National Assembly moves to update Nigeria’s data protection law for AI and emerging cyber threats

By Osasome, C.O

Lawmakers begin review of National Data Protection Act to align with AI advances and UN Cybercrime Convention

The National Assembly has commenced steps to review the National Data Protection Act (NDPA) 2023, in response to rapid advancements in Artificial Intelligence (AI) and evolving global cybercrime frameworks, including the United Nations Convention on Cybercrime.

ADVERTISEMENT

RELATED: Alleged data breach at CIBN raises fresh cybersecurity and data protection concerns in Nigeria

The proposed legislative review is aimed at strengthening Nigeria’s legal and institutional safeguards against emerging cyber threats, enhancing digital privacy protections, and securing the growing volume of data generated within the country.

Why the Data Protection Act Is Being Reviewed

The Chairman of the Senate Committee on ICT and Cyber Security, Afolabi Salisu (APC, Ogun), disclosed the development on Tuesday in Abuja at the opening of a three-day Data Protection Awareness Workshop for members of the Joint National Assembly Committee on ICT.

According to Salisu, the review has become necessary due to rising cyber threats, increasing misuse of personal data, and the rapid evolution of technologies such as AI.

ADVERTISEMENT

“There is a clear nexus between data governance and cybercrime. As technology evolves, our laws must be strengthened to protect national interest and digital sovereignty,” he said.

Responding to AI, Cross-Border Threats and Global Frameworks

According to Salisu, cybercrime has become increasingly sophisticated worldwide. Criminal networks are now exploiting AI tools, digital platforms, and weak governance structures to target individuals, businesses, and governments.

Nigeria, he noted, has experienced a steady rise in cyber-related crimes ranging from identity theft and financial fraud to ransomware attacks, data breaches, and digital espionage. Financial institutions, telecom operators, government agencies, and private citizens have all been affected.

The review will also consider Nigeria’s obligations under emerging international frameworks, particularly the UN Convention on Cybercrime, as cross-border digital crimes continue to escalate.

Growing Concerns Over Data Privacy and Misuse

Lawmakers and experts at the workshop raised concerns over the widespread collection and processing of personal data by mobile applications, public Wi-Fi networks, and digital platforms—often without users’ informed consent or adequate safeguards.

ADVERTISEMENT

According to security experts, Nigeria’s growing digital economy and increasing internet penetration make the country more vulnerable to cyber threats. Continuous updates to regulatory systems are essential to mitigate these risks.

“As legislators, we must understand data privacy and protection. You cannot legislate effectively in an area you are not sufficiently knowledgeable about,” Salisu added.

‘Data Is Nigeria’s Next Prosperity’ — House ICT Chair

Also speaking, the Chairman of the House Committee on ICT and Cyber Security, Stanley Olajide (APC, Oyo). He described data as one of the most valuable assets in the modern global economy.

“Data is gold. Nigeria’s next prosperity will not be oil, but data,” Olajide said.

He stressed the need for Nigeria to establish stronger legal and institutional frameworks to protect sensitive digital assets. This is particularly needed in areas such as cloud storage, digital transactions, and cross-border data flows.

“Anything generated in Nigeria must be protected by our laws. That is why we must strengthen our legal frameworks,” he said.

Role of the Nigeria Data Protection Commission

The workshop was facilitated by the Nigeria Data Protection Commission (NDPC) in partnership with Ampersand Development Partners. This inititaive is  part of efforts to build lawmakers’ capacity on data governance and digital regulation.

Nigeria enacted the National Data Protection Act in 2023 to regulate personal data processing, and safeguard privacy rights. The Act established the NDPC as the country’s primary data protection authority.

Key Features of the National Data Protection Act (2023)

The NDPA 2023 replaced the 2019 Nigeria Data Protection Regulation (NDPR) with a stronger statutory framework aligned with global standards such as the GDPR. Its key provisions include:

• Establishment of the NDPC: A statutory regulator empowered to enforce compliance and oversee data processing activities.
• Lawful Processing and Consent: Explicit consent requirements and recognition of “legitimate interest” as a lawful basis for data processing.
• Data Subject Rights: Rights to access, correct, delete, and port personal data.
• Data Security and Breach Reporting: Mandatory security measures and breach notification to the NDPC within 72 hours.
• Children’s Data Protection: Enhanced safeguards for children and vulnerable persons.
• Penalties: Fines of up to ₦10 million for individuals and up to 2% of annual gross revenue for corporate entities.

Strengthening Nigeria’s Digital Governance Framework

Lawmakers say the planned review will ensure that Nigeria’s data protection regime remains fit for purpose in an AI-driven, hyper-connected world. It aims to balance innovation, privacy, national security, and economic growth..

As Nigeria’s digital economy expands, the outcome of this legislative process is expected to play a critical role. It will shape trust, resilience, and competitiveness in the country’s digital future.