…Study Exposes Double Standards in Nigeria’s Data Protection Enforcement
Nigerian digital rights lawyer and legal researcher Solomon Okedara has been named one of only four African researchers selected for the Data Governance in Africa Research Fund, launched by the Data Governance in Africa Initiative.
Okedara’s project, titled How Unequal Enforcement of Data Protection Laws in Nigeria Impacts Public Trust in Data Governance, was chosen from an overwhelming pool of more than 240 applications submitted across the continent.
He presented his findings on the state of data governance in Nigeria at the Data Protection Africa Summit, held in Accra, Ghana, from December 1 to 4, 2025.
Okedara’s research shed light on a critical imbalance: the disparity between how private companies and government agencies are penalised for data breaches. While Nigeria has recorded some of the largest data protection fines in Africa, enforcement actions appear heavily skewed against the private sector.
According to the presentation, private entities have faced severe financial penalties for data violations:
- Meta faced fines of $220 million plus an additional $32.8 million for unauthorised behavioural advertising without consent; illegal cross-border transfers; failure to file 2022 audit; processing non-user data.
- MultiChoice Nigeria was fined ₦766.2 million ($531,000) for intrusive data processing without consent, illegal cross-border data transfers, and violation of privacy rights.
- Fidelity Bank was sanctioned ₦555.8 million ($385,000) for processing personal data without informed consent for account opening.
In stark contrast, Okedara’s study reveals that major government data controllers, who manage some of the country’s largest and most sensitive databases, often face little to no regulatory repercussions for massive data breaches.
- National Identity Management Commission (NIMC): Despite a high-impact breach involving the unauthorised access and monetisation of National Identity Numbers (NINs) by third-party agents and failure to secure the database, there has been no record of fines imposed. The investigation status remains opaque, with the Nigeria Data Protection Commission (NDPC) awaiting NIMC’s internal report since March 2024.
- Independent National Electoral Commission (INEC): Following the exposure of voter details and allegations of unauthorised use of data in fraudulent recall processes (e.g., Kogi recall petition with fake VINs), there has been no investigation by the NDPC and no fines levied.
- Nigeria Inter-Bank Settlement System (NIBSS): There have been multiple leaks enabling the unauthorised sale of Bank Verification Numbers (BVN) and National Identity Numbers (NINs) data, yet no fines or remedial actions have been taken.
The analysis shows that although private companies sanctioned by the NDPC demonstrated compliance in areas such as filing annual data protection audits, appointing Data Protection Officers, and publishing privacy policies, public bodies often failed to meet even minimum compliance requirements, yet faced no comparable regulatory scrutiny.
The disparity in enforcement has had a quantifiable impact on public confidence in Nigeria’s data governance architecture. Okedara’s quantitative modelling revealed that citizens are deeply sceptical of the NDPC’s ability to police the government.
87.5 per cent of respondents stated they did not trust the NDPC to sanction a government agency for violating citizens’ data rights. 81.3 per cent believed that their trust would improve if public institutions were held accountable.
To bridge this gap and restore efficiency, Okedara proposed several strategic recommendations:
- True institutional independence for the NDPC, given that the Nigeria Data Protection Act grants autonomy in one section while undermining it in others.
- Regulatory transparency to ensure that the Commission cultivates a culture of openness about its investigations, enforcement actions, and reporting procedures.
- Incentivising compliance, particularly around breach reporting.
- Adequate funding to strengthen operations.
- Strategic collaboration with public data controllers to improve compliance culture.
Okedara has shared his preliminary findings at major platforms, including the FIFAfrica Conference in Windhoek, Namibia, in September 2025, and the summit in Ghana. The final comprehensive report is scheduled for release in January 2026.
- PDP Says Presidential Ticket Open to Jonathan, Other Southern Aspirants - January 22, 2026
- Police Confirm Kidnapping of 177 Kaduna Christians After Initial Denial - January 22, 2026
- Emir Sanusi II Returns to School As a 200-Level Law Student - January 21, 2026
29 comments
Odeh
December 14, 2025 at 5:20 am
Well done on documenting and sharing this well written research findings. This reflects a familiar pattern in Nigeria where politically connected MDA heads and influential companies appear to be above the law. For instance, the recent META settlement, when read alongside evidence of weak or nonexistent enforcement against public agencies like NIMC, INEC, and NIBSS, it raises serious worries about NDPC’s credibility. It creates room for speculation about hidden trade-offs and reinforces public scepticism if NDPC can actually hold the government accountable in a fair and unbiased manner. As you recommended, This outcome is disturbing and reflects a familiar pattern in Nigeria where powerful institutions and organisations appear to be above the law. The Meta settlement, when read alongside evidence of weak or nonexistent enforcement against public agencies like NIMC, INEC, and NIBSS, raises serious questions about the NDPC’s credibility. It creates room for speculation about hidden trade-offs and reinforces public scepticism that regulators can meaningfully hold the government itself accountable. As recommended, I don’t think Independence (reflecting on ICPC and INEC) is enough in a system where political influence and institutional protection routinely shape enforcement outcomes.
More worrying is the signal this sends to whistleblowers and civil society. When violations backed by evidence and years of engagement is enforced unequally, it mirrors Nigeria’s long-standing experience with grand corruption reporting, where speaking up carries risk but rarely delivers justice.. NDPC must demonstrate enforcement parity, transparency, and clear timelines for action, especially against state institutions. Citizens must also understand what this means for digital rights, whistleblowing, and future engagement, otherwise public confidence in Nigeria’s data governance system will continue to be double standard.
Akeem Ogundeji
December 13, 2025 at 9:25 am
Trust is the most important factor in all citizen-government engagements. A research that recommends how to restore public trust in the government should be lauded and its recommendations implemented.
Joshua Ijaodola
December 13, 2025 at 8:28 am
Out of all the recommendations put forward here, the first one-true institutional independence is significantly fundamental for me. If the NDPC is not truly indpendent, both on paper and in practical discharge of its duties, enforcement against public institutions will perpetually be a mirage!
Maxwell Ngozi Nwabulor
December 12, 2025 at 7:29 pm
I am absolutely impressed with this work. Implementing the recommendations in this research may herald in a new Era of data protection compliance in Nigeria.
Eniola Ogunyemi
December 12, 2025 at 5:05 am
This is insightful and a game changer. I have no doubt that this will be a huge addition to the data governance landscape in Nigeria. Okedara’s recommendations for institutional independence, transparency, and accountability are essential steps toward restoring confidence and strengthening data governance in Nigeria. Now, I can’t wait to read the full report.
Rotimi Adejoto
December 12, 2025 at 4:48 am
This is a brilliant and worthy contribution to data protection field in Nigeria with far-reaching impacts across Africa. I will like to be updated on the full report when it is out. Excellent job, learned researcher!
Ayo Folorunsho
December 11, 2025 at 2:06 am
I have no doubt that this will be a huge addition to current resources on protection of personal data in Nigeria. I will encourage other industry experts including cybersecurity experts to conduct research that can advance data protection. Great job!
Okedara Samuel
December 10, 2025 at 2:06 pm
There is perhaps, no truer way to put it that the imbalance in the enforcement of data privacy and protection (especially in this era of technological advancement), has, overtime, had a negative impact significantly on public confidence as it relates to data governance in Nigeria. One could say that the current imbalance in data protection unarguably stems from the political and structural challenges faced by the NDPC. While it is easier to enforce compliance whenever it has to do with private companies (probably because most of them lack that political structure and protection), it is always a big deal attempting to go to war with a public institution because of the artificial government immunity they enjoy, and to an extent, protection from the NDPA.
A big thank you to Mr. Solomon for always delivering and enlightening us on data privacy rights and policies.
I.M. OKOBIA ESQ
December 10, 2025 at 1:22 pm
Insightful research. I cannot agree more. Implementation of data breaches have been loopsided. This calls to question whether NDPC is truly independent or is just a question of lack of will power. I strongly condemn the enormous powers bestowed on the commission expecially with respect of punishing data right breaches, I feel such power ought to rest solely in the court and the commission acting as the prosecutors rather than the commission actually being the one to hand down the fines and punishment. There is also a question mark on fair hearing as the commission is both the accuser and the judge at the same time. A lot needs to be done to remedy the situation. A timely piece of work Solomon. Thank you. Hopefully your recommendations are adopted and we have a better data protection enforcement mechanism in place in Nigeria
Mute Efe
December 10, 2025 at 1:12 pm
I am not surprised because Nigeria does not have strong institutions. And as Solomon recommended, until we have strong institutions, this cannot be fixed.
Solomon Okedara has proven to be a voice when it comes to Data Protection. I hope the govt listen to him.
Hillary Okafor
December 10, 2025 at 1:03 pm
If I am right, this will be the first time we will have a research that beams its searchlight on reluctance of the regulator to enforce the laws against public institutions, even with sufficient legal frameworks in place. Implementation of the above recommendations will defnitely repostion Nigeria’s digital economy, which will be underlined by public trust.
Ikechukwu Godson
December 10, 2025 at 8:10 am
To realize that I thought about this subject repeatedly 3 days ago, not knowing that there is an ongoing research on it is quite cheering. There is a huge trust deficit in the system, the regulator has alot to do to win back the trust of the people.
Blessing Onoriede
December 10, 2025 at 3:19 am
This came very timely. If we will ever get to experience efficient data protection across board, the NDPC must live the narrative of “charity begins at home” when it comes to enforcement in our country. Good job! How can we access the final report please?
Aliyu Mohammed
December 9, 2025 at 6:28 pm
Oh my! Finally, someone is thinking right! Both the public institution and the regulator in our data protection ecosystem must embrace accountability if we will ever get it right.
OTITOJU FLORENCE
December 9, 2025 at 11:09 am
NIGERIAN GOVERNMENT AND ALL THEIR AGENT PARASATALS NEEDS DIVINE INTERVENTION.
Oriazowan Jason
December 9, 2025 at 11:08 am
Very important research. Public trust cannot grow when enforcement is one-sided. This calls for urgent policy reform.
Joy Isoken
December 9, 2025 at 11:06 am
The recommendations are practical and timely. Regulatory transparency and equal enforcement could transform Nigeria’s data governance landscape.
Samuel Adefarati
December 9, 2025 at 11:00 am
The recommendations here can catapult Nigeria to its rightful place among the comity of nations that are leading digital economy in the world if rightly implemented.
chijioke peace
December 8, 2025 at 9:54 am
excellent work here
Bello Sadiat
December 8, 2025 at 9:28 am
This is the kind of research we need in Africa. Kudos!
Festus Omolara
December 8, 2025 at 8:33 am
Beautiful insights here. We have never been in shortage of ideas as a people, the problem has always been the will power to implement. I hope the regulator will find the will power to do the needful!
Alabi Muyiwa
December 8, 2025 at 8:10 am
Reading through this, I came to a conclusion that if the regulator can really enforce the laws against the public institutions it will not struggle to enforce against private entities.
Israel Adewale
December 7, 2025 at 7:59 pm
I will love to have a copy of this report when it is out.
Earnest Efejiro
December 7, 2025 at 5:05 pm
The statistics in this study are eye-opening. Over 87% of citizens do not trust the system, that’s a serious red flag.
Adebayo Damilare Mutiu
December 7, 2025 at 12:55 pm
Until the NDPC becomes truly independent, data governance in Nigeria will continue to suffer credibility issues.
Fakorede Goodness
December 7, 2025 at 12:25 pm
The double standards highlighted here are alarming. If private companies can be fined, government agencies should not be exempt.
Kolawole Oluwawdamilare
December 7, 2025 at 12:23 pm
Insightful! I look forward to the full report. I am convinced this effort is the needed game changer to aid efficient data protection enforcement in Nigeria. Great effort!
Dipo Ige
December 14, 2025 at 9:02 am
This is a timely report.
The confidence of data subjects in the regulator is of paramount importance.
Protecting the data subject is the bane of data protection. The whole existence of the Act and the Commission is to protect data subjects. The regulator owes a responsibility to do its job. Enforcement must be all encompassing.
Robust report necessary for the growth of our ecosystem.
Good work sir.
Mus'ab Awwal Mu'az
December 7, 2025 at 9:29 am
Indeed this is great report, I hope NDPC will accept the recommendations contained in the report.