Two Years After Validation Workshop: Data Protection Bill 2020 is Nowhere to be Found


By Bright Elolue

In the wake of what could be termed the data explosion, the government of Nigeria sprung up to action by introducing the Data Protection Bill­­­ 2020—a law targeted at protecting the information privacy of Nigerian citizens and residents. Riding on the back of the Nigerian Data Protection Regulations 2019 (NDPR), a set of regulations issued in 2019 by the National Information Technology Development Agency (NITDA) to temporarily fill the large vacuum created by a lack of a principal legal framework for data protection in Nigeria, the Bill was primed for success. It was hailed as a giant step in the right direction, putting Nigeria in the bracket of many nations of the world that had begun to take vigorous steps to regulate data use and privacy.

The reverberations caused by the Bill was felt all around at that time: Nigeria holds a strategic position in Africa; and, as a chief commercial hub in the region with a population of over 200 million people, the ripple effects of its data protection policies are legitimate concerns for other African nations and the world at large. Therefore, there was much hope and anticipation for the Bill being passed into law. But how much that hope has plummeted since 2020! More so today that the fate of the Bill is shrouded in uncertainty.

But one cannot talk about the current position of the Bill without taking a peep at its journey so far. The Bill was introduced by the Federal Government through the Legal and Regulatory Working Group (LWG) in 2020. A validation workshop on the Bill was held in September 2020. The draft Bill was made available on the websites of the two major stakeholders, the National Information Technology Development Agency (NITDA) and the National Identity Management Commission (NIMC), for direct public interactions. Events were gathering momentum and there were high hopes that the Bill would be sent to the national assembly—and in good time, too. However, what has come to be since those hay days of the Bill is a stymied process—a result of the apparent unwillingness on the part of government to see the Bill progress to become law. Since 2020, no significant progress has been made on the matter. Discussions on the Bill also seem to have grounded to a silent halt.

ALSO READ   NITDA Bill Deserves a Place in the Trash

In the midst of the uncertainty surrounding the Bill, reports that the Bill has been abandoned by the Federal Government began to surface. During this period, the Federal Government inaugurated the Nigeria Data Protection Board (NDPB) which is an agency tasked with enforcing data protection. While speaking on the Bureau in September 2022, the Secretary to the Government of the Federation  (SGF) promised  that the bureau would ensure the passage of a principal data protection law but that is yet to be seen. to avail the Bureau all resources it would need to succeed, especially with helping to birth a data protection law. The Bureau has also stated that it is committed to seeing a data protection law passed by the end of the year. This then begs the question whether references were being made to the 2020 Bill or another Bill that is in the works. And if recent events and antecedents are anything to go by (the 2020 Bill is the third attempt at data protection legislation since 2018), the latter might just be the case.

In another development, the NIMC maintained that the 2020 Bill is still alive. In a letter dated 19th April 2022 and addressed to Graceville Legal Practitioners (the letter being a response to a freedom of information request made by the Awka-based Law Firm), the Commission reiterated that the Federal Government is committed to producing a data protection law and that the 2020 Bill is very much alive. Reading this and the statement of the Bureau, one is tempted to believe that indeed the 2020 Bill is being perfected and that we can be optimistic about the Bill being passed into law by the end of the year. But this is hardly plausible, especially considering that progress on the Bill has long stalled. Two years after its introduction, the Bill is still being touted to be sent to the National Assembly. And, save for the meeting of Stakeholders sometime in July of this year, the energy around the Bill appears to be low. The National Assembly however appear ready to receive the Bill  for the legislative process. In a recent workshop on data protection for members of the National Assembly held in Abuja, the Chairman of the Senate Committee on Information Communication Technology (ICT) and Cybercrime vowed to have the Bill passed in a month when it comes before the Assembly for passage.

ALSO READ   Firm Launches Free E-Court Software for All Courts in Nigeria as Part of Its CSR

Yet, while one cannot help being skeptical about the assurances given by the Bureau, the NIMC and the National Assembly, it nevertheless comes at no cost to maintain some hope—however little it maybe—that the Bill would resurface, and this time with an enhanced outlook, ready for the legislative process in the National Assembly all through to the assent of the President this same year. We keep our fingers crossed on the promises of these institutions.

Bright is an Associate Counsel at Pocket Lawyers.


Please enter your comment!
Please enter your name here