The thesis examines the legal protection of data privacy in Nigeria. Investigating this issue is crucial in the wake of the rise in data processing activities as a result of the relative advances in technology which challenge human rights. Generally, the right to data privacy emerged because of the need to protect individuals from risks resulting from the automated or manual processing of their personal information. Unlike the general assumption in most data privacy literature, however, this study considers data privacy as a sui generis right with an added-value beyond the traditional the right to privacy.
The thesis, therefore, argues that the extant legal framework in Nigeria is manifestly inadequate to effectively protect individuals from the threats resulting from the processing of their personal information. This view is held based on an analysis of the major data privacy issues in Nigeria today and a review of the current legal regime. Thus, scholarship that contends that there is insufficient processing in the country which is a reason why data privacy right is neglected is challenged. Furthermore, the thesis argues that useful lessons can be obtained from Canada and South Africa for the purpose of improving the data privacy regime in Nigeria, although, it is admitted that both regimes are not perfect. Therefore, with the aid of a combination of descriptive, analytic and comparative methods, an in-depth study is carried out of the Canadian and South African legal regimes on data privacy protection. In carrying out this study, the focus is placed on the constitutional and statutory mechanisms for data privacy protection. The statutory mechanism in this case is the comprehensive data privacy code. In addition, the thesis brings together contemporary debates on improving data privacy regimes and a rights-based approach is proposed for Nigeria. This is because, data privacy protection in African countries is usually misconceived as basically for economic purposes without due regard to human rights and fundamental freedoms. In conclusion, the thesis contends that, contrary to the common belief, merely enacting a legislation, which is a cut and paste of foreign data privacy laws, is not a silver bullet to resolving the data privacy problem in Nigeria. The thesis, therefore, recommends an effective legal regime based on insights from the Canadian and South African experiences. Similarly, other pragmatic ways of effective data privacy protection in Nigeria are suggested such as improving awareness and scholarship, strengthening the judiciary and improved cooperation with international and regional data privacy regimes.