An Examination of the Legal Framework for Data Protection in Nigeria and its Implications for Security And Economy


The urge for data protection is a growing demand in various sectors that make up the society. Ours is a digitalized world where globalization and information technology remain a point of convergence for any society in dire need of real growth and development. It was on this pedestal that the need to protect data – being the numerical and alphanumerical representation of people’s identities – became a major concern. Thus protecting and restricting the availability of people’s data is as effective as upholding their right to privacy and confidentiality. Furthermore, it offers a wide range of advantages which are consequential to individual growth and socioeconomic development of the nation. This essay therefore seeks to examine the legal frame work for data protection in Nigeria and its possible implications for the security and economy.


According to Techopedia, 2014, the context of data protection varies and the methods and extent also vary for each context; there is data protection on the personal level, that of business or public entities, and that of data so highly classified that it should never fall into the hands of others, aside from its owners — or in other words, top secret. Data protection is, therefore, the process of protecting data and involves the relationship between the collection and dissemination of data and technology, the public perception and expectation of privacy and the political and legal underpinnings surrounding that data. It aims to strike a balance between individual privacy rights while still allowing data to be used for business purposes. In another attempt, Access Now (2018) defines data protection as the practices, safeguards, and binding rules put in place to protect your personal information and ensure that you remain in control of it. In essence, you should be able to decide whether or not you want to share some information, who has access to it, for how long, for what reason, and be able to modify some of this information, and more.


It is a strange development that there is no comprehensive legal regime for data protection in Nigeria. However intellectual efforts have been made to derive from some major laws the necessary protection to protect, restrict and preserve the circulation of personal information and the upholding of right to privacy of employees, children, people living HIV & AIDS, professionals and students among other stakeholders in the society. In the light of this, an attempt shall be made to examine some of these regulatory frameworks for data protections in Nigeria.

  • Nigeria and the Constitution:  the Nigerian Constitution is supreme, and it has binding force on all person and authority of the Federal Republic of Nigeria. It therefore – in protecting the rights of the citizens – stipulates some fundamental rights that must be respected and observed by every individual and authority. In relations to data protection, recourse may be drawn from Section 37 of the Constitution which provides and guarantees the right to private and family life. Under this provision, the right to privacy of citizen is adequately guaranteed. The protected rights include right to privacy of the homes, the right to correspondence, telephone conversations and telegraphic communications. However this right may be limited in the event of public security and safety of another individual.
  • Child Rights Act: under the S. 8 of the Act, every child in Nigeria is entitled to their privacy, family life, home, correspondence, telephone conversations and telegraphic communications. This right is however subjected to the control of the child’s guardian and parent as highlighted under Subsection 3 of the Section.
  • Nigeria Data Protection Regulation 2019: Section 32 of the Nigerian Information Technology Development Agency (NITDA) Act provides that the Agency shall have the power to make subsidiary regulations that would be peculiar to the development of information technology in Nigeria. It is under this cobweb that the 2019 Regulation for Data Protection was made to serve as a guideline for data protection in the country.
  • Cybercrime Act (2015): This Act mandates all Internet service providers to provide adequate protection of data and personal information of their subscribers. To this end, there must be a regulated restriction in the use, disposal and storage of personal data for the purpose of processing information. Furthermore, the Act criminalizes any illegal access, abuse and manipulation of data for the purpose of prosecuting fraudulent activities.
  • Nigerian Communication Commission (Registration of Telephone Subscribers) Regulations (2011): This particular Regulation is a subsidiary of the Nigerian Communication Commission Act. It mandates Telephone Service Providers to maintain a detailed record of their subscribers’ personal information. In extension, precautionary measures must be taken in ensuring the safety of the data within their disposal. Therefore, no personal data must be accessed or transferred without the prior consent of the owner.
  • Consumer Protection Framework (2016): This framework is an appendage of the Consumer Protection Act. It was introduced by the Central Bank of Nigeria. It mandates the adequate security and protection of consumers’ privacy and assets.
  • National Health Act (2014): This Act provides that Health Service Providers must have a secured record of their patients’ personal data, and such data must not be used or transferred without obtaining the consent of the owner.
  • HIV and AIDS (Anti-Discrimination) Act (2014): The Act was signed into law by former President Goodluck Jonathan to suppress the high rate of discrimination being waged against persons living with disabilities. This Act specifically prohibits employers of workforce from carrying out HIV and AIDS test on prospective employees without obtaining prior permission from such persons. It also restricts the discriminatory dismissal from work of persons living with disabilities with the view to exposing them to public stigmatization.
  • National Identity Management Commission Act: S. 37 of the Act confers power on the commission to make regulations for the effective operation and running of the Act. The Act empowers the Commission to obtain, gather, collate and process personal data for the purpose of managing the identities of citizens of the Federal Republic of Nigeria.

The Implications of Data Protection for the Security and Economy: the implications of data protection on the security and economy cannot be over-emphasized in the light of the recent development in commerce and population growth in the globe. Thus, the following are the advantages data protection offers:It ensures a coordinated organization and management of personal information which would indirectly bear a huge influence in the observance of the right to private and family life of the citizens.

  1. It prevents unauthorized access to information which may lead to the infiltration of the cyber space for the purpose of prosecuting illicit financial transactions and fraudulent activities.
  2. It expands the jurisprudence of criminal justice system as criminal activities may easily be investigated through some detailed identification parades. Data protection has aided the United States’ Federal Bureau of Investigation in the apprehension of serial criminals through a thorough examination and collation of the criminals’ personal data.
  3. It enables the government to present a mainstream identity management system where personal data of citizens would be collated, processed and stored for the purpose of national population planning.
  4. It offers the enabling legal right for employees in the work force to have an unrestricted control to the confidentiality and safety of their data under the possession of the employers and industrial managers.
  5. It prevents avoidable breaches in organizational protocols of businesses which may result in huge loss of corporate trust, clientele base and coordinated productivity as heavy compensations may be demanded for such breach.
  6. It guarantees a strong recovery system and backup of processed information and data in the eventuality of cyber disaster which occasioned data loss.


As envisaged by the Nigerian Constitution, the security and welfare of the people shall be the primary purpose of this government. Judging from this expression, the government is enjoined to take all necessary steps in securing the rights of the people, which include the right to privacy, confidentiality and restricted access to people’s personal data. This, among other factors, constitutes the reasons why there must be a specific legal regime which would provide an ascertained regulatory framework for data protection in Nigeria. This measure would indeed go a long way in providing guidelines for the access and transfer of data in the business, bureaucratic and industrial environment while ensuring security of physical and financial life of people.

Profile Image

Ali Toyin Smart


Ali Toyin Smart, LL.B (Ilorin), BL, (Lagos)
Ali Toyin Smart is an Associate at YBA & CO. SOLICITORS, Lekki, Lagos, Nigeria.

Be the first to comment

Leave a Reply

Your email address will not be published.