A blog post by Favour Agunu, Junior Associate.

Data Protection remains a relatively undeveloped field in Nigeria.[1] Although various efforts have been undertaken by the legislature to pass a comprehensive data protection act, all that exists currently are several sector specific laws addressing the use of data and a data protection regulation.[2] The Nigerian Data Protection Regulation (NDPR) was enacted in 2019 by the National Information Technology Development Agency (NITDA) and albeit merely a subsidiary legislation, it is currently the most comprehensive data legislation in Nigeria.[3] Although the regulation contains some commendable provisions regarding the obligations of data controllers and the penalties for beach, its status as a regulation makes it inferior to any Act of the parliament.[4] This has the effect of watering down the potency and applicability of the regulation. [5]

Data protection is necessarily intertwined with trade especially in the digital age and as such, Nigeria’s data protection status puts the country in a precarious position. As a developing country seeking to grow its exports, its ability to improve internet access and cross-border data flows is of particular importance in overcoming a wide range of local barriers to international trade.[6] Further, data privacy has been considered as an important ingredient in fostering consumer trust in electronic commerce and online transactions.[7] Inefficient data safeguards could result in losses for both businesses and consumers through identity thefts and unauthorized data exploitation.[8] Therefore, Nigeria needs to adopt data protection standards that provide consumer confidence without unduly restricting businesses.[9]

It is recommended that the Nigerian parliament enact an Act that replicates the core set of principles laid down by global and regional data protection initiatives.[10] Further, there is a strong need for a single central regulator that would oversee compliance.[11] Adopting these recommendations will no doubt give Nigeria a competitive front in its international trade efforts.

 

[1] Khadijah El-Usman, A push toward data protection legislation in Nigeria, Paradigm Initiative (Sep. 29, 2020), https://paradigmhq.org/a-push-toward-data-protection-legislation-in-nigeria/

[2] Olumide Babalola, Nigeria’s data protection legal and institutional model: an overview, 2021 Int’l Data Priv. Law  2,  https://academic.oup.com/idpl/advance-article/doi/10.1093/idpl/ipab023/6403926,

[3] El-Usman, supra note 1.

[4]  Emmanuel Salami, The Nigerian Data Protection Regulation 2019: Overview, Effects and Limits, datenschutz notizen (April 2 2019), https://www.datenschutz-notizen.de/the-nigerian-data-protection-regulation-2019-overview-effects-and-limits-3522349/

[5] Id.

[6]  Joshua Meltzer, The Internet, Cross-Border Data Flows and international Trade, 22  Issues in Tech. Innovation 1, 12  (2013)  https://www.brookings.edu/wp-content/uploads/2016/06/internet-data-and-trade-meltzer.pdf.

[7] Svetlana Yakovleva & Kristina Irion, Pitching trade against privacy: reconciling EU governance of personal data flows with external trade, 10 (3) Int’l Data Priv. Law  201, 207 (2020), https://academic.oup.com/idpl/article/10/3/201/5813832

[8] Id.

[9] U.N Conference on Trade and Development, Data protection regulations and international data flows: Implications for trade and development, xi, UNCTAD/WEB/DTL/STICT/2016/1/iPub (Apr.2016)

[10] Id, xii

[11] Id.