Huawei's Data Centre in Nigeria Raises Data Security Concerns

also ft Nigeria's Digital Identity Agency's Ambitious Plan

October 12, 2024

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Hello,

I hope you are having a great weekend! The latest edition of CybAfriqué's newsletter covers Huawei's ongoing data protection challenges in various countries, along with its recent announcement of a data center project in Nigeria. Other countries are also embracing innovative cybersecurity initiatives.

CybAfriqué is now on social media. We encourage you to follow us on Linktree to stay connected.

— Adebola

Thanks for reading CybAfriqué Newsletter! Support our work by sharing this newsletter with your network.

HIGHLIGHTS 

Huawei's Data Centre in Nigeria Raises Data Security Concerns

Huawei, a Chinese-owned global telecommunications company, is reportedly constructing a data center in Nigeria, with a focus on complying with the Nigerian Data Protection Act (NDPA), which requires Nigerian user data to be stored within the country. The data center, named 'Cloud Site,' is set to go live by October 31st.

According to a company executive, the local data center hardware aims to address data sovereignty and compliance concerns, improve local availability, and reduce latency, thereby safeguarding data privacy.

Since expressing interest in Nigeria in 2021, Huawei has partnered with Cloud Exchange and Galaxy Backbone (GBB) to establish Tier IV data centers. The company has also secured contracts with financial institutions and expanded its presence in other African markets.

Huawei has, however, faced allegations of intercepting data and collaborating with the Chinese government for surveillance purposes. In 2019, the US banned the company, citing national security threats, leading Google to terminate collaborations with Huawei.

A report on Malawi's National Data Centre, developed in partnership with Huawei, has raised concerns about data security and the importance of robust data protection laws, citing the company's questionable activities in Uganda and Zambia.

While foreign companies dominate the data center market in Africa, many countries lack laws regulating data transfer within and beyond their borders. Even the Malabo Convention of the African Union and the ECOWAS Act, which serve as models for the NDPA, do not address transborder data flows (TDF).

The EU's General Data Protection Regulation (GDPR) requires that citizens' data be stored and processed within the continent, with non-compliance resulting in a penalty of 4% of global revenue.

Nigeria's NDPA, enacted in 2023, addresses data protection and sovereignty concerns overlooked by previous laws. The country is increasingly focusing on ensuring digital wellness and best practices, recognizing that data exchange between countries has become a critical issue. However, it needs to implement measures to regulate its partnerships with foreign companies effectively. 

Nigeria's Digital Identity Agency's Ambitious Plan 

The National Identity Management Commission (NIMC), responsible for verifying the identity of Nigerian citizens, has announced plans to transition to digital operations. This move includes the introduction of a self-service modification portal, allowing citizens to easily address their requests and concerns.

Why this matters: 

However, this shift poses potential risks for citizens. The press release did not clarify whether licensed third parties or service providers would cease operations. In June, reports emerged of unlicensed websites offering identity verification services for as little as 100 naira (6.5 cents).

Despite the NIMC's assertion that these websites are unlicensed and do not store NIN slips, citizens who are not digitally savvy may be at risk of compromising their data privacy when seeking assistance from unapproved third-party services. Since the onset of the COVID-19 pandemic, the NIMC has mandated that every citizen obtain their National Identification Number (NIN), which has been increasingly integrated into various applications, particularly in the telecommunications sector.

My thoughts: 

There is a potential gap that unlicensed operators could exploit, particularly for citizens without access to digital devices. A recent report indicated that 110 million Nigerians, roughly half of the country's population, have registered for the identification number. While these developments signify progress toward a digital era, the NIMC must consider the specific needs of individuals lacking digital access. 

FEATURES 

  • In Nigeria, the anti-graft agency, the Economic and Financial Crimes Commission (EFCC), conducted mass arrests, sweeping at least 100 suspected internet fraudsters across different states. The states are Ebonyi and Anambra, Oyo and Ogun, Benin, Kaduna, and Uyo.

HEADLINES 

  • NETSCOUT Unveils Cybersecurity Solutions at MWC Kigali 2024 - IT News Africa

  • Datacentrix re-attains Rubrik Elite Partner status, strengthening commitment to cyber resilience in Africa - IT Web 

  • Implementation of sovereign cloud in Africa: Senegal and Google sign an agreement to create a dedicated infrastructure - Africa Cybersecurity Magazine 

  • PayTech Firm Partners with PCI to Boost Payment Data Security - IT News Africa

  • 51% of SA children face cyber threats; expert calls for digital education in schools - News24

  • Sextortion: Exposing how online predators are preying on teenagers, demanding money in exchange - IOL

  • Former FNB employee sentenced to 15 years for stealing money from a deceased client - IOL

  • High profile lawyer faces court over alleged money laundering and forgery scandal - DCI Kenya

Thanks for reading CybAfriqué Newsletter! This post is public so feel free to share it.

ACROSS THE WORLD 

Last week, we reported that Interpol has been at the forefront of Africa-wide crackdown on cybercriminals.

OPPORTUNITIES 

Reply

or to participate.