government established the Nigeria Data Protection Bureau ('NDPB') and transferred the data protection role along with the existing regulations or guidance having been issued to the NDPB.[7] From my perspective, there was a requirement for legislative support to the NDPB, but with the passage of the NDPA, the Nigeria Data Protection Commission was established to monitor data protection in Nigeria, and the 2022 anomaly was solved.
I am residing in the UK for a few months and coping with my course curriculum wherein I learned that the individual data subjects' rights under the GDPR and Part 3 of the DPA 2018 is law enforcement processing. I see every individual in the United Kingdom has certain rights to their personal data under the GDPR. In all for the general data processing as per the UK GDPR, the rights to access personal data have been kept about them, along with the right to be informed about how and why their data shall be used and should provide them with privacy information.[8]
I also believe that the right to have personal data has been corrected, some been deleted, or limited, as the right to object and the right to data portability. My interests have also come across the data subjects wherein the right to seek deletion, correction, or limitation of the processing of personal data is as per Articles 16, 17, and 18 of the GDPR. In case I have shared information with other organizations like Google and Meta, I should notify them of the rectification, deletion, or limitation of personal data as under Article 19 of the UK GDPR, unless this proves impracticable or entails excessive effort. In case of being questioned, I will ensure to also notify the individuals about the groups with whom I have earlier shared my data.[9]
In the past 20 years of residing in Nigeria, I had the basic understanding that an obligation includes a correlative right, indicating that if one party has an obligation, another party has a correlative right. Nigeria has the duties of Data Controllers and Processors under the privacy laws, wherein it is necessary to discuss the statutory rights of data subjects under the Nigeria Data Protection Act.[10] Being a former resident and a legal practitioner for four years, I could know my rights including:
I agree that the right to privacy and data protection has emerged in Nigeria as one of the most pressing worldwide issues. The idea of "privacy" has been universally recognized as a basic human right, as evidenced by the wording of international agreements and state laws. In my country, Section 37 of the Federal Republic of Nigeria 1999 , the Constitution ensures the individual's right to privacy within the home and correspondence.[11] Through this, every individual has the sole right to be left alone or to be free of unjustified intrusion.
In Nigeria, an overall gesture for every organization is that I believe that no organization likes to be in the news for the wrong reasons. Corporates have lately realized about unfair, unexplained, or biased AI that they need to beware of. Organizations like Google and Meta preserve people's privacy while still fostering trust. Incorrect or biased acts based on erroneous data or assumptions can lead to litigation and mistrust among customers, stakeholders, stockholders, and employees.[12] Ultimately, this might harm the reputation of Google and Meta and result in lost sales and earnings. Furthermore, I take pride in ethics over all things. For me, the necessity to drive ethical judgments should favor one group over another and necessitate the fairness and recognition of biases during data collection, model development, deployment, and monitoring. The Fair choices also require the ability to adapt to changes in behavioral patterns and profiles, which might necessitate model retraining throughout the process of the AI lifecycle.[13]
I will now contrast the scenario with the UK GDPR wherein the current legislative framework for data protection in the UK includes certain provisions for safeguards that are critical to protect individuals and communities from possible AI hazards. In the UK, the Data Protection and Digital Information Bill is considered a deregulatory initiative that focuses on reducing the burden of complying with the data protection regulations on businesses.[14] This seems to broaden the legal justifications for the data collection and processing, along with the elimination of restrictions including the necessity for conducting the impact of data protection on assessments when high-risk processing is performed and lowers present individual rights.[15] Furthermore, Article 22 of the GDPR presently forbids companies from making judgments about individuals with 'legal or comparably substantial' consequences on the basis of automated processing, which is considered a critical precaution in the context of AI.
I have come across certain rights in the UK wherein the Government proposed the framework's dependence on current legislation and the regulators making it more critical that underlying regulation like that of data protection seems to control the AI effectively.[16]
My nexus with the administration setup of Nigeria makes me confident that the main focus is on the key concepts in the context of AI systems, along with the accompanying rights and duties. These fundamental aspects tend to form the basis of a future legally obligatory national AI policy for Nigeria. While such principles, rights, and mandates are defined in a way that is applicable across sectors, they can be harmonized with a sector-specific methodology.[18] This approach might include non-binding regulatory instruments such as sectorial guidelines or assessment checklists as contextual requirements. The administration tends to maintain the value of human dignity and is considered the heart of all human rights. This notion recognizes the intrinsic worth of every individual solely based on their humanity. Human dignity is considered to be an inherent and intrinsic right. As an outcome, even when circumstances justify limiting a human right, the protection of human dignity takes precedence.[19] This emphasizes the need to maintain the dignity of humans who interact with or are influenced by AI systems during their development, progress, and use. Every citizen and I should be considered as ethical creatures rather than as things to be classified, assessed, predicted, or controlled. In such context, I will contrast that there is a need for Nigerian laws and regulations to ensure that only people perform duties that would be in violation of human dignity if performed by robots.[20] In cases of doubt, Nigerian laws and regulations should require those using AI systems to expressly warn individuals that they are interacting with an AI system rather than a human being.
In Nigeria, the technologies of Artificial intelligence have been integrated into the security and protection frameworks having the ability to reduce hazards to humans, the environment, and networked systems. However, the implementation of AI systems raises the risk of misuse and tends to have a negative influence on persons, society, and the environment. The prevention of damage is a core premise, with a special emphasis on safeguarding human rights, supporting democratic values, and upholding the rule of law.[21] The protection of physical and emotional well-being shall be critical, particularly for individuals who are more vulnerable. Notably, attention seems to be essential in circumstances where AI applications tend to worsen the existing disadvantages due to power or information discrepancies. On the other hand, I will contrast that Nigerian regulators should insist that developers and implementers of AI systems include safeguards to prevent physical or mental harm to persons, society, and the environment. Strategies are necessary to include the making of potentially dangerous AI systems or provide explicit instructions to stop the use and propose alternative AI-free choices.[22] Therefore, it is the responsibility of Nigerian regulators to guarantee that comprehensive safety, security, and resilience requirements are integrated throughout AI systems, to which developers must conform.[23] Lastly, there is a need for all regulatory authorities in Nigeria to guarantee that AI systems are designed and implemented in a sustainable manner.
In my knowledge, the main contextual cases in Nigeria are primarily the famous case of Incorporated Trustees of Laws and Rights Awareness Initiative v. Zoom Video Communications Inc (FHC/AB/CS/53/2020) wherein a suit filed on behalf of the NGO by the firm of Olumide Babalola LP, the Applicant was sued on behalf of its members, alleged that Zoom stated in their privacy policy that it is a data processor rather than a data controller and that its privacy policy violates the provisions of the Nigeria Data Protection Regulation 2019 and is thus liable to be fined by the supervisory authority.[24] The serving of the originating procedures on Zoom at its California headquarters has proven impractical due to the COVID-19 outbreak, the Court ordered the processes to be served on them by email in order to put them on notice of this complaint. The case has been rescheduled until July 16th for further proceedings.
Secondly, the famous case of Digital Rights Lawyers Initiative v. National Youth Service Corps (NYSC) (FHC/IB/98/2020) wherein the Digital Rights Lawyers Initiative filed this lawsuit against the National Youth Service Corps ('NYSC') in 2020.[25] The claimant claims that the NYSC published and sold a yearbook containing personal information about Corp members without their consent, and she is seeking a declaration that the processing of Corp members' photos and other personal data violates Section 37 of the Constitution and Section 2.1(a) of the NDPR. The case is currently before the court, and no ruling has been made.
I have come across relevant cases in the UK as the famous Johnson v MDU [2007] wherein Lord Justice Buxton decided that there was "no compelling reason to think that 'damage' has to go beyond its root meaning of pecuniary loss" and that "damage" under Section 13 of the DPA meant just pecuniary loss and did not include anguish. In this instance, however, the Court of Appeal determined that what was said in the case about the right reading of section 13 of the DPA was obiter dictum and not binding on the Court.[26]
The second famous case as per my understanding is Douglas v Hello! Ltd. (2006) wherein the characterization was that the incident of the Breach of Confidentiality occurred rather than Misuse of Private Information.[27] The Court of Appeal ruled that the views were obiter and agreed with the High Court that abuse of private information should be acknowledged as a tort capable of supporting a class action and serving out the jurisdiction. The Court determined that this does not create a new cause of action, but rather assigns the proper legal designation to one that already exists.
In the context of the European Union, the famous case is the Commission of the European Communities v United Kingdom of Great Britain and Northern Ireland 2007 wherein the Commission charged the United Kingdom for failing to properly implement Directive 76/207.[28] The Commission's argument is that the legislation passed in the United Kingdom does not declare that elements in any collective agreement that are contradictory to equal treatment are void. Private residences and the practice of midwifery are likewise exempt under UK law. The Court ruled that the UK had failed to satisfy its treaty commitments.
I felt that my sensible approach is to specify that the employer shall be accountable for the damage produced by AI to the employee along with the health and safety circumstances while employing it. As per Article 5 (4) of Directive 89/391/EEC , the employer has full rights to avoid the responsibility only if the incident in question was caused by extraordinary and unforeseeable circumstances beyond the employer's control, or by exceptional causes that could not have been avoided despite the exercise of due diligence. However, the employer must establish that any of the aforementioned conditions are met. Therefore, the employer must respond to individual incidences, implement relevant measures and preventative activities, and implement a consistent prevention program.
I am more oriented toward the protected data of Nigeria that ensure the safety of various type data sensitive personal data. Both the personal and sensitive personal data are covered by the Act. The law defines personal data as "any information relating to an individual, who can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social, or economic identity of that individual." Section 30 (2) of the Act proposes a broad, flexible definition of sensitive personal data by granting the Commission the authority to regulate additional categories of sensitive personal data.[29] The processing of sensitive personal data is likewise prohibited under the Act unless certain circumstances are satisfied.
Whereas in the United Kingdom, I see the enforcement of the General Data Protection Regulation as widely regarded as having established, in principle, a very high degree of personal data protection applicable to huge swaths of the socio-technological environment. The GDPR aims to entrust and empower Data Protection Authorities (DPAs) to ensure 'strong enforcement' of these rules (Recital 7).[30] Furthermore, Article 83 requires DPAs to levy 'effective, proportionate, and dissuasive' fines of up to €20 million or 4% of annual global turnover (whichever is greater), and Recital 148 specifies that fines should be imposed for any infringement unless it is minor or involves a disproportionate burden on a natural person, in which case a reprimand may be issued instead.[31] Thereafter, the rule on data protection applies to every workplace, commercial operation, society, group, club, and business of any kind.
From the above scenarios, I stress more on the effectiveness of the laws of the United Kingdom. I am surprised and astonished to see that the nation focuses on the core and brings solutions to every concern that might cause issues and ensure the smooth functioning of businesses of corporates like Google and Meta. Therefore, the United Kingdom has integrated and advanced regulations and securities for the betterment of the nation in terms of virtual storage and Artificial Intelligence.
Douglas v Hello! Ltd (No 8) (CA )
Commission of the European Communities v United Kingdom of Great Britain and Northern Ireland 2007
Johnson v MDU [2007]
Digital Rights Lawyers Initiative v. National Youth Service Corps (NYSC) (FHC/IB/98/2020)
General Data Protection Regulation
Nigeria Data Protection Regulation 2019
Data Protection and Digital Information Bill
Walters R, ‘Definitions Personal Data—Information’ [2023] Cybersecurity and Data Laws of the Commonwealth 75
Erdos D, ‘Special, Personal and Broad Expression: Exploring Freedom of Expression Norms under the General Data Protection Regulation’ (2021) 40 Yearbook of European Law 398
Erdos D, ‘Special, Personal and Broad Expression: Exploring Freedom of Expression Norms under the General Data Protection Regulation’ (2021) 40 Yearbook of European Law 398
Moerel L, ‘Big Data Protection. How to Make the Draft EU Regulation On Data Protection Future Proof’ (2018) 3 SSRN Electronic Journal http://dx.doi.org/10.2139/ssrn.3126164
Ekhator EO, ‘The Impact of the African Charter on Human and Peoples’ Rights on Domestic Law: A Case Study of Nigeria’ (2015) 41 Commonwealth Law Bulletin 253
Ke TT and Sudhir K, ‘Privacy Rights and Data Security: GDPR and Personal Data Markets’ (2023) 69 Management Science 4389
Zubair HF, ‘Statutory and Regulatory Framework for Data Protection in Nigeria and United Kingdom’ (2021) 3 SSRN Electronic Journal
Nwankwo IS, ‘Information Privacy in Nigeria’ [2016] African Data Privacy Laws 45
Gulati R and Wohlgezogen F, ‘Can Purpose Foster Stakeholder Trust in Corporations?’ (2023) 8 Strategy Science 270
Khan F and Mer A, ‘Embracing Artificial Intelligence Technology: Legal Implications with Special Reference to European Union Initiatives of Data Protection’ (2023) 3 Digital Transformation, Strategic Resilience, Cyber Security and Risk Management 119
Andrew J and Baker M, ‘The General Data Protection Regulation in the Age of Surveillance Capitalism’ (2019) 168 Journal of Business Ethics 565
Malgieri G and Comandé G, ‘Why a Right to Legibility of Automated Decision-Making Exists in the General Data Protection Regulation’ (2017) 7 International Data Privacy Law 243
Kitschelt H and Wilkinson S, Patrons, Clients, and Policies: Patterns of Democratic Accountability and Political Competition, vol 4 (2nd edn, Cambridge University Press 2017)
Ashri R, The AI-Powered Workplace How Artificial Intelligence, Data, and Messaging Platforms Are Defining the Future of Work (Apress 2020)
Gupta S, Banerjee I and Bhattacharyya S, Big Data Security (De Gruyter 2019)
Gandy OH, The Panoptic Sort a Political Economy of Personal Information (Oxford University Press 2021)
Shikyil SS and others, Readings on Developments in the Nigerian Legislature (The National Secretariat of Nigerian Legislatures, National Assembly 2021)
Lalic B and others, Advances in Production Management Systems. the Path to Digital Transformation and Innovation of Production Management Systems IFIP WG 5.7 International Conference, APMS 2020, Novi Sad, Serbia, August 30 - September 3, 2020, Proceedings, Part I, vol 3 (1st edn, Springer International Publishing 2020)
Orji UJ, Telecommunications Law and Regulation in Nigeria, vol 4 (2nd edn, Cambridge Scholars Publishing 2018)
Tauringana V, Environmental Reporting and Management in Africa, vol 5 (3rd edn, Emerald Publishing Limited 2019)
Jotterand F and Ienca M, Artificial Intelligence in Brain and Mental Health: Philosophical, Ethical and Policy Issues, vol 4 (1st edn, Springer 2022)
Burgess M, ‘What Is GDPR? The Summary Guide to GDPR Compliance in the UK’ (WIRED UK, 24 March 2020)
‘The Rights of Individuals’ (ICO, 2021)
‘Legal Framework’ (ICO, 2021)
Nyirenda-Jere T and Biru T, ‘Build, Promote, and Defend the Internet - Internet Society’ (Internet Society, 2017)
Olayiwola W, ‘Draft Africa Climate Change Strategy 2020 - 2030’ (Economic Commission of Africa , 2021)
‘Nigeria - Data Protection Overview’ (Data Guidance, 14 September 2023)
‘Data Privacy Protection: Stakeholders Call for Holistic Regulatory Framework’ (Tribune Online, 31 May 2022)
‘Johnson v Medical Defence Union [2007] EWCA Civ 262’ (Thomson Reuters Practical Law, 2022)
‘Douglas v Hello! Ltd (No 8) (CA)’ (5RB Barristers, 23 October 2021)
‘Lex - 62011CJ0530 - En - EUR-Lex’ (EUR-Lex, 2020)
You Might Also Like:-
How Does Machine Learning Work?
1,212,718Orders
4.9/5Rating
5,063Experts
Turnitin Report
$10.00Proofreading and Editing
$9.00Per PageConsultation with Expert
$35.00Per HourLive Session 1-on-1
$40.00Per 30 min.Quality Check
$25.00Total
FreeGet
500 Words Free
on your assignment today
Request Callback
Doing your Assignment with our resources is simple, take Expert assistance to ensure HD Grades. Here you Go....
🚨Don't Leave Empty-Handed!🚨
Snag a Sweet 70% OFF on Your Assignments! 📚💡
Grab it while it's hot!🔥
Claim Your DiscountHurry, Offer Expires Soon 🚀🚀