Data Protection Act, 2012: Mobile Data And User Privacy.

I sat observing the short messaging service (SMS) on my phone. For the past forty minutes, I have received twenty-five text messages. Out of this, two of the messages were from services I have subscribed to on my MTN number, three were personal messages and twenty of the messages were unsolicited messages from the telecom giant MTN and financial service providers. For the financial service providers, they keep flooding my inbox to the extent that deleting the messages is futile. I have attempted to call a couple of the numbers (I mean those of the financial service providers) to educate them on creative and innovative marketing strategies to get their messages across to their clients. I informed most of them that, sending generic messages to customers or potential ones infuriates and irritates them and causes more harm than good. Most of the numbers I called were answered by relatively young ladies and a couple of them by some gentlemen. Some were charitable enough to hear but not to listen to what I have to say and others rudely terminated the call once I established my reason for calling. Whatever the case, the messages continue coming. The messages from the service provider, MTN, were of the marketing and campaign kind. They range from alerting customers on new products and services that the company has to offer to general news items in the public domain. To be sure that I have done nothing wrong, knowingly or unknowingly, on my MTN number that warrants such a barrage of unsolicited messages, I spoke to a couple of friends who confirmed they are having the same experience.

The data protection Act, 2012, Act 843, chapter 20(1) states that “A person shall not process personal data without the prior consent of the data subject unless the purpose for which the personal data is processed is, necessary for the purpose of a contract to which the data subject is a party, authorized or required by law, to protect a legitimate interest of the data subject, necessary for the proper performance of a statutory duty; or necessary to pursue the legitimate interest of the data controller or a third party to whom the data is supplied”

This is interestingly followed by chapter 20 (2) which states that “Unless otherwise provided by law, a data subject may object to the processing of personal data”.

The telecommunication companies in Ghana, MTN, Vodafone and Airteltigo seem not to know of the existence of the data protection Act, 2012 or if they do, are intentionally and blatantly flouting the provisions of the Act. They use the mobile data of their customers for their marketing campaigns without permission from them, the data subjects. In some cases, they leak out mobile data of their customers to third parties without recourse to them. This is not only infuriating and disheartening but illegal. This has led in many instances to hacking of personal information by fraudsters, duping of unsuspecting customers of the telecommunication companies among others. A case in point is the recent increase in the mobile money fraud, where data mysteriously obtained from the telecommunication companies is used to dupe unsuspecting clients of huge sums of money. While the customers of the Telecommunication companies continue complaining about the disregard for their consent in the usage and processing of their personal data, the telecommunication companies pay deaf ears to them. This has its ripple effects, the refusal of many people to register their sim cards with their personal information thus making nonsense of the government’s commitment to identifying and tracing every mobile number to the user. They rather resort to purchasing already registered sim cards. Personal information and data is also shared by the telecommunication companies to Value Added Service (VAS) providers who sometimes fraudulently charge the customers of the telecommunication companies for services they have not subscribed to. Who then regulates the telecommunication companies and supervise them?

The National Communication Authority was established by an Act of parliament in 1996 as a central regulatory body to regulate the telecommunications sector and to promote a stable operating environment for all participants, while also promoting fair competition and efficiency. The main task of the NCA includes the licensing and regulation of telecommunication system operators and assigning or allocating systems frequencies. The NCA over the years has tried it’s very best to perform this role but seem to be failing in monitoring the activities of the telecommunication companies in Ghana. Data provides by customers during the registration of sim cards as required by law is to be protected by the telecommunication companies. This data as by law established must only be processed and used upon the permission from the data subject. The reverse of this, where data of individuals and e groups find its way into the public domain seem to be the case. By simply googling a person’s name, one is sure to find some mobile data of that person. This has made us all vulnerable to electronic fraud.

Whilst the work of the telecommunication companies has boosted socio-economic activities in Ghana and contributed tremendously to resolving the issues of unemployment, the service operators must as a matter of urgency and necessity take measures to protect their customers and agents. Data protection is at the heart of the operation of the telecommunication companies and it is in their own interest to help protect the mobile data of their clients.