The Nigeria Data Protection Commission has announced plans to review the Nigeria Data Protection Act to explicitly address emerging technologies such as artificial intelligence, big data, and robotics, three years after the law was signed into effect.
The News Agency of Nigeria reports that the National Commissioner of NDPC, Dr Vincent Olatunji, disclosed this in Abuja on Friday while commemorating three years since President Bola Tinubu signed the NDPA into law on June 12, 2023.
He explained that the rapid evolution of digital technology has made some provisions of the Act due for an update.
According to him, when the legislation was originally drafted, the digital landscape was far less advanced, meaning references to emerging technologies in the law were necessarily broad and general rather than specific.
What NDPC is saying
Olatunji said the Act needs to move from vague references to emerging technologies toward specifically naming and addressing the technologies now shaping the digital economy.
- “We are in the era of emerging technologies. At that time, we could only make general references to emerging technologies, but today we can specifically mention Artificial Intelligence, robotics and big data,” he said.
- “Ten years ago, nobody was talking about AI the way we are doing now, but today it has become central to virtually every aspect of digital transformation. We need to be more specific about what constitutes emerging technologies and provide examples because the technologies keep evolving,” he added.
Despite advocating for the Act to address AI more directly, Olatunji stressed that human oversight must remain central to how AI systems are deployed.
- “We still need the human component. We should not leave everything to artificial intelligence,” he said.
He also flagged digital footprints and other privacy-related concerns as areas requiring continuous regulatory attention to keep pace with technological change.
More insights
Olatunji said Nigeria’s approach of conducting regular reviews of its data protection law sets it apart from several other countries that continue to operate under data protection legislation enacted more than a decade ago.
- He said Nigeria intends to keep reviewing the NDPA periodically to prevent the legislation from becoming outdated as digital technologies continue to evolve at a fast pace.
Olatunji expressed optimism about the trajectory of Nigeria’s data privacy ecosystem over the next five years.
- “I see growth, development, awareness and greater trust in the ecosystem. Compliance will become a necessity rather than an option,” he said.
- “We are building a culture of privacy that will make investors and other stakeholders see Nigeria as a country that is ready for digital business. The rights, freedoms and interests of Nigerians and legal residents will be adequately protected,” he added.
The Nigeria Data Protection Act was signed into law on June 12, 2023, providing the legal framework for the protection of personal data and privacy rights across the country.
What you should know
Earlier this year, Nairametrics reported that Nigeria’s data protection sector has expanded into a N16.2 billion industry just two years after the introduction of formal regulatory oversight, according to the Nigeria Data Protection Commission (NDPC).
The disclosure was made by the NDPC’s National Commissioner and Chief Executive Officer, Dr. Vincent Olatunji, during a media workshop and capacity-building session in Lagos.
According to the Commission, the rapid growth underscores increasing compliance with data protection regulations, stronger enforcement efforts, and growing trust in Nigeria’s digital governance framework, despite the agency’s primary mandate not being revenue generation.
