Digital Rights refer to the rights of access and control of digital information. It has also been extended to include the rights to copyrighted information (for example films, VJ loops, music, images etc.) available on the Internet. The need for the recognition of digital rights spurred from the sudden evolution and development of the Digital Age in the twenty-first century. With the overwhelming influx of digital information, ease of access and reproduction of such information, it has become imperative to have a digital rights protection policy, or law at best. Anything short might occasion the violation of certain human rights laws with impunity, and without remedies of any sort to the victim.
The jurisprudence of Digital Rights Protection sets out to protect the personal fundamental rights of Expression, Assembly, and Privacy, as well as the intellectual propert\ny rights of the author of a copyrighted digital product. The focus of this paper, however, is to examine the implications of certain digital activities on the fundamental right of privacy. In succeeding paragraphs, the writer examines digital rights protection policy, in relation to the common law principle of Reasonable Expectation of Privacy. The writer also examines the provisions of relevant laws on digital protection in Nigeria.
The Meaning and Scope of the Right to Privacy
According to the Oxford Dictionary of Law, privacy is ‘the right to be left alone and to keep certain matters secluded from public view’. It has also been defined ‘as a legal person’s fundamental right or ability to decide what and to what extent can matters which are of personal or familial concern to him be publicized or communicated to others; especially without arbitrary or unsolicited interference from others’. It extends to the privacy of communication, privacy of home and family life, as well as protection from unwanted environmental agents like noise or trespassers.
The right to privacy has received international recognition, resulting in its inculcation into international laws. For instance, Article 12 of the Universal Declaration of Human Rights 1948 provides that:
…no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Provisions of similar effect are contained in Article 17 of the International Convention on Civil and Political Rights and Article 8 of the European Convention on Human Rights.
In Nigeria, the application of the right to privacy is essentially determined by the provisions of Chapter IV of the 1999 Constitution of the Federal Republic of Nigeria. Section 37, which bestows this right on all citizens, provides that, the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.
A cursory look at the foregoing provisions as well as other similar provisions evidences no controversy as to the fundamental status of the right to privacy. However, as expected, the right to privacy has certain limitations. In the UDHR, privacy rights only imply protection from arbitrary interference. Certain interferences may be warranted by law and necessary for the common good. By an application of Article 12, interferences like police search under warrant, the application of Anton Pillar injunctions, an order of the court to produce a criminal defendant’s telephone conversation, would not be considered as unlawful violation of a person’s privacy.
In the Nigerian context, asides the application of the limitations on international human rights contained in international statutes to cases of privacy violations of foreigners residing in Nigeria, the limitations to the right of privacy of citizens are expressly spelt out in Section 45 of the 1999 Constitution. Section 45 of the 1999 Constitution of Nigeria recognizes as valid any law, statutory or judicial, which, though limits or derogates the right to privacy, is made in the interest of public safety, public defence, public order, morality or public health or in the protection of the rights of others. As will be shown later, cases abound in Nigeria where digital privacy has been encroached arbitrarily, unlawfully and without the operation of any of the recognized limitations.
Digital Activities: Privacy Violation Implications
With global ease of access and reproduction of digital information, it has become very seamless to violate the right to privacy of persons. It takes only the stroking of few keys and icons! This then begs the question as to whether the fundamental right of privacy as enshrined in the international Instruments and national Constitutions should be extended to cover data privacy. Some may argue on the other hand that the cyberspace offers an enabling environment for the easy access and reproduction of information and that since internet users are aware of this flexibility, they could not be said to have reasonable expectation of privacy. While the writer is going to prove the invalidity of this latter argument later on, it is imperative to examine practical instances of privacy invasion through digital activities.
1. Publication of private information without consent
Under the British common law, there is the recognition of Information Privacy as a right under the law of torts. However, in a bid to protect the freedom of expression of other persons, as well as the freedom of the press, the application of the tort has been limited to cases of Breach of Confidence. Under the common law, breach of confidence is the unauthorized disclosure of confidential information. It affords a cause of action only where some personal information revealed to a person in confidence has been disclosed without prior consent of the victim who has reposed trust in another.
By way of application to digital activities, it would be a breach of confidence to publish confidential information of a person received by another through digital means, without the prior consent of the person who has given such information. In concrete terms, imagine that Ms. ABC, a Nigerian, has travelled out of her home country. While overseas, she contacted her family doctor, Dr. XYZ and disclosed to him that she had just been confirmed to be HIV positive. The means of communication is the WhatsApp private chat platform. Just as it would have been breach of confidence for Dr. XYZ to go to the press or publicize verbally the HIV status of his patients to third parties, it will also be breach of confidence for him to publish the same piece of information on his WhatsApp status or any other digital platform.
However, there exists, two (2) questions about privacy which common law leaves open-ended:
First, whether or not the violation of a person’s privacy should be treated as a matter of tortious liability or as a breach of fundamental human rights; and
Secondly, whether or not there will be privacy violation where pieces or items of digital information in public view are reproduced for personal use without the prior consent of the owner of the information.
The ground is not settled at common law as regards whether privacy violation should be treated as a breach of fundamental human rights or as a cause of action in tort. In the case of Woodward v Hutchinson, a case involving breach of privacy bothering on publication of private information, Lord Denning, MR. held:
“…in these cases of confidential information, it is a question of balancing the private interest in maintaining the confidence against the public interest in knowing the truth.”
More often than not, however, it is in the public interest in knowing the truth that prevails. The fear of the British Parliament was that legislation on privacy could result in considerable restraint on free speech and result in unprecedented litigations.
Suffice it to say that outside the scope of digital privacy, Britain does not have any statutory law on privacy neither does it legally recognize privacy as a fundamental human right. However, Article 8 of the European Convention on Human Rights recognizes the right to privacy. The article provides that:
“Everyone has right to respect for his private and family life, his home and his correspondence”, subject to certain restrictions that are “in accordance with law”.
The European Court has on several occasions held for the protection of persons’ right to respect for their privacy. A useful case is Von Hannover v. Germany. Princess Von Hannover of Monaco had her pictures taken in public without her permission while she was on holiday. Her application to the German courts for an injunction to restrain the German magazines from further publishing her pictures was dismissed. She brought the case to the European Court which found that her right to private life had been breached in those circumstances and that German courts had not struck a fair balance between her right to privacy and the right of the public to information.
Even though Britain does not have an originally designed statute on privacy, it has adopted the European Union’s policy on Data Protection and enacted same as Data Protection Act (DPA). The DPA has eight principles for the regulation of private data, namely:
I. Personal data shall be processed fairly and lawfully;
II. Personal data shall be obtained only for one or more specified and lawful purpose;
III. Personal data shall be adequate, relevant and not excessive
IV. Personal data shall be accurate and updated;
V. Personal data shall not be kept longer than is absolutely necessary;
VI. Personal data shall be processed in accordance with rights of data subjects under the ACT
VII. Personal data must be kept safe and secure; and
VIII. Personal data must not be transferred outside the European Economic Area without adequate protection.
In the context of Nigerian law, it has been explained above that the prevalent law on privacy is Section 37 of the 1999 Constitution (as amended), and its provisions extend to telephone conversation and digital communication. However, in addition to the constitutional provision on privacy, there are yet, certain Federal enactments which concentrate on peculiar aspects of digital privacy. One of such, the National Communications Commission (NCC) Act 2003, provides in its Section 148 that:
the Commission may unilaterally order that any communication or class of communications to or from any licensee, person or the general public, relating to any specified subject shall not be communicated or shall be intercepted or detained, or that any such communication or its records shall be disclosed to an authorized officer mentioned in the order for this reason be justified.
Furthermore, the Credit Reporting Act 2017, which was enacted to provide access to accurate, fair and reliable credit information and to protect the privacy of such information, is another federal statute protecting digital rights and data privacy. The Act makes a requirement for a permissible purpose for collecting credit information and ensures confidentiality rights of data subjects and credit information providers. Equally, Section 14 of the Freedom of Information Act 2011 exempts the rendering of information of private nature.
An overview of the several data protection laws in Nigeria would reveal that the publication of private data will only amount to privacy right infringement where it is done by a person or corporation that is statutorily recognized to hold such private data as privileged information. Thus, the Credit Reporting Act, NCC Act and Freedom of Information Act all have their respective basis or similitudes in revealing the tort of breach of confidence and not in the umbrella law of information privacy, which protects all private data, whether given in confidence or not.
Problem may arise where a citizen shares his private data with a fellow citizen on a digital platform, and the receiver of information publicizes that information to third parties, without the consent of the owner of such private information. In a recent case, a man, who has been receiving nude pictures from a woman he had been having sexual affair with took to Twitter to share the nude pictures in his custody. Prima facie, unless the law of defamation catches up with such a person, he may be free from the cubicles of the law of information privacy.
Secondary usage of private data obtained with consent
One of the principles of the Data Protection Act of Britain is that personal data must be obtained only for one specified lawful purpose. It also follows that such personal data must not be used beyond that sole purpose. This provision forms the basis for liability in the context of secondary usage of private data obtained with consent. Such liability may arise, for instance, where Mr. A, who intends to convene a seminar, demands for the picture of Miss B, one of the facilitators, for the purpose of publicity. It will be a privacy violation for him to share Miss B’s picture with Mr. C, an admirer of Miss B, who has always been desirous of having her autograph. The strong letters of the Data Protection Act even frown at the act of retaining private data obtained with consent, longer than is absolutely necessary. The right attitude, in ensuring privacy, will be to destroy or delete such private data.
In the Nigerian context, however, there is no direct legislation on liability for secondary usage of private data. All the aforementioned legislations on digital privacy are silent on the legal position on liability for secondary usage of privacy or retention of private data, obtained with consent. . However, it remains the strong contention of the writer here that the provisions of Section 37 of the 1999 Constitution should be construed as extending to this. The fulcrum of the instant argument is that human rights are human rights, whether online or offline; and their breach must be appropriately redressed and remedied. Just as the defendant who shares out private information given in confidence will be liable for breach of fundamental rights, so also will a defendant who obtains private data on digital platforms with consent but makes a secondary usage of them illegally.
Communication surveillance is the interception of private data of persons through digital means. The need for government to embark on surveillance arises due to security challenges. With the perplexing security situation in Nigeria, it was essential to have a framework for the operation of communication surveillance. That legal framework is contained in the Terrorism (Prevention) Act 2013. The Act vests the power on the federal government to embark on surveillance, but subjects the power to a prior order of the Court warranting the surveillance.
It is argued that the interception of private data by the government for security is not an arbitrary interference with the privacy of persons. However, when the interception is done without the prior order of the court, it will be considered an invasion of privacy. In Bello v. Governor of Gombe State, the Court held that where a statute directs that a certain procedure be followed before a person is deprived of his rights; such procedure must be strictly followed.
In addition, the writer submits that the Court having the judicial competence to give an order or a warrant of surveillance in this regard is the Federal High Court.
Reasonable Expectation of Privacy and Its Application to Digital Activities
In relation to digital privacy and its violations in Nigeria, the principle of reasonable expectation of privacy can be considered in two perspectives; first, as a limitation to the tort of privacy and secondly, as a prerequisite to the exercise of the fundamental right of privacy. In the first perspective, English courts have unconsciously held that the lack of reasonable expectation of privacy is a limitation to the tort of privacy. Essentially, the judicial opinion in that jurisdiction is that once a person has put himself in a position where he cannot be thought to reasonably expect his privacy to be protected, he will be deemed to have no cause of action.
Meanwhile, in Nigeria, it is clear that privacy is not regarded as a tort as much as it is considered a fundamental human right. In Nigeria, the determination of a citizen’s right to privacy is a human rights issue. There is no statutory recognition of a tort of invasion of privacy, neither is there any case law in hand that pronounces on right to privacy as a question of tortious liability. The implication of this is that the limitations to the fundamental right to privacy must be constitutionally outlined. No common law principle or public policy would have as much weight as eroding the express letters of the constitution, in relation to any fundament rights, no less the right to privacy.
A diligent construction of Chapter IV of the 1999 Constitution would reveal that the limitations on the right of privacy are only for the interest of defence, public safety, public order, public morality or public health and for the purpose of protecting the rights and freedoms of other persons. Theoretically, reasonable expectation is not considered as a limitation to the exercise of privacy in the constitution and thus, should not be imported unnecessarily. What this ordinarily implies is that the principle of reasonable expectation of privacy, not being a constitutional principle, would not apply to cases of privacy violations, whether on digital platforms or elsewhere.
Practically, however, lack of reasonable expectation of privacy may be considered a limitation to the right of privacy. In practical terms, the question of reasonable expectation arises in situation where the defendant exercises his right of expression in breach of the claimant’s privacy. For instance, Ms. Cee posts her private information on her social media accounts. Mr. Dee shares them on his timeline without her consent. If sued for breach of fundamental right of privacy, the most appropriate defence for Mr. Dee is the exercise of his own freedom of expression, which is a constitutional limitation on Ms. Cee’ privacy. To frame his defence as ‘lack of reasonable expectation of privacy’ may not succeed on the ground of the argument put forward above.
In addition, what would otherwise amount to lack of reasonable expectation of privacy may be considered as a waiver of the right to privacy. It has been debated in several quarters whether a fundamental human right can be waived or not. The Supreme Court has however rested the debate when it decided in Ariori & Ors v. Elemo & Ors. that fundamental rights which are to the sole benefit of individual can be waived. Since, the right of privacy is of this category, it is submitted that it can be waived. Thus, in the scenario given in the preceding paragraph, even if Ms. Cee may not be said to lack reasonable expectation of privacy, by posting her private information on public forum, she could be held to have waived her fundamental right of privacy.
The second perspective is to consider reasonable expectation as a prerequisite to the exercise of the right of privacy. Notably, reasonable expectation of privacy is a doctrine contained in the Fourth Amendment to the United States constitution and is regarded as a legal test on where and in what situations a person could be said to have a right of privacy. It is often applied to cases of home privacy and has been generally held to be operational in a person’s home or in a hotel room. Meanwhile, a person whose house is unfenced and is situate on a hill cannot be said to have reasonable expectation as to the privacy of his house, since it is obviously in public view.
With respect to digital privacy, however, the position of the American constitution is unclear. It is essential to state early enough that the principle of reasonable expectation of privacy does not relate to information privacy and as such the principle is prima facie irrelevant to this discourse. In fact, the US Supreme Court has held in Smith v. Maryland that individuals have no legitimate expectation of privacy in information provided to third parties. This seems to rule out any possibility for liability for secondary usage of private data obtained with consent. However, it has been suggested that the Fourth Amendment could extend to apply to cases of expectation of privacy in cyberspace.
Relating this second perspective to Nigeria, it is essential to state that the American constitution has no place of enforceability in Nigeria. That is the ordinary implication of the evergreen principle of lex non valet extra territoria. Since the American constitution is foreign to Nigerian jurisprudence, it will be unreasonable to import its principles to govern fundamental issues in Nigeria. As such, reasonable expectation of privacy cannot be treated as a legal test of determining the applicability of the fundamental right of privacy.
The writer has examined constitutional provisions on right of privacy, specifically as it applies to the digital space. He has also considered several statutes that make for peculiar instances of digital rights protection. By review of these statutes and the constitution, it is obvious that there is recognition of a right of digital privacy. This right, as a form of the fundamental right of privacy, can only be waived or limited through constitutionally or statutorily recognized procedures. Lack of reasonable expectation of privacy is inappropriately pleaded as a defence to the breach of fundamental right. It is completely alien to the soil of the Nigerian legal system and unknown to the constitution. Meanwhile, this is not to say that users of the digital platform that ‘sell’ their private data to the public will still be expected to have privacy. Such persons will be considered to have waived their fundamental right of privacy, and anyone who shares such data is only exercising his own right to freedom of expression.
I. Techopedia. available at http://www.techopedia.com/definition/24928/digital-rights
III. Law J. and Martin E.A. (ed). Oxford Dictionary of Law (7th edition). Oxford University of Law. 2013
IV. Aleshinloye, A. “Celebrities’ Right to Privacy vis-à-vis Press Freedom”. Venimus Legal Commentaries. Ibadan. 2017
V. Law J. and Martin E.A, supra
VI. Blackstone, W. Commentaries on the Law of England. Oxford Clarendon Press. 1765-1769. Cited in Akande, J.O. Introduction to Constitution of the Federal Republic of Nigeria 1999. MIJ Professional Publishers Limited. Lagos. 2000
VIII. (1977) 2 All ER 751
IX. No 2 (Application no. 593200)/00
X. Adekunle, A. Right to Privacy and Law Enforcement. Ogun State Judges’ Conference. 2016
XI. Meaning, on first fact or on the surface.
XII. See Section 29(1) of the Act
XIII. (2016) 8 NWLR pt. 1514 pg. 219
XIV. (1983) LPELR-SC 80/1981
XV. Ilker and OKTEM “Expectation of Privacy in Cyberspace: The Fourth Amendment of the US Constitution and an Evaluation of the Turkish Case”. 2012
XVII. 442 US 735 (1975)
XVIII. Ilker and OKTEM, supra
XIX. Meaning, law is not valid outside its territory.
Adeyemi Aleshinloye is an enthusiastic and passionate law student, ardent legal researcher and published writer. A tutor with over three years experience, he aspires to be a legal academic, advocate and arbitrator with focus interests in International Human Rights Law, Commercial and Corporate Law, Intellectual Property and Technology. A student of Law in his third year at the prestigious University of Ibadan, Adeyemi currently serves as the Deputy Head of H.O. Davies Chambers, UI and Human Resources Consultant at Commercially Aware.