An Overview of the Legal Framework of Data Protection in Nigeria

“…any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others;"

Introduction
We live in an information age with a considerable proportion of global citizens now having easy access to internet enabled devices such as phones, tablets, laptops etc. Crucially, when we visit many online websites, we are often required to meet certain conditions precedent before we can access the services available on the website. For example, to create an email account on Hotmail, Yahoo, or Gmail, first time registration requires input from the would-be user of specific personal information including their personal address, phone number, date of birth, occupation and next of kin to form the basis of their security information. It is widespread practice that most websites which offer online services require personal data to create online accounts through which purchases, and other concurrent engagements can be undertaken online by the consumer. The average individual has access to many online platforms which require the use of personal data, such as social media accounts (e.g., Instagram and Facebook); email accounts; banking or finance applications; online vendor platforms such as Amazon and Jumia; betting agencies such as Betway, Naira Bet etc.

The widespread imposition on consumers to provide personal data prior to using online services on different platforms creates a very real risk of misuse of personal data which can lead to various infractions such as identity theft, illegal sharing of personal information with third parties and the rise in spam phone calls and emails when the personal data of users is illegally sold to companies which engage in electronic marketing. Across the international community, we have seen a spike in the number of jurisdictions enacting data protection regulations to protect the rights of citizens over their personal data, by raising the expected standards of data protection methods that businesses must have in place to protect the personal data of their users and to improve the ethical standards across board.