Data Protection in Nigeria

Online privacy in Nigeria

The Constitutional right to privacy applies to electronic media, including mobile devices and the Internet. Violations of these rights as safeguarded by the constitution may be subject to civil enforcement under the Fundamental Rights Enforcement Procedure Rules, 2009.

According to the Nigeria Data Protection Act, data controllers are obligated to perform a data privacy impact assessment where processing personal data could potentially pose a substantial risk to the rights and freedoms of a data subject, taking into consideration the nature, scope, context and purposes of such processing. Where the probability of high risks is established by the impact assessment, the controller is obligated to consult the Commission before processing.

The Nigeria Data Protection Regulations requires all mediums through which Personal Data is collected or processed to display a simple and conspicuous privacy policy, easily understood by the targeted Data Subject class. The privacy policy must contain the following, in addition to any other relevant information:

  • What constitutes Data Subject consent;
  • Description of Personal Data to be collected;
  • Purpose of Personal Data collection;
  • Technical methods used to collect and store personal information (i.e. cookies, web tokens etc.);
  • Access (if any) of third parties to Personal Data and purpose of access;
  • An overview of data processing principles under the NDPR;
  • Available remedies for privacy policy violation;
  • Timeframes associated with available remedies; and
  • Any limitation clause, provided that no limitation clause shall avail any Data controller who acts in breach of the principles of lawful processing set out in the NDPR.

Continue reading

  • no results

Previous topic
Back to top