The Nigerian data protection and data privacy regime can be classified as a relatively growing area. There is still largely an absence of relevant and up-to-date legislation at both federal and state level, capable of providing for all the intricacies/ developments which data serves as a driver for. Technology is ever evolving and has penetrated every facet of life from the use of home appliances to smart buildings usually referred to as the Internet of Things.
Sources of Data Protection and Data Privacy
The basis of these technological advancements is data. Regardless of the dearth of specific legislation, there are several sources which offer the foundation by which there even exists any form of attempt at data protection and privacy.
a) The Constitution
The grundnorm for the discussion of data privacy in Nigeria is the 1999 Constitution of the Federal Republic of Nigeria (as amended) (the Constitution) which guarantees certain inalienable rights to the Citizens of Nigeria. Section 37 of the Constitution provides that:
“The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”.
This section aims to protect citizens of Nigeria from all undue interference with the enjoyment of their privacy in their homes, correspondence, telephone conversations and telegraphic communications. There have been arguments to the effect that the
section is not expansive enough considering the different innovative modes of data generation which exist currently. As stated earlier, technology has evolved and is currently still evolving in different ways. There are multiple data points, for instance, Facebook generates 2.5 million pieces of content per day, Google processes 14 1.2 trillion searches per day , in this vein there are also other data collection points ranging from the use of mobile technologies, smart technologies and many more. It is advised that the provision be amended to incorporate a more inclusive approach which represents all or as many of the possible ways data may be collected.
b) The National Data Protection Regulation
The dawn of technological advancement in Nigeria saw the inclusion of more members of the population as internet and mobile phone users. This meant that more persons began using more technology and by virtue of this more data was generated. This saw the establishment of the National Information Technology Development Agency which serves as the governing body for all ICT related issues in Nigeria. The National Data Protection Regulation (NDPR) serves as the extant regulation for data privacy and protection in Nigeria. The regulation was issued in 2019 by the National Information Technology Development Agency (NITDA) to regulate and control data usage in Nigeria .
The NDPR is modelled after the European Union General Data Protection Regulation (EUGDPR), to the extent that it covers the different principles of data processing, the requirement of Data Compliance Officers and the obtaining of consent from data subjects in relation to the collection and processing of their data and requirements for international transfers of data and rights of data subjects.