Who Holds the Key to Enforcing Data Privacy in Nigeria?

Introduction

In an official press release dated 4th February 2022, President Muhammadu Buhari approved the establishment of the Nigerian Data Protection Bureau (“NDPB”). According to this press release, the NDPB is expected to enforce compliance with the provisions of the Nigeria Data Protection Regulations 2019 (“NDPR”). It shall be responsible for the development of data protection privacy in Nigeria.

It is pertinent to note that prior to this time, the National Information Technology Development Agency (“NITDA”) had been solely responsible for data privacy regulation and compliance in Nigeria. However, there is sparse information as to the scope of the powers of the NDPB since it was not established pursuant to any statute but by executive fiat.

Recent Event

The NDPB revealed that it had recently launched an investigation into the activities of Phillips Consulting and United Bank Plc (“UBA Plc”) over an alleged violation of the Nigeria Data Protection Regulation (“NDPR”). According to the NDPB, a forensic investigation was ordered in line with Article 4 of the NDPR.

The complaint against Phillips Consulting was in connection with the activities of online lending platforms that willfully breach the privacy of citizens whilst, the investigation of UBA Plc pertains to allegations of infringement on the governing principles of data protection.

Question of the Day

As a result of the uncertainty surrounding the scope of powers and a lack of statutory backing for the establishment of the NDPB, does the NDPB have powers to investigate allegations of violation of the NDPR?