Nigeria and Ethiopia’s central banks have reached a deal to swap $100 million in funds blocked as a result of a shortage of foreign currency in both countries, according to the Ethiopian news outlet, The Reporter.

Under the deal, both Dangote Cement and Ethiopian Airlines will swap funds from their trapped revenue in Nigeria and Ethiopia. Sources in the aviation industry reveal that Ethiopian Airlines will exchange $100 million out of the total $180 million in blocked funds in Nigeria for Ethiopian birr from Dangote Cement, Ethiopia.

“The National Bank will reimburse us with the equivalent amount in Ethiopian birr,” stated Mesfin Tassew, the CEO of Ethiopian Airlines, in an interview with The Reporter. He also mentioned that there are no current plans to swap the remaining amount.

The two African countries have struggled with the repatriation of funds, with millions of dollars trapped in the revenue of foreign companies owing to the massive decline in foreign currency inflow.

Sources from the Central Bank of Ethiopia, quoted by The Reporter, confirmed it had reached an agreement with its Nigerian counterpart to conduct a “temporary swap of foreign currencies.”

Dangote Cement, which produces about 2.5 million tons of cement yearly in Ethiopia, has millions of US dollars held in the country, while Ethiopian Airlines – which is popular among Nigerian international travelers – has about $180 million to be repatriated. Dangote is estimated to have about $300 million trapped.

The situation highlights the seriousness of the forex crisis in both countries. Ethiopia is currently facing a severe foreign exchange scarcity, reaching a critical stage that hampers the country’s ability to import crucial commodities such as pharmaceuticals and industrial resources.

The foreign exchange reserves held by Ethiopia are inadequate to support even a single month of imports, according to The Reporter.

Insufficient forex liquidity in the Northeastern African country has dampened the interest of investors, prompting the National Bank of Ethiopia to implement reforms aimed at mitigating FX obstacles faced by investors.

In Nigeria, the effect of the dollar shortage has not only inspired rising inflation, it has also forced the blocking of revenues of foreign companies operating in the country.

Last year, United Arab Emirates-based airline, Fly Emirates, twice, called off its operation in Nigeria due to its inability to repatriate more than $500 million in trapped funds.

But unlike the UAE’s Fly Emirates, Ethiopian Airlines, which is the largest foreign carrier operating in Nigeria – with international operations covering major cities like Lagos, Abuja, and Kano, shares a similar problem of dollar shortage with Nigeria.

Dangote Cement, which has been a major player in Ethiopia’s construction sector for over a decade, and Ethiopian Airlines, have over the years – accumulated millions of dollars in blocked funds.

In June, under the leadership of Nigeria’s new President Bola Tinubu, the Central Bank of Nigeria (CBN) floated the country’s forex market, in a move to collapse multiple exchange rates into one. Though the move has been applauded as a bold step in attracting foreign investment, it is yet to solve the forex shortage problem.

Nigeria has seen its foreign reserves drop to $34 billion as of May, following the massive decline in oil revenue – its major source of forex.

The accumulated trapped funds are said to have inspired investors’ suspicion that Nigeria’s dollar reserves are not as large as the CBN says. Investors are concerned that Africa’s largest economy is struggling to pay off debts that it should be able to pay easily given the volume of its foreign reserves.

“The suspicion is that Nigeria’s external reserves are much less than what the CBN reports,” a fund manager based in South Africa is quoted to have said on condition of anonymity. “The level of opacity is alarming and is a real drag on investor confidence.”

Given their shared forex challenge, the Ethiopian central bank offered Dangote Cement a currency swap proposal, allowing it to exchange its excess Ethiopian birr for US dollars held by overseas firms operating in Ethiopia.

Africa’s largest cement producer, Dangote Cement Plc, has announced its shares buyback programme will takeoff in mid July having secured the backing of its Shareholders at the extraordinary meeting which held in December 2022.

The share repurchasing programme which was said aimed at enhancing the value of the company’s shareholders, targets N50.1 billion worth of shares, estimated to constitute a percentage of the company’s current total share issued which entails 16,873,559,251shares at N300.1 per share.

The first tranche of the share buyback in which 168,735,593 ordinary shares of 50kobo each will be repurchased at N300.1 per share is scheduled to commence on July 17 to July 18 or when the entire tranche 1 shares will be completely taken over.

A statement made available at the Nigerian Exchange Group, NGX, by Dangote Cement Plc, DCP, on Thursday, showed DCP through its appointed stockbrokers, will be conducting the tranche 1 of the share buyback via the open market of the NXG subject to the prevailing market conditions and under the current daily trading rules of the NGX.

The statement reads in part: “DCP would not be under any obligation whatsoever to purchase any or all of the DCP shares put on offer over the duration of Tranche I.

“The shares being bought back by the Company under the Share Buy-Back Programme will be held as treasury shares, as permissible under CAMA. Execution of this Tranche I is not expected to have any material impact on the Company’s financial position.

“Dangote Cement shareholders seeking to participate in Tranche I of the Share Buy-Back Programme are advised to contact their stockbrokers or any other independent professional adviser registered as a capital market operator by the SEC for further guidance on the submission of trades on the NGX’s trading platform.

“DCP will provide weekly updates on the progress of Tranche I of the Programme on its website over the duration of this tranche. The Company said it will continue to monitor the evolving business environment and market conditions, in making decisions on subsequent tranches of the Share Buy-Back Programme.

“Shareholders and investors are advised to exercise caution when dealing in the securities of Dangote Cement until the completion of Tranche I of the Share Buy-Back Programme. An announcement will be published upon completion of Tranche I of the Programme,” it stated.

In an increasingly interconnected world, the issue of data protection has gained significant importance. With the rise of cloud-based technologies and the globalization of data storage, it has become crucial for tech entrepreneurs to understand the provisions of the law concerning cross-border data transfer and cloud data security. As several data protection laws changes across the world, tech enterprises cannot claim ignorance as an excuse for manhandling data and transferring data contrary to the law.

On the 12th of June 2023, President Bola Ahmed Tinubu signed into law the Nigerian Data Protection Act (NDPA), marking a significant milestone in the country’s journey to strike a balance between fostering technological innovation and safeguarding the privacy rights of individuals. The NDPA introduces a comprehensive framework that outlines the responsibilities and obligations of organizations in handling personal data in a transparent, secure, and lawful manner.

One area of particular importance for tech entrepreneurs operating in Nigeria is the provision concerning cross-border data transfer and cloud data security. With many local tech companies relying on foreign cloud-based technologies and storing data with service providers whose data centres are located outside of Africa, it is essential to understand how the NDPA affects these practices.

In this article, we will explore the key aspects of the Act that pertain to these areas, taking into consideration the challenges faced by local tech companies that utilize foreign cloud-based technologies and store data with service providers located outside of Africa.

Cross-Border Transfers Of Personal Data

The Nigerian Data Protection Act places certain restrictions on the transfer of personal data from Nigeria to other countries. According to Section 41 of the Act, data controllers or processors can only transfer personal data if the recipient country ensures an adequate level of data protection. This adequacy can be demonstrated through various means, such as laws, binding corporate rules, contractual clauses, codes of conduct, or certification mechanisms.

To comply with the Act, data controllers and processors must maintain records of the basis for transferring personal data and the adequacy of protection. The Act empowers the Commission to establish rules that require organizations to notify the Commission about the measures they have in place to ensure data security and explain their adequacy. Additionally, the Commission has the authority to identify specific categories of personal data that have additional restrictions on cross-border transfers, considering the nature of the data and the risks to data subjects.

Adequacy of Protection

The Act defines an adequate level of protection as one that upholds principles similar to those outlined in the Data Protection Act. In assessing adequacy, factors such as enforceable data subject rights, access to administrative or judicial redress, the existence of data protection laws, competent supervisory authorities, and international commitments are taken into account. The Commission plays a crucial role in determining whether a country, region, sector, or contractual provisions meet the requirements of adequacy and is responsible for issuing guidelines in this regard.

Other Bases for The Transfer of Personal Data Outside Nigeria:

In situations where adequate protection is not ensured, the Act provides alternative bases for transferring personal data outside Nigeria. These include obtaining and maintaining the consent of the data subject, transfers necessary for contractual performance or initiation, transfers in the data subject’s interest, transfers for public interest reasons, transfers for legal claims, and transfers to protect vital interests when the data subject is unable to provide consent.

Registration of Data Controllers and Processors of Major Importance

The Nigerian Data Protection Act (NDPA) does not explicitly define the criteria for determining what constitutes “major importance” or which companies fall into this category. However, it mandates that data controllers and processors of major importance must register with the Nigerian Data Protection Commission. This registration requirement applies within six months of the Act’s commencement or upon becoming a data controller or processor of major importance.

During the registration process, companies are required to provide relevant information about their operations, including details about the controller or processor, a description of the personal data being processed, the purposes of the processing, the recipients of the data, the security measures in place, and any other necessary information. It is essential for companies to accurately disclose this information to the Commission. Additionally, if there are any changes to the submitted information, companies must notify the Commission within sixty days to ensure ongoing compliance with the Act’s requirements.

The Commission maintains a register of registered data controllers and processors of major importance on its website. The Commission also has the authority to grant exemptions from registration for certain classes of controllers or processors, and it may remove any controller or processor that is no longer considered of major importance.

Impact on Cloud Infrastructure Choices:

Tech entrepreneurs in Nigeria must carefully consider the jurisdiction of the cloud service provider’s data centres. If the cloud provider’s data centres are located outside Nigeria, additional scrutiny is required to assess the adequacy of protection. Entrepreneurs may need to evaluate the data protection laws and regulations of the country where the data centres are located, along with the provider’s compliance track record, security measures, and commitment to data subject rights. They should also review the provider’s data transfer mechanisms, such as the use of standard contractual clauses or other safeguards, to ensure compliance with the Act.

Registration and Compliance Obligations:

Under the Act, data controllers and processors of major importance are required to register with the Nigerian Data Protection Commission. This registration process involves providing detailed information about the personal data being processed and the security measures in place. For entrepreneurs using cloud service providers with data centres outside Africa, it is crucial to accurately disclose the use of such providers and any cross-border data transfers during the registration process. Compliance with the Act’s registration and notification obligations is essential to avoid penalties and maintain transparency with the Commission.

Overcoming Challenges in Cross-Border Data Transfer and Cloud Security for Nigerian Tech Companies

Local tech companies in Nigeria face various challenges when utilizing foreign cloud-based technologies and storing data with service providers located outside of Africa. These challenges may now include ensuring compliance with the Nigerian Data Protection Act (NDPA) and international best practices, maintaining data security and privacy, and managing potential jurisdictional conflicts. To overcome these challenges, tech companies must adopt proactive measures and implement robust strategies:

1. Data Localization and Jurisdiction: One of the challenges that may be faced by local tech companies is the potential conflict between the requirement to store personal data within Nigeria (data localization) and utilizing foreign cloud service providers with data centres located outside Africa. To solve this challenge, companies can explore hybrid cloud solutions that combine local data centres with foreign cloud providers. This approach allows for the storage of sensitive personal data within Nigeria while leveraging the scalability and efficiency of global cloud infrastructure. By carefully selecting cloud service providers that have a strong commitment to data privacy and security, companies can ensure compliance with the NDPA and international best practices.

2. Data Transfer Mechanisms and Adequate Protection: As stated above, the NDPA requires data controllers and processors to ensure that personal data transferred outside Nigeria receives an adequate level of protection. Local tech companies must assess the data protection measures implemented by their foreign cloud service providers and ensure compliance with international standards. Implementing measures such as robust encryption, access controls, regular security audits, and contractual agreements with service providers can enhance data security and privacy. It is important to conduct due diligence when selecting cloud service providers, considering factors such as their data protection policies, certifications, and adherence to global data protection frameworks like the EU’s General Data Protection Regulation (GDPR).

By adopting a proactive approach to data security and compliance, local tech companies can overcome the challenges of utilizing foreign cloud-based technologies and storing data with service providers located outside of Africa. They can establish strong data protection frameworks, conduct regular risk assessments, and implement comprehensive data transfer mechanisms. Collaborating with legal experts and data protection compliance officers can provide valuable guidance on navigating the complexities of international data transfers while ensuring compliance with the NDPA and international best practices. Ultimately, prioritizing data privacy and security not only enables companies to meet legal requirements but also builds trust with users and stakeholders, fostering sustainable growth and success in the digital ecosystem.

In conclusion, the provisions of the Nigerian Data Protection Act on cross-border data transfers have a significant impact on the use of cloud service providers with data centres located outside Africa. Entrepreneurs must carefully assess the adequacy of the protection offered by such providers, maintain records of transfer bases and protection measures, and comply with additional restrictions on specific categories of data. By ensuring compliance and prioritizing data protection, tech entrepreneurs can navigate the use of cloud services while safeguarding the privacy rights of Nigerian data subjects.