Nigerian Data Protection Commission Plans to Revise Data Protection Act
The Nigerian Data Protection Commission (NDPC) has announced its intentions to review the Nigerian Data Protection Act (NDPA) to explicitly include regulations addressing emerging technologies like artificial intelligence, big data, and robotics. This initiative comes three years after the Act was signed into law.
According to the News Agency of Nigeria, NDPC National Commissioner Dr. Vincent Olatunji shared this update in Abuja on Friday, commemorating the three-year anniversary since President Bola Tinubu signed the NDPA on June 12, 2023.
Dr. Olatunji explained that, given the rapid advancements in digital technology, updates to certain provisions of the Act are necessary. He noted that when the bill was initially drafted, the digital landscape was relatively underdeveloped, resulting in broad and general references to emerging technologies.
NDPC’s Perspective on Emerging Technologies
He emphasized the need for the law to transition from ambiguous mentions of emerging technologies to explicitly naming those that currently shape the digital economy. Olatunji stated, “We are in the era of emerging technologies. A decade ago, discussions around AI were not as prevalent; today, it plays a pivotal role in nearly every aspect of digital transformation.” He further indicated the importance of providing specific examples of what constitutes emerging technologies in the evolving landscape.
While advocating for a more defined approach in legislation, Olatunji underscored the necessity of maintaining human oversight in the deployment of AI systems. He asserted that, “The human element is still needed. We shouldn’t leave everything to artificial intelligence.”
Additionally, he highlighted concerns regarding digital footprints and privacy-related issues as areas that require ongoing regulatory vigilance to keep pace with technological developments.
Nigeria’s Commitment to Regular Reviews
Olatunji noted that Nigeria’s practice of regularly reviewing its data protection laws distinguishes it from other nations that continue to operate under outdated regulations. He affirmed the country’s commitment to periodically updating the NDPA to ensure it remains relevant amid rapid technological advancements.
Expressing optimism, Olatunji projected positive growth for Nigeria’s data privacy ecosystem over the next five years. He remarked, “We will see growth, development, awareness, and increased trust in the ecosystem. Compliance will evolve from a choice into a necessity.” He emphasized the importance of fostering a culture of privacy to assure investors and stakeholders that Nigeria is prepared for digital business, guaranteeing the protection of the rights, freedoms, and interests of its citizens and legal residents.
Signed into law on June 12, 2023, the Nigeria Data Protection Act provides a comprehensive legal framework aimed at safeguarding personal data and privacy rights nationwide.
Growth of Nigeria’s Data Protection Sector
Earlier this year, Nairametrics reported that just two years into the introduction of formal regulatory oversight, Nigeria’s data protection sector has surged to a NOK 16.2 billion industry, as revealed by NDPC. This growth was discussed by National Commissioner and CEO Dr. Vincent Olatunji during a media workshop and capacity-building session in Lagos.
The NDPC attributes this rapid expansion to enhanced compliance with data protection regulations, stronger enforcement measures, and heightened confidence in Nigeria’s digital governance framework, even as the commission’s core mandate is not focused on revenue generation.
