Categories: Legal Opinion

The Journey Towards the Nigeria Data Protection Act 2023

By Prof Isa Ali Ibrahim (Pantami) CON

The Nigeria Data Protection Act 2023 signed into Law by His Excellency, President Bola Ahmed Tinubu GCFR on June 12, 2023, effectively positions Nigeria to take its pride of place in the comity of nations in the very important aspect of data protection and data privacy. In this article, I will discuss the timeline and catalogue the series of events that led to the signing of the Data Protection Bill.

The first landmark event took place on January 25, 2019, when, as the Director-General and Chief Executive Officer (CEO) of the National Information Technology Development Agency (NITDA), I signed the Nigeria Data Protection Regulation (NDPR). This was a subsidiary legislation that derived its powers from the NITDA Act 2007, with specific reference to Section 6.

Prior to the signing of the NDPR 2019, Nigeria had no policy instrument that focused on supporting data privacy and data protection. Issues bordering on data protection were marginally mentioned in Section 37 of the 1999 Constitution, as amended which says “The privacy of citizens, their homes, correspondences, telephone conversations and telegraphic communications are hereby guaranteed and protected.” It was also briefly mentioned in the laws of the National Identity Management Commission (NIMC), National Human Rights Commission (NHRC) and a few others, but none had data protection as its primary focus.

On assumption of office as the CEO of NITDA in October 2016, I realized there was a huge gap in the area of data protection. This, my strong interest in datafication and my conviction that it would serve as a catalyst for Nigeria’s effective participation in the Fourth Industrial Revolution (4IR), informed my decision to lay a strong emphasis on Information Technology Law at NITDA, as well as collaborate with leading universities in Nigeria to establish a course on Information Technology Law. This approach enabled us to develop the requisite capacity for developing our indigenous version of the European Union’s General Data Protection Regulation (GDPR) and a number of African countries eventually partnered with us to study and adapt the NDPR.

In just two years of the implementation of the NDPR, a novel sub-sector of the economy was created, 7,680 Nigerians were employed. Nigeria was appointed as the Vice Chair of the Data Protection Laws Harmonization Working Group at the African Union (AU)and was the only country in Africa to publish a data protection report in two years.

To further consolidate the gains made through the NDPR 2019, I sent a memo to the former President, His Excellency President Muhammadu Buhari GCFR on January 13, 2022, citing “an urgent need to establish an institution as a government that will focus on data protection and privacy for the country. An independent Authority is a pre-requisite for international acceptance of Nigeria’s data protection law. The Adequacy referential of the European Union’s Article 29 Working Party; Convention 108 on the Automatic Processing of Personal Information; the European Union General Data Protection Regulation (EU-GDPR) and the Association of Southeast Asian Nations (ASEAN) all prescribe this standard.”

The institution would be an offshoot of NITDA, the Agency that developed and was implementing the NDPR 2019 at the time. Furthermore, I recommended that Dr Vincent Olatunji, the then Director of, eGovernment Development and Regulations Department and Chairman of the NDPR Implementation Committee at NITDA, serve as the pioneer National Commissioner/CEO of the new institution. The proposed institution was to be called the Nigeria Data Protection Bureau (NDPB). The prayers in that memo were approved and President Buhari appointed Dr. Olatunji as the CEO of the NDPB for an initial term of five years.

The NDPB started operations on February 4, 2022. Part of its mandate was to galvanize all stakeholders for the drafting of a National Data Protection Bill that will ultimately transform the National Data Protection Bureau into the National Data Protection Commission (NDPC). Section 7 of the Nigeria Data Protection Act 2023, makes the Commission independent whilst section 64 makes the Commission the successor of the NDPB. Thus by virtue of section 64, NDPB automatically becomes NDPC.

As part of the process of ensuring that Nigeria has principal legislation for enabling data protection and privacy, a draft data protection bill was developed after several stakeholder engagements, comprising institutions and individuals in both the public and private sectors. I presented the draft bill to the Federal Executive Council (FEC) on January 25, 2023. After a very robust discussion and a few amendments, the draft bill was approved. Three Senior Advocates of Nigeria (SANs), who were also FEC members, made contributions that significantly enhanced the draft bill and converted the Bureau’s status to a Commission.

Following the approval of the draft bill, the Council mandated me to liaise with the Attorney-General of the Federation and Honourable Minister of Justice to forward it to the National Assembly as an Executive Bill for passage in both chambers. Following the transmission of the bill to the National Assembly, I also had several engagements with the legislature to promote the bill and give clarity where required.

The draft bill was independently reviewed by the Senate and the House of Representatives after the letter of transmission of the Executive Bill from the President was read in both chambers on April 4, 2023. After comprehensive deliberations by the lawmakers, the Senate passed the Bill on May 3, 2023, and the House passed it on May 23, 2023. President Tinubu assented to the harmonized bill on June 12, 2023.

The fact that the journey between the transmission of the Executive Bill to the National Assembly and the signing into law by Mr. President took just 70 days is a testament to the fact that the Bill was given the pride of place that it deserves in our digital economy journey as a country. The signing of the Nigeria Data Protection Act 2023, along with the Nigeria Startup Act 2022, both of which I had the unique privilege of midwifing, are very critical and have created a very good foundation for the development of a robust digital economy and a sustainable knowledge-based economy.

I would like to extend my hearty commendations to President Bola Ahmed Tinubu GCFR and former President Muhammadu Buhari GCFR for their invaluable support towards the signing of the Nigeria Data Protection Act 2023. I am confident that these laws will accelerate the digitalization of the different sectors of the Nigerian economy and history will be kind to all those that played a role in the process.

Prof Isa Ali Ibrahim (Pantami) CON, former Minister of Communication and Digital Economy, is Professor of Cybersecurity, Federal University of Technology Owerri

Source: DNLLegalandstyle

lawpavilion

Recent Posts

Industrial Court validates Staff Employment Termination over NYSC Certificate

Hon. Justice Sinmisola Adeniyi of the Abuja Judicial Division of the National Industrial Court has…

1 week ago

FRN v. AKAEZE: Criminal Investigation Simplified (2)

By Ebun-Olu Adegboruwa, SAN The main responsibility of the court is to interpret the law…

1 week ago

The Duty of ‘Law’ as an Instrument of ‘Social Justice’ For ‘Peace’ to Reign

ByAmb. Hameed Ajibola Jimoh, Esq. FIGPCM, CGARB. (CERTIFIED GLOBAL PEACE AND CONFLICT RESOLUTION AND MANAGEMENT…

2 weeks ago

Is Service of Pre-Action Notice a Contradiction to the Constitutional Right of Access to Court?

CASE TITLE: ORIENTAL ENERGY RESOURCES LTD v. NICON INSURANCE PLC (2024) LPELR-61988(CA) JUDGMENT DATE: 25TH…

2 weeks ago

Copyright Infringement, Defences & Remedies Under Nigerian Law

The body of law for copyright protection in Nigeria is the Copyright Act 2022 and judicial decisions…

2 weeks ago

The Legality of Indefinite Suspension of an Employee

What is the Meaning of Indefinite Suspension? Suspension is the placement of an employee in…

2 weeks ago