When towards the end of the last decade, tax payers in Lagos state, Nigeria woke up to the sensational news of the admitted data breach on the payment portal of Lagos Internal Revenue Service – the state’s tax collection agency – one would have thought that, the service would have been bombarded with myriads of law suit for such unprecedented “invasion of privacy” but the Country’s extant laws, with the exception of the Nigeria Data Protection Regulation (NDPR), which is, at best, fairly managing to gain traction, is largely believed to be devoid of express provision on “invasion of privacy”

Having reviewed a couple of legal articles and papers on the tort of invasion of privacy in Nigeria, the common denominator seems to have been the unconscious omission of provision of our local statutes on torts in exclusive favour of the common law of England from where we inherited our jurisprudence on tort.

This repeated snub may however not be unconnected with the widespread misconception that, the solitary source of our law of torts is the common law of England thereby leading to the under-utility of the texts of indigenous statutes that expressly and comprehensively make provision for the tort of invasion of as far back as 1961 when the Torts Laws of Western and Eastern Nigeria were enacted.

On the consciousness of our courts to statutory (general) torts, as early as 1986, the Supreme Court in the decision in Nasiru Bello v A.G. Oyo State (1986) 5 NWLR at page 828 took cognizance of the Torts Laws of Western Nigeria which has now been codified into the Torts Law of Oyo State 1978. The

Worthy of mention however, is the recent decision in Portland Paints & Product Nig. Ltd v Mr. Jimmy Olaghere (2019) 2 NWLR (pt. 1657) 569 where the Respondent sued the Appellant before the High Court of Lagos State for breaching his privacy as a tort but neither cited nor relied on the only law that provides for “invasion of privacy” as a tort in Lagos State, although trial court and Court of Appeal ruled in the respondent’s favour, the golden opportunity to utilize the Law of Lagos State on invasion of privacy was momentarily lost.

For the avoidance of doubt, section 29 of the Law Reform (Torts) Law, Ch. L82 Laws of Lagos State 2015 provides that:

29. Invasion of privacy

“(1) Anyone who intentionally intrudes, physically or otherwise, on the solitude or seclusion of another or private affairs or concerns, is liable for invasion of privacy, if the intrusion would be highly offensive to a reasonable person.

(2) Anyone who uses the name or likeness of another in a manner and to an extent which suggests to a reasonable person an intention to appropriate the name and likeness of another or that is associated with another is liable to damages.

(3) Anyone who publicizes a matter concerning the private life of another is liable for invasion of privacy, if the matter publicized is of a kind that:
(a) Would be highly offensive to a reasonable person and
(b) is not of legitimate concern to the public.”
The law goes further in section 31 by provide for remedies thus:

31. Remedies
“The remedies that a Court may grant in an action for invasion of privacy includes:
(a) Injunction.
(b) Damages
(c) Order directing the defendant to account to the claimant profits that have accrued or may later accrued to the defendant because of the invasion of privacy:
(d) Order directing the defendant to deliver to the claimant any material, article, photograph or documents that have come into the defendant’s possession because of violation of privacy and
(e) Any other appropriate order or relief.”

While reading subsection 3 of section 29 above, what readily came to mind was the wanton exposure of tax payers’ data by the Lagos State Internal Revenue Service and the data breach allegedly suffered by SureBet 247 which all seemed to have gone without consequences either under the extant Nigeria Data Protection Regulation or other relevant legislations.

This author is of the view that with or without the Nigerian Data Protection Regulation, the provisions of sections 29 and 30 are comprehensive enough to be taken advantage of, for tortious claims bordering on all kinds of privacy invasion (including data breach), and same could be used to supplement and/or complement the new privacy regulations issued to cater for the increasing privacy concerns in Lagos State and Nigeria as a whole.

Olumide Babalola, the managing partner of Olumide Babalola LP (a licenced Data Protection Compliance Organization) writes from Lagos State, Nigeria. [email protected]