Cambridge Analytica scandal: Why Nigeria needs a data protection law
Across the globe, many countries, including China, South Africa and member states of the European Union have taken steps in recent years to tighten the legal framework for the protection of data and personal information within their respective jurisdictions. Quite glaringly, the Nigerian Government has taken very little steps towards implementing a coherent legislation on data protection. Our data protection framework consists largely of legal provisions littered across numerous laws and regulations.
The recent scandal involving the unauthorized and unethical exploitation of data of Facebook users by Cambridge Analytica during the United States presidential election campaign in 2016 has once again brought to the fore issues of user privacy and protection of personal information across the global web community. Citizens of different countries desire protection of their respective governments against the violation of their personal information rights. Whilst the debate and discourse rage on, no legislative action has been taken in Nigeria to expedite the promulgation of a national framework for protection of personal information.
This article considers the current state of data protection regulation in Nigeria, highlights some deficits within the current regulatory framework and proposes legislative action to tighten the regulatory regime for the protection of personal information in the country.
State of Data Protection in Nigeria
Nigeria does not currently have a framework for the protection of information of persons whose personal information is collected (Data Subjects). Though there are diverse legislations that contain privacy protection regulations, only very few have general application, with most of the regulations targeted at specific sectors.
The few regulations, which have general application include:
I. The NITDA Guidelines on Data Protection
(2017). Issued by the National