Charis Tamunoibifiri Jaja Esq.

INTRODUCTION.
Today, the value and importance of data cannot be overstated. Data privacy and protection is a right that is globally enjoyed by everyone, be it a man or a woman. Data privacy which is sometimes referred to as information privacy, generally means the ability of an individual to determine for themselves when, how and to what extent personal and private information about them is to be shared with others. Data protection is the process of safeguarding important data from compromise, corruption, theft or loss and also providing the avenue and opportunity to restore the data to it’s functional and useful state in the event that the data is rendered unusable.

The importance of data protection leads to an increase in the amount of data generated and stored. Protecting data and ensuring data is not compromised or corrupted are key essentials for data protection.

The need to protect and preserve the privacy of data has led nations of the world to create laws, principles and regulations to be in place to protect and guarantee the safety of data and Nigeria, our country is not left out. In Nigeria, data privacy is hinged on the 1999 Constitution Federal Republic of Nigeria (as amended)[1] from which other laws and regulations such as: Nigeria Data Protection Act, 2023[2]; The Freedom of Information Act, 2011[3]; Cybercrimes (Prohibition, Prevention, etc) Act, 2015[4], Child’s Rights Act, 2003[5] The Credit Reporting Act, 2017[6]; were borne.

The purpose of this paper is to identify and examine the laws that regulate and protect data in Nigeria.

RELEVANT LEGISLATION.
2.1 CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIA, 1999(AS AMENDED).

The Constitution is the ground norm in Nigeria, the basis from which other acts, laws or regulations are formed. Data privacy was provided for in Section 37[7] of the Constitution which provides that “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.”

Data privacy and protection are thus inherent rights of the citizens of Nigeria that cannot be dispensed away with except in cases of fraud or to protect the best interest of the society at large.

2.2 NIGERIA DATA PROTECTION ACT, 2023

The Nigeria Data Protection Act is the first comparative legislation and primary law on data protection in Nigeria. This Act replaced the Nigeria Data Protection Regulation of 2019. The Act provides a legal framework for the safeguarding of both personal and corporate information.

The Act has a number of objectives[8] to ensure data privacy and protection such as;

Safeguard the fundamental rights and freedom of data subjects as guaranteed in the Chapter IV of the Constitution.
Provide for the regulation of processing personal data.
Safeguard the privacy of personal data and data subjects.
Provide recourse and remedies in the event of breach of data privacy.
To strengthen the legal foundations of the national digital economy and guarantee participation of every Nigerian.
On data security, the act provides that “a data controller and data processor shall implement appropriate technical and organizational measures to ensure the security, integrity and confidentiality of personal data … including protections against accidental or unlawful destruction, loss, misuse, alteration, unauthorized disclosure or access …”[9][10]

The objectives and provisions were put in place to ensure that the Act carries out the main purpose for which it was enacted for which is to safeguard and ensure data privacy and protection in Nigeria.

2.3 FREEDOM OF INFORMATION ACT, 2011

The Freedom of Information Act makes and ensures that public records and information is more freely available, to provide for more public access to public records and information, protect public records and information to the extent to which is consistent with the public interest and also the protection of personal privacy.

This Act however has an exception in regards to personal privacy. It provides that “… a public institution must deny an application for information that contains personal information…”10 This provision of the Act precludes governmental agencies from giving out private information except where consent of the individual in question is obtained or the information is made available to the public.

2.4 CYBERCRIMES (PROHIBITION, PREVENTION,ETC) ACT,2015

The essential purpose of this Act is to ensure the protection of national information, data and computer programs , intellectual property and privacy rights of individuals as well as the prosecution and punishment of cybercrimes in Nigeria that breach the privacy of data. The Act provides that service providers have an obligation to store and retain subscribers information for a period of two (2) years and within that retention period, they are to ensure that data and information is safeguarded as provided for in Chapter IV of the Constitution of the Federal Republic of Nigeria.

2.5 CHILD RIGHTS ACT, 2003

Everyone is entitled to privacy, including children. The Child Right’s Act was designed to protect and guarantee the rights of the Nigerian Child who is a person under the age of 18 years. Section 3 of the Child Rights Act makes reference to Chapter IV of the Constitution of the Federal Republic of Nigeria. Section 8 of the same Act provides for the entitlement of a child to his privacy, family life, home correspondence and telephone conversations.

When it comes to data privacy and protection, children below the age of 18 years are not left out.

2.6 THE CREDIT REPORTING ACT, 2017

The Credit Reporting Act was enacted to improve access to credit information in credit transactions. Section 9 of the Act provides that data subjects (those whose data is maintained by the credit bureau) are entitled to privacy, confidentiality and protection of their credit information.

IMPACT OF THE ABOVE LAWS ON DATA PROTECTION.
Without the implementation of the above legislations, data would be left unprotected which would in turn lead to breach of privacy. The lack of data security opens the door to a wide variety of security risks such as, data theft, data tampering and unauthorized access to sensitive information.

Failure to protect data has both legal and financial implications. Where a breach has occurred, the legal obligation of the organization is to investigate the source or cause of the breach and ascertain the affected areas after which the affected party would be notified of such breach. Legal action can be instituted against those responsible for the breach in data privacy.

In respect of the financial obligation, organizations in breach of data privacy may be made to pay fines, bear the cost of investigation where necessary and in cases where money was lost by subscribers, may be made to pay back the sum that was lost, either in part or in whole.

4. CONCLUSION

Data privacy and protection is very crucial and important especially in this day and age. It is a right that every human being is entitled to irrespective of race, age or gender. From this paper, we can see the various laws that regulate and govern data privacy and protection in Nigeria. These laws are necessary, for without them, there would be no safeguard for the data rights of individuals and organizations.

Charis Tamunoibifiri Jaja Esq. Associate, Hullbridge Solicitors

[1] Section 37of the 1999Constitution

[2] Section 39

[3] Section 14

[4] Section 1(b)

[5] Section 8

[6] Section 9

[7] Constitution Federal Republic of Nigeria, 1999(as amended)

[8] Section 1(a-h)

[9] Section 39(1)

[10] Section 14(1)(a-e)