The Nigerian government announced that President Muhammadu Buhari had consented to a new mechanism, the Nigeria Data Protection bureau (NDPB) in February 2022. The report was signed by Uwa Suleiman, Media Aide to the Minister of Communications and Digital Economy, Isa Pantami. The NDPB was founded in line with international best techniques and would focus on data security and privacy for the country.
Moreover, the information credits the preface of the Nigeria Data Protection Regulation (NDPR) and the National Digital Economy Policy and Strategy (NDEPS) in making more attention to data protection and resulting in the “data-driven” of the Nigerian economy. Uwa Suleiman says the NDPB will crystallize the gains of the NDPR and support the process for the development of primary legislation for data protection and privacy.
For now, we can say with confidence that Vincent Olatunji will head the NDPB as National Commissioner/CEO.
Olatunji served as the Acting DG of the National Information Technology Development Agency (NITDA) until October 2016 before handing over to Pantami, nine months after his government
.When NITDA presented the NDPR, the agency conveyed itself some leadership functions, actually becoming Nigeria’s default Data Protection Authority (DPA).
Whereas what are DPAs? According to the European Commission, “DPAs are autonomous public powers that oversee, through investigative and disciplinary powers, the application of the data protection law. They supply expert direction on data protection matters and manage criticisms lodged against infringements of the General Data Protection Regulation and the relevant national laws.”
However, think of a DPA as protection to secure your data rights are protected, and companies don’t get away with anything. The NITDA Act empowers the Agency to “develop guidelines for electronic administration and observe the use of electronic data dealings and other forms of electronic communication transactions as an option to paper-based processes in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may enhance the interchange of data and information.” Hence, the NITDA Act does not appear to offer the Agency the authority to allocate the NDPR in itself. But that’s a chat for another day.
Going by this new development, it appears that four years into the NDPR’s governance, we might be getting a DPA in the true meaning of the word. Let’s not get too outlying forward of ourselves, though, because there’s still the disturbing problem of designating law. According to Suleiman’s statement, the NDPB would “reinforce the process for the growth of a primary legislation for data protection and privacy.”
The race to trustworthy data protection and privacy law has taken several arches. Filled with faulty starts, the closest Nigeria has come to a law passed by the National Assembly was in 2018 with the Nigeria Data Protection Bill 2018. Although both houses passed it in 2019, President Buhari withheld his consent.
The most successful attempt remains the NDPR, a policy at best.