By Omoruyi Edoigiawerie, Esq
This is the digital age and Nigeria is not an exception to the inescapable wind of digitalisation. Start-ups are also unarguably the windmills that create energy from the digitisation of our present age.
As digital technologies become increasingly important in government, industry, and daily life, people from all over the continent are becoming increasingly concerned about their reliance on foreign technology providers to store and process data.
For instance, stakeholders are no longer fixated on just the practicability of the service, but now questions are also on how safe and strategic it is to host your end users’ data in other jurisdictions, they now realise that choosing a specific location over another can jeopardise their business.
As digital technologies continue to shape Nigeria’s entrepreneurial landscape with start-ups leading the pack, there is, therefore, a need to understand the concept of digital sovereignty, its implications, challenges, and the opportunities associated with it. This will help Nigerian startups proactively adapt their strategies to succeed in a rapidly evolving digital landscape.
Embracing digital sovereignty will not only foster innovation and economic growth but also enable Nigeria to assert its digital independence on the global stage.
Digital sovereignty refers to a country’s ability to exercise control and authority over its digital infrastructure, data, and internet governance. It emphasizes the importance of protecting national interests and ensuring that a country can regulate and govern its digital space.
In the most simplistic terms, Digital sovereignty means having power over the digital data that transits or is stored within a country.
A lot of innovation and start-up success is reliant upon data and it’s an integral part of modern society, but while the focus is often on the viability and imperativeness of the technology, there can no longer be a nonchalant attitude towards where the data is stored, and by whom.
While Companies used to select their cloud providers based on the commercial and the technical advantages they offer, rather than their ethical values, however, there is a shift in this thinking, as people are now seeking more ethical considerations to issues that relate to data.
At present, there are no international laws regulating private data protection –each country makes its own rules. And, following the massive adoption of cloud technologies by companies, concern from end users is growing very fast, as they worry about the confidentiality and accessibility of their data.
*Key considerations for Nigerian start-ups
Data Protection and Privacy: The starting point here is to ensure that start-ups are aware of the data protection and privacy regulations in Nigeria. With the Enactment of the Data Protection Act, the Nigerian Data Protection Commission (NDPC) has been established as the regulatory body responsible for data protection in the country.
While the National Information Technology Development Agency (NITDA) has core oversight over the growth and development of information technology in Nigeria. Compliance with data protection rules, such as obtaining user consent, secure storage of data, and proper handling of personal information, is essential to avoid legal issues and regulatory defaults as well as protect user trust.
2. Local Hosting and Data Localization: Digital sovereignty often involves promoting local hosting and data localization, which means that data generated within Nigeria should be stored within the country’s borders. Startups should consider hosting their servers locally or using cloud providers that have data centres in Nigeria to comply with data sovereignty requirements.
3. Regulatory Compliance: Startups must understand and comply with relevant laws and regulations related to their industry. For example, fintech startups in Nigeria, need to adhere to regulations set by the Central Bank of Nigeria (CBN) and other financial authorities. It’s essential to stay updated on regulatory changes and seek legal advice to ensure compliance with applicable laws. There are also registration requirements that must be met before the entities are registered in Nigeria by the corporate affairs commission and post-registration, they must ensure timely compliance with post-registration requirements.
4. Cybersecurity and Information Governance: Start-ups should prioritise cybersecurity measures to protect their digital assets and user data. Implementing robust security protocols, encryption, regular audits, and employee training can help mitigate cybersecurity risks. It’s important to stay informed about the latest cybersecurity threats and adopt best practices to ensure the integrity of digital operations.
*Multi-cloud storage as a viable option
Many startups face problems with data storage, security, and sovereignty. Navigating the dynamic cloud landscape is also not easy, which makes it nearly impossible to identify which cloud offers the best options for data and business needs. Using two or more cloud computing services, as is the case with multi/hybrid cloud infrastructure, enables startups to access the best of both services and addresses the challenges of digital sovereignty.
Certain policies and laws require a start-up’s data to be stored physically in some locations. This data is subject to data sovereignty, which means that even if the data is stored outside of the host country, it must abide by the data laws laid down by the country it is located in.
Multi-cloud computing can help startups navigate the challenges of conflicting regulations but even more importantly, manage the issue of digital sovereignty in a manner that suits their individualistic realities and does not short-change their data subjects.
Nigeria has its unique digital technology challenges as well as infrastructure deficits which may appear as impediments to the attainment of digital sovereignty, however, these must not become insurmountable, rather must now devise an ingenuous approach to addressing these challenges.
The Multi-cloud storage approach has developed over the past few years, as most companies are inclined towards a multi-cloud strategy. At the end of the day, I would think that the logic behind this is simple: “Don’t put all your eggs in one basket” and “The landlord of the house dictates the rules”.
A single cloud provider cannot meet all the company’s needs in terms of products and services, developer experience, and, of course, data sovereignty and security. The objective is to combine the advantages of each cloud provider according to the company’s needs, therefore, adopting a multi-cloud strategy makes it possible to rely on an indigenous provider as well as a foreign provider, thereby allowing the company guarantee data privacy and security to end users, no matter their geographical location.
Among many other advantages, the company will also enjoy the freedom to choose the right products and services, limit infrastructure-related costs, and reduce dependency on a single provider. This is the approach Startups in Nigeria should adopt as we embark on a journey toward full digital sovereignty.
*What must be done internally?
There is a need for a cross-sectorial collaboration between the public and private sector practitioners in the information technology and digital innovation ecosystem towards promoting digital sovereignty. This can be achieved by engaging with organizations like NITDA, NDPC, the Ministry of Communications and Digital Economy, and other relevant agencies as well as private sector organisations and support groups to provide valuable insights, support, and guidance on compliance, policies, and industry trends that enable digital sovereignty for indigenously obtained data.
It is also important to foster international collaborations where Startups are aware of international regulations and laws when operating globally or dealing with cross-border data flows. Understanding the implications of data transfer agreements, such as the General Data Protection Regulation (GDPR) for instance, can help ensure compliance when interacting with international customers or partners.
*Conclusion
By understanding and actively addressing the concept of digital sovereignty, start-ups in Nigeria can position themselves to navigate regulatory challenges, protect user data, and contribute to the growth of the digital ecosystem in the country.
At the end of the day, there is no gainsaying the fact that Data storage is now a matter of sovereignty, it can therefore no longer be business as usual.
Omoruyi Edoigiawerie is the Founder and Lead Partner at Edoigiawerie & Company LP, a full-service law firm offering bespoke legal services with a focus on startups, established businesses, and upscale private clients in Nigeria. The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. His firm can be reached by email at hello@uyilaw.com.
