The data protection Act, 2012, Act 843, chapter 20(1) states that “A person shall not process personal data without the prior consent of the data subject unless the purpose for which the personal data is processed is, necessary for the purpose of a contract to which the data subject is a party, authorized or required by law, to protect a legitimate interest of the data subject, necessary for the proper performance of a statutory duty; or necessary to pursue the legitimate interest of the data controller or a third party to whom the data is supplied”. This is interestingly followed by chapter 20 (2) which states that “Unless otherwise provided by law, a data subject may object to the processing of personal data”.
The telecommunication companies in Ghana, MTN, Vodafone, and Airteltigo seem not to know of the existence of the data protection Act, 2012 or if they do, are flouting the provisions of the Act. They use the mobile data of their customers for their marketing campaigns without permission from them, the data subjects. In some cases, they leak out the mobile data of their customers to third parties without recourse to them. Personal information and data are also shared by the telecommunication companies to Value Added Service (VAS) providers who sometimes fraudulently charge the customers of the telecommunication companies for services they have not subscribed to. This is not only infuriating and disheartening but illegal. This has led in many instances to the hacking of personal information by fraudsters, duping of unsuspecting customers of the telecommunication companies among others. A case in point is the recent increase in mobile money fraud, where data mysteriously obtained from the telecommunication companies is used to dupe unsuspecting clients of huge sums of money.
While the customers of the Telecommunication companies continue complaining about the disregard for their consent in the usage and processing of their personal data, the telecommunication companies pay deaf ears to them. This has its ripple effects, the refusal of many individuals to register their sim cards with their personal information thus making nonsense of the government’s commitment to identify and trace every mobile number to the user. They resort to purchasing already registered sim cards.. Who then regulates the telecommunication companies and supervises them?
The National Communication Authority was established by an Act of parliament in 1996 as a central regulatory body to regulate the telecommunications sector and to promote a stable operating environment for all participants, while also promoting fair competition and efficiency. The main task of the NCA includes the licensing and regulation of telecommunication system operators and assigning or allocating systems frequencies. The NCA over the years has tried its very best to perform this role but seems to be failing in monitoring the activities of the telecommunication companies in Ghana. Data provided by customers during the registration of sim cards as required by law is to be protected by the telecommunication companies. This data as by law established must only be processed and used upon permission from the data subject. The reverse of this, where data of individuals and groups find its way into the public domain seems to be the case. By simply googling a person’s name, one is sure to find some mobile data of that person. This has made us all vulnerable to electronic fraud.
Whilst the work of the telecommunication companies has boosted socio-economic activities in Ghana and contributed tremendously to resolving the issues of unemployment, the service providers in collaboration with the regulator, NCA must as a matter of urgency and necessity take measures to protect customers and other stakeholders in the telecommunication industry. Data protection is at the heart of the operation of the telecommunication companies and it is in their own interest to help protect the mobile data of clients.