The GDPR-Styled Nigeria Data Protection Act 2023 and the Reverberations of a Legal Transplant

Babalola O

Published on: 2024-04-01

Abstract

Regulating data protection in Nigeria has a chequered history. The three arms of government had in the past endeavoured to forge a formidable legal framework for data protection, with varying levels of (un) successful attempts. Finally, on the 12th day of June 2023, a principal piece of legislation, the Nigeria Data Protection Act 2023 (NDPA), was signed into law, thereby ushering in a not-entirely-new legal dispensation for regulating the processing of personal data in out of Nigeria. This paper critically analyses the NDPA as a documentary protégée of the EU GDPR in light of the identical provisions and latent and patent legislative reasoning as reflected in both legislation. The paper modestly celebrates some innovations in the NDPA but argues that the palpable legislative transplantation of GDPR’s ideals wields dire cross-cultural consequences for Nigeria in terms of reliability, justification, and most importantly, enforcement. The paper concludes that, in spite of the inconsistencies staring its audience in the face, the NDPA holds huge promises of the creation of a formidable bedrock for a peculiarly Nigerian legal framework for data protection.