Home » Op-Ed: “The Lack of Data Protection in the LTMI Concession”
Front Page Africa

Op-Ed: “The Lack of Data Protection in the LTMI Concession”

Written by lnn

Liberia’s concession agreement with Liberia Traffic Management Incorporated (LTMI) was heralded as a step toward modernizing public sector services, including vehicle registration, driver’s licensing, and traffic enforcement. But a close examination reveals that, as currently drafted, this contract opens the nation and its citizens to profound risks—primarily because it lacks critical protections regarding data ownership, oversight, and technological sustainability.

By George K. Fahnbulleh, [email protected], Contributing Writer

Glaring Shortfalls in Data Ownership and Protection
At the heart of the agreement’s shortcomings is the effective ceding of control over sensitive national datasets—including biometric and geographic information—to a private, foreign-led vendor. Nowhere does the contract explicitly state that all data generated remains the exclusive property of the Government of Liberia. Nor does it establish ironclad requirements for local data storage or a guarantee of data repatriation.

The potential consequences are grave:

  • If the contract is terminated or LTMI experiences business disruption, the fate of these citizen datasets remains undefined.
  • Data could be transferred or stored outside of Liberian jurisdiction, undermining national sovereignty and placing sensitive information beyond the reach of Liberian law.
  • Citizens lose agency and legal recourse regarding how their personal information is accessed, shared, or even commercialized.
    Oversight and Accountability: An Unacceptable Vacuum
    The contract further compounds these risks by diluting the Ministry of Transport’s statutory oversight role. Operational control is granted to LTMI without any enforceable requirement for:
  • Regular government audits of data use and cyber-security practices;
  • Independent, third-party security assessments and transparent reporting;
  • Recourse or remediation for Liberian citizens in cases of breach, misuse, or unauthorized data exposure.
    Simply put, there are no mechanisms for either the government or the public to scrutinize or hold the vendor accountable for the stewardship of citizen data.

Technological Sustainability and Vendor Lock-In
In its current form, the agreement provides no meaningful pathway for technology transfer, source code escrow, or capacity building among Liberian officials. There are:

  • No requirements for training government staff to manage or operate vital systems;
  • No contingency for reversion of technical assets or knowledge in the event of contract termination;
  • No modern requirements for encryption, cybersecurity standards, or breach notifications.
    This not only makes the government dependent on LTMI for day-to-day public digital services, but also risks creating permanent vendor lock-in with spiraling costs, limited system adaptability, and hamstrung national cybersecurity.

Concrete Risks for Liberian Citizens

  • Personal, driver, and vehicle data could be accessed, misused, or sold by private or foreign actors, without citizens’ knowledge or consent.
  • There is no guarantee of notification or remedy if a data breach exposes individuals’ sensitive information.
  • National security and civil rights are left dangerously exposed, as neither government nor citizens can properly control or monitor the usage of their own data.
    The Path Forward: Essential Contract Reforms
    To address these critical gaps and protect both national sovereignty and citizens’ rights, the LTMI agreement must be amended in the following ways:
  • Enshrine State Data Ownership and Residency

    • All data generated under this agreement, especially personal, biometric, and geographic data, must remain the exclusive property of the Government of Liberia. No data may be processed, stored, or transmitted outside Liberia without explicit, written consent from a national authority.

  • Mandate Government Oversight and Audit Rights

    • The Ministry of Transport (or an independent regulator) must be granted unrestricted audit rights over all data systems and processes, with mandatory annual third-party security audits—and public reporting of results.

  • Require Strong Data Protection and Breach Notification

    • LTMI must comply with up-to-date data protection standards, including encryption-at-rest and in-transit, penetration testing, and breach notification within 48 hours, with full government oversight and required remediation steps.

  • Build Local Capacity and Require Technology Escrow

    • The agreement must mandate technology transfer—including personnel training, source code escrow, and full access to technical documentation—so all systems and data can be transitioned to direct government control within three years.

  • Guarantee Contractual Termination and Data Repatriation

    • Upon contract expiration or early termination, LTMI must ensure secure, uncompromised handover of all data, credentials, and technical assets to the government—at no additional cost and with full documentation.

    Conclusion:
    Liberia’s future as a digital nation depends on upholding the rights and privacy of its citizens. Without immediate reforms to the LTMI concession agreement—ensuring state data ownership, transparent oversight, and technological sovereignty—the country risks trading short-term modernization for long-term vulnerability. The government and its partners must act decisively to secure Liberia’s digital future for this generation and the next.