ARTICLE
27 August 2024

An Overview Of The Exemptions And Derogations On Data Privacy Rights In Nigeria

TT
The Trusted Advisors

Contributor

The Trusted Advisors logo
Trusted Advisors is a full serviced law firm founded to provide cutting edge and tailor-made legal solutions to clients. It's strategic position, as well as an enviable network of alliances, has given undoubtedly benefits to our clients. We stand as a single-window service provider dealing with all kinds of matters across the country under one umbrella.
Explore Firm Details
In Nigeria, just as contained in the constitution of most countries of the world, the right to privacy is guaranteed and protected under the 1999 Constitution of the Federal Republic of Nigeria (As Amended).
Nigeria Privacy
Photo of Muhiz B. Adisa
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

In Nigeria, just as contained in the constitution of most countries of the world, the right to privacy is guaranteed and protected under the 1999 Constitution of the Federal Republic of Nigeria (As Amended).1 Data Protection in Nigeria is principally governed by the Nigeria Data Protection Act, 2023 (NDPA), which provides the legal framework for the protection of personal data and related matters.

The NDPA preserves the rights of data subjects including the right to be forgotten, the right to data portability, the right to rectification, etc. However, like every other right, data privacy rights are not absolute and reeks of certain exemptions and derogations. These exemptions and derogations create a balance between individual rights and competing interests, such as national security, public health, etc., therefore making the awareness and understanding of these exemptions and derogations essential for individuals, organizations, as well as regulatory authorities.

It is against this background that this piece aims to highlight the data privacy rights in Nigeria and the exemptions and derogations thereof.

DATA PRIVACY RIGHTS

Under the Nigeria Data Protection Act, a data subject is guaranteed certain rights which entitles them to seek redress in the event of a breach or infringement of these rights. While this article does not tend to explain these rights in detail, we shall highlight some of them as provided below:

  1. Right not to be subject to automated decision-making2
  2. Right to be informed
  3. Right of Access to Data held by the Controller.
  4. The right to rectification of personal data
  5. The right to restriction of processing.
  6. The right to object to processing.3
  7. The right to withdraw consent at any time.4
  8. Right to data portability5
  9. Right to file a complaint
  10. Right to be forgotten

Having identified some of the data rights guaranteed under the NDPA, we shall then proceed to examine some of the exemptions and derogations to these rights and data processing in general.

EXEMPTIONS AND DEROGATIONS ON DATA PRIVACY RIGHTS

Certain circumstances permit exemptions and derogations from data privacy rights which shall be examined below.

The exemptions provided by the NDPA6 include:

  1. National security and defense
  2. Prevention, investigation, or prosecution of crimes
  3. Protection of the rights of others
  4. Legal compliance and law enforcement
  5. Contractual obligations
  6. Research purposes
  7. Personal purposes
  8. Publication in the public interest or Journalism

Some of the exemptions and derogations will be examined below:

  • Crime: The NDPA exempts its application to data processing by a data controller or processor carried out by a competent authority for the purpose of the prevention, investigation, detection, prosecution or adjudication of a criminal offense or the execution of a criminal penalty.7 Thus, where a crime is alleged or being investigated, prosecuted or a conviction is being carried out, the NDPA will not apply to stop law enforcement agencies from exercising their statutory functions.
  • National Public Health Emergency: The NDPA equally exempts the application of data protection rights for the purpose of prevention or control of a national public health emergency. Thus, where data is processed for the purpose of achieving this objective, the application of the NDPA to such processing is exempted.
  • National Security: Where Nigeria's national security is threatened or being or the verge of being violated, the data privacy rights shall not apply. In other words, the processing of personal data will not be termed unlawful where such processing is carried out by a competent authority (as is necessary) for national security.8
  • Public Interest: The application of the NDPA also exempts data processing carried out in respect of publication in the public interest, for journalism, educational, artistic, and literary purposes to the extent that such obligations and rights are incompatible with such purposes.9
  • Defense of Legal Claims: Where the processing of personal data is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, the NDPA shall not apply. This will therefore mean that a data subject's right cannot be said to have been infringed where processing is carried out in light of the above scenario as provided for under the NDPA.10
  • Personal/Household purposes: Where personal data is processed or the processing is carried out by one or more persons solely for personal or household purposes, the NDPA will not apply and a data subject's right will not be said to have been violated or infringed upon. This is however subject to the conformity of such processing with the data subject's right to privacy. In other words, where the processing constitutes a violation of a data subject's fundamental right to privacy, the NDPA will not apply to exempt the data controller or processor.11

CONCLUSION The exemptions and derogations to data privacy rights in Nigeria highlight the need to balance individual privacy with broader societal interests. While these exemptions are necessary for national security, law enforcement, and other public interests, they must be applied judiciously and with proper oversight to prevent abuse. The NDPA, along with regulatory oversight by the Nigeria Data Protection Commission (NDPC), provides a framework to protect data privacy while accommodating necessary exemptions. As data privacy continues to evolve, it is essential to ensure that these exemptions are not misused and that individuals' rights are adequately safeguarded.

Footnotes

1. See section 37 of the Constitution

2. See Section 37 of the NDPA

3. See Section 36 of the NDPA

4. See Section 35 of the NDPA

5. Section 38 of the NDPA

6. Section 26 & 27 Nigeria Data Protection Act

7. See Section 3 (2) of the NDPA

8. See Section 3(2)(c) of the NDPA

9. See section 3(2)(d) of the NDPA

10. See Section 3(2)(e) of the NDPA

11. See section 3(1) of the NDPA

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Muhiz B. Adisa
Muhiz B. Adisa
Person photo placeholder
Blessing Oriaifoh
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More