SAFEGUARDING THE RIGHT TO DIGITAL PRIVACY IN NIGERIA
INTRODUCTION
With the increasing technological advancement and the various innovations of smart devices, the world is increasingly becoming a connected global village. Both organizations and individuals have their respective personal information and data which are basically received by digital platforms, websites and software applications. These information and collected data are essential for personal use and data protection have become a top priority for many countries, which Nigeria is not an exception.
As a result of which several countries and international institutions have implemented data privacy and protection regulations. This is to ensure that there is an established guideline for processing personal data and also considering the rights and interests of data subjects such as individuals, businesses and organizations. However, irrespective of the fact that technological advancements have offered numerous convenience, it has also given rise to notable challenges to privacy rights.
This article will focus on the right to digital privacy and the legal framework in this rapid technological growing age while highlighting the innovative contributions the legal frameworks have offered to data protection practices in Nigeria.
THE CONSTITUTIONAL FOUNDATION OF THE RIGHT TO PRIVACY
The Nigerian Constitution did not clearly provide the extent to which data privacy is guaranteed. Howbeit, the Constitution clearly provides for citizens’ right to privacy. Section 37 of the 1999 Constitution of the Federal Republic of Nigeria (As Amended), explicitly provides for the right to privacy and family life as follows:
“The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.”
With the express above provision, it is apparently clear that the Constitution drafters intended and sought expressly to prohibit any infringement of citizens’ rights to any form of privacy, whether bodily, communications or territorial privacy. This has laid the grundnorm for protecting personal data in the digital world.
DATA PRIVACY UNDER THE NIGERIA DATA PROTECTION ACT, 2023
The Nigeria Data Protection Act 2023 (the “Act”) was recently signed into law by President Bola Tinubu in June 2023. The Act institutionalized and streamlined the protection of personal information in Nigeria, by giving statutory backing to the concept of data privacy. The Act gives proper effect to Privacy protection and regulates the processing, including the use, collection and transfer of personal data by organizations. Another aspect of the Act is that it recognizes specific data subject rights, and provides redress mechanisms when violated. Also, there is an institutionalized enforcement process by the establishment of an independent data protection commission.
The Commission established by the Act is responsible for enforcing compliance which is known as the Nigerian Data Protection Commission (NDPC). It is established as an independent body to enforce compliance with the Act. Enforcement of privacy protection prior to the enactment of the Act was under the supervision of the Nigeria Data Protection Bureau (NDPB). The operations of the Bureau have now been merged with and subsumed under the NDPC.
NDPC is saddled with the responsibility of overseeing the safe practices of data protection in Nigeria which includes fostering the development of data protection technologies, promoting public awareness of data protection, accrediting data protection compliance services, registering data controllers and data processors of major importance, receiving complaints of violations, attaining the objectives of the Act.
The rights of data subjects are guaranteed under Part VI of the Act. This includes the right to be informed before any processing, the right to access, correct, erase, restrict and object to the processing of their personal data. Data subjects can also request for their data to be transferred in a commonly used, and machine-readable format to another organization as well as not be subject to a decision based solely on automated processing, including profiling.
Consent can be withdrawn at anytime and the data subject has the right to lodge a complaint with the Commission, though the Act allows for the derogation of these rights if it falls under the exceptions of its applicability under Section 3 of the Act.
There are other related legislation in Nigeria concerned with data protection which includes but are not limited to the Nigeria Data Protection Regulation 2019 (NDPR), The Cybercrimes (Prohibition, Prevention) Act (Amendment) 2024, The Freedom of Information Act 2011, The National Health Act 2014, The National Information Technology Development Agency Act 2007.
However, a major challenge posed by the effectiveness of data protection in Nigeria is basically attributed to the weak or non enforcement of data protection laws and regulations.
CONCLUSION
The legal framework in digital privacy rights has posed a significant step towards modernizing Nigeria's data privacy and protection legislation. Safeguarding digital privacy is essential for the protection of human dignity and freedom of expression. Every democratic society must ensure guaranteed rights and uphold the rule of law in this age of digital transformation. There should be requisite institutional oversight and a robust enforcement mechanisms, public engagement and the political will to uphold the sanctity of personal data and the right to digital privacy.
References
Patrick Chukwunonso Aloamaka “Data Protection and Protection and Privacy Challenges in Nigeria: Lessons From Other Jurisdictions” UCC Law Journal Vol. 3, Issue 1 Jul. 2023.
Available at < https://www.shqlegal.com/publications/overview-of-the-nigerian-data-protection-act-2023-frequently-asked-questions-faqs > Last accessed 15/05/2025.
Article by Honour Happy-John Esq.
Photocredit: Unsplash