Alleged Misuse of Personal Data in Natasha Akpoti-Uduaghan Attempted Recall Sparks Privacy Concerns for Social Assistance Beneficiaries in Africa – Tolulope Idowu

The recent controversy surrounding the attempted recall of Nigerian Senator Natasha Akpoti-Uduaghan has done more than shake political ground in Kogi Central — it has spotlighted a dangerous vulnerability in the way personal data of socially and economically disadvantaged citizens is handled across Africa.

According to investigative reports, residents were allegedly invited to an “empowerment programme” and asked to bring their voter cards. Unbeknownst to many, their personal data — names, signatures, and Voter Identification Numbers (VINs) — were used to support a political recall petition. This sparked public outcry and legal intervention, with the Federal High Court restraining the Independent National Electoral Commission (INEC) from processing what was described as a petition backed by “fictitious” or fraudulently obtained information.

This incident should not be seen in isolation. Instead, it reveals a broader systemic problem: the lack of adequate data protection safeguards for beneficiaries of social welfare and public assistance programs in Africa.

Social assistance beneficiaries , typically poor, elderly, unemployed, or disabled individuals, are uniquely vulnerable. They are often asked to hand over personal information in exchange for access to critical services or relief programs. Without adequate safeguards, this information becomes a tool for exploitation — whether for political mobilization, commercial gain, or digital surveillance.

In Nigeria and much of Africa, data literacy remains low, and consent is often uninformed or coerced. The idea of purpose limitation — the principle that data should only be used for the reason it was collected — is rarely enforced in social interventions. The misuse of beneficiaries’ information in the Kogi recall saga is a case in point.

Across Africa, only about 39 out of 55 countries have comprehensive data protection laws in place[1]. Even where these laws exist, they rarely address the specific vulnerabilities of populations receiving social aid, where power dynamics between data collectors (often government agents or NGOs) and recipients are highly unbalanced.

This is not just Nigeria’s problem. Across Africa, digital expansion in social protection is outpacing legal and ethical safeguards:

In Kenya, biometric registration for government benefits has led to exclusion and privacy complaints[2], in South Africa, data from grant beneficiaries has allegedly been shared with private companies for marketing purposes[3], in Uganda, voter data has been misused during election seasons under the guise of public welfare outreach[4].

These examples illustrate a growing need for regional cooperation and rights-based frameworks that prioritize dignity, consent, and protection for the continent’s most vulnerable.

Nigeria’s Data Protection Act (NDPA) 2023 establishes a progressive and comprehensive legal framework for protecting personal data. It enshrines key principles such as lawful processing, purpose limitation, data minimization, and accountability. It also gives individuals clear rights — including the right to be informed, the right to object, the right to access personal data, and the right to seek redress. The Act established the Nigeria Data Protection Commission (NDPC) as the regulatory authority, mandated to enforce compliance, investigate violations, and sanction erring organizations.

However, implementation remains weak and largely urban-centric. While the legal text appears sound, enforcement in rural communities, informal settings, and social assistance programmes is often non-existent or ineffective.

Many of the data collection exercises in social support schemes take place in informal, low-transparency environments — marketplaces, community centres, religious institutions — where digital literacy is low and beneficiaries are unable to distinguish between legitimate aid and exploitative data collection. In these contexts, the legal obligation to obtain informed consent is often ignored or inadequately fulfilled. A form is signed, a thumbprint taken, or a list compiled — but no one explains who will access the data, for what purpose, or how long it will be stored. This violates both the letter and the spirit of the NDPA.

Moreover, data protection compliance is rarely built into public service delivery by design. Many government agencies and local contractors handling social intervention programmes are not fully aware of their obligations under the law. Where awareness exists, it is often treated as a “box-ticking” exercise, not a duty to the data subject. The NDPC, though empowered by the Act, lacks the field-level visibility and resources to monitor data practices across Nigeria’s 774 local government areas, many of which rely on ad hoc or non-digital means of data collection.

Across Africa, the picture is similarly unnerving. While countries like Kenya, Ghana, Rwanda, and South Africa have implemented relatively modern data protection frameworks, many others still operate under outdated or non-existent laws. Even where legal frameworks exist, they often lack clear mechanisms for enforcement, do not prioritize the rights of vulnerable data subjects, or omit specific provisions related to social assistance programs.

In practice, this means millions of Africans who depend on public aid are being left unprotected from data misuse. Their personal information is collected under the banner of empowerment or relief — and then misused for voter manipulation, surveillance, or profiteering.

The events surrounding the misuse of personal data in the Kogi recall saga should not merely provoke outrage — they must drive reform. Africa stands at a critical crossroads where the rise of digital governance must be matched by the development of strong, ethical, and inclusive data protection ecosystems. Safeguarding the privacy and dignity of citizens, especially those dependent on public welfare, must become a cornerstone of digital and social policy across the continent.

The following recommendations are suggested as a forward-thinking approach to drive solutions

1. Strengthen and Enforce Legal Frameworks

While many African countries have made strides in passing data protection laws, the gap between legislation and enforcement remains wide. Governments must integrate data protection compliance into all stages of social assistance planning and implementation, not as an afterthought but as a central design principle.

While most laws include specific provisions protecting vulnerable data subjects such as children, the elderly, the poor, persons with disabilities, and internally displaced persons, it is recommended that Parliaments across Africa should empower data protection authorities to investigate misconduct, issue binding directives, and impose sanctions without political interference.

2. Embed Ethical Standards in Social Protection Programs

Social assistance programs must be anchored in a human rights-based approach, ensuring that dignity, privacy, and agency are respected. Humanitarian agencies, NGOs, and government contractors should be legally bound to ethical data practices, with robust third-party audits of any mass data collection initiative.

3. Empower Data Protection Authorities

Regulators like Nigeria’s Data Protection Commission (NDPC), South Africa’s Information Regulator, and Kenya’s Office of the Data Protection Commissioner must be adequately funded, trained, and politically insulated to enable them conduct supervisory activities such as; routine field-level audits of public and private entities handling beneficiary data, public hotlines or complaint mechanisms for reporting abuses, publication of annual reports on data breaches, enforcement actions, and sectoral compliance. Without strong institutions to hold violators accountable, legal protections would remain ineffective.

4. Promote Community Data Literacy

The most sustainable defence against data exploitation is a well-informed citizenry. Many people affected by unethical data use — especially in rural or underserved areas — are unaware of their rights or how their information can be misused.

Governments, civil society, and tech companies should collaborate on nationwide data literacy campaigns, using radio, mobile platforms, religious institutions, and community leaders. Schools should include digital rights education in their curricula and beneficiaries must be educated on how to ask questions, how to withdraw consent, and how to report violations.

5. Leverage Technology for Accountability

Ironically, the very digital tools that can be misused for surveillance or political manipulation can also be harnessed for protection and oversight: consent management platforms could allow individuals to grant, deny, or revoke access to their data in real time, open data dashboards can help civil society monitor and audit government-run data programs in a transparent manner.

Africa’s digital future holds enormous promise — but only if it is governed by fairness, equity, and justice. Protecting the data of the poor, the unlettered, and the marginalised is not only a technical issue — it is a moral imperative.

The misuse of data in incidents like the Kogi recall saga shows what happens when power and privacy collide without oversight. The way forward is not to abandon social assistance programmes, but to execute them with empathy, accountability, and respect for human dignity.

As Africa designs its digital future, let us ensure that no one is left behind — or exploited — including the vulnerable ones in our midst.

---

[1] https://cioafrica.co/africa-accelerates-efforts-to-strengthen-data-privacy-protection/

[2] Legal Challenge Targets Kenya’s New Digital ID System Over Rights Concerns – ID Tech

[3] blacksash.org.za/wp-content/uploads/2023/09/Bowmans_BlackSash_POPI.pdf

[4] https://cipesa.org/wp-content/files/briefs/report/Data-and-Politics-in-Uganda.pdf

Writer: Tolulope Idowu

Can be reached via itolulopeidowu@gmail.com