The Nigerian Communications Commission (NCC) recently published a draft Internet Code of Practice (the “Code”), aimed at promoting a safer and more responsible internet environment for consumers.
The importance of the internet in the modern business environment cannot be overstated. Commercial transactions are increasingly conducted online, and digital services are continuously rendered to businesses and individuals, including minors. The Code is intended to provide guidance on the operation and regulation of online and digital communications platforms and Internet Access Service Providers (IASP) in Nigeria. While the Code is currently under review, we have highlighted in this newsletter some key provisions of the Code and their potential implications for stakeholders.
Who is the Code Applicable to?
The Code applies to IASPs licensed by the NCC to provide internet access services, as well as online and digital communications platforms that offer communication services, whether directly or through intermediaries.
In addition, the Code extends to all entities operating under the regulatory purview of the NCC, ensuring a broad and uniform application across Nigeria’s communications ecosystem.
What are the Obligations of Online and Digital Communications Platforms and IASPs?
Protection of Minors and other Vulnerable Persons
The Code requires IASPs and online and digital communication platforms to implement parental control tools that are simple to enable, including content filtering and usage monitoring features, to allow parents and guardians effectively monitor and control the use of internet services and digital communications platforms by minors. The Code further requires the implementation of clear rules in their terms and conditions or terms of use that protect children and vulnerable persons, in compliance with applicable laws and regulations in Nigeria.
In addition, IASPs must implement appropriate measures to block unlawful content[1] and establish a clear and accessible mechanism for reporting such content to the NCC.
Implementation of Data Privacy and Cybersecurity Measures
Further to the Code, IASPs are required to comply with the provisions of the Nigeria Data Protection Act 2023 and the NCC Consumer Code of Practice Regulations 2024 in the management of personal data. In the event of a data breach resulting in the exposure of consumer data, the Code mandates that affected consumers be notified within 48 hours of the breach, and that the NCC also be notified within 48 hours of the occurrence of the breach.
The Code also prohibits the harvesting of consumer data by an IASP or any third party without the prior approval of the NCC. In relation to cybersecurity, the Code requires all IASPs to implement a cybersecurity framework to be issued by the NCC.
Governance Rule/Guideline
The Code requires online and digital communications platforms to implement community rules or guidelines governing the moderation of use by consumers of their platforms, in line with the Nigerian Communications Act 2003, to ensure that network services or applications are not used for any unlawful purpose. Such community rules or guidelines must be submitted to NCC within 6 months of the issuance of the finalised Code. The Code further provides that the NCC may, from time to time, issue additional requirements for adoption by online and digital communications platforms.
IASPs are also required to incorporate clear rules in their Terms of Use prohibiting the use of internet access services for spamming or other unsolicited communications.
Compliance and Reporting Requirements
IASPs are required to submit biannual reports to the NCC containing operational details, whether any takedown orders or content removal requests have been received from consumers, the extent of compliance with the Code, and details of collaboration with other relevant entities. Online and digital communications platforms are also required to submit biannual reports in the format prescribed by the Code. Such report should include, among other details, the type of service provided, whether any takedown requests have been made, the actions taken in response to such requests, and the outcomes of those actions.
The Code further provides that online and digital communications platforms, IASPs, and other relevant entities must, upon request by the NCC, submit compliance reports or any additional information necessary to demonstrate compliance with the provisions of the Code.
What are the rights of Consumers under the Code?
As provided under the Code, consumers have the right to create, share, and access information that is not unlawful under any law in Nigeria. Where content is lawful, such content shall not be subject to discrimination by an IASP. While providing internet access services, IASPs are required to ensure transparency in the management of internet traffic, including clear disclosure of how such traffic management practices may affect consumers, as well as any network optimisation measures implemented. IASPs must also ensure that there is no deliberate degradation of internet traffic.
Conclusion
Although the Code is not finalized, it potentially provides streamlined guidance on the obligations and operational requirements applicable to IASPs and online and digital communication service providers. The Code seeks to balance innovation in the use of the internet with consumer protection and safety particularly for minors. It is therefore important for relevant stakeholders to assess their existing systems, policies, and operations in contemplation of the finalisation of the Code.
[1] Unlawful content is defined in the Code as any content that is in violation of an existing law in Nigeria.
--
Read the original publication at Pavestones
