Expert says Ghana could become ‘data infodemic’
Data expert, Dr Patrick Lebene Adonoo, has cautioned of the possibility of Ghana becoming ‘data infodemic’ over the easy access to personal data or information of Ghanaians by data controllers and data processors.
A Data controller is an individual, business or entity that collects personal data or information of individuals and determines the use of the collected data. Whereas a Data processor is also an individual, business or entity that analyses data to bring meaning to it.
Infodemic is a blend of “information” and “epidemic” that typically refers to a rapid and far-reaching spread of both accurate and inaccurate information about something, such as a disease.
Speaking during a webinar held by the UK-Ghana Chamber of Commerce (UK-GCC), Dr Adonoo who currently acts in the capacity of the Director, Regulatory Compliance Unit of the Data Protection Commission (DPC), noted the need for the personal data of Ghanaians to be protected.
“Government has seen the need to protect or incorporate some regulation around the use of personal data of Ghanaians by data controllers and processors, hence the creation of the Data Protection Commission which is enabled by the Data Protection Act 2012 (Act 843),” he stated.
“Because you see, as a country we need to protect the data we are picking otherwise a time will come where we will experience what is called infodemic,” he added making reference to how widespread the Covid pandemic is for a clearer understanding of infodemic.
He continued saying, “We get messages from betting companies, loan sharks etc telling us to purchase a service or do one thing or the other. Unsubscribed messages is a symptom of infodemics because we don’t go around writing our numbers on walls but for some reason some of these companies are able to get them and when they have your number then the question is what other information do they have about you. So when data is not protected it affects everyone.”
Speaking further at the webinar, Dr Adonoo noted to ensure compliance to data protection laws as stipulated in the Data Protection Act, data controllers and processors are required to abide by eight (8) principles of data protection which include;
- Lawfulness of processing
- Specification of purpose
- Quality of information
- Data security safeguards
- Data subject participation and
- Compatibility of further processing with purpose of collection
According to Dr Adonoo, the DPC to further enforce compliance of entities to data protection laws, has partnered with other regulatory bodies to demand data protection certification from entities as an eligibility criterion for registration.
“So for instance we have partnered with the Bank of Ghana to ensure that banks and FinTechs have data protection certification from the Commission before they are allowed to take personal data of clients,” he remarked.
Adding the Commission has also resorted to publishing names of entities in good standing with the Commission and advising the public against giving their personal data to entities that are not registered with the DPC.