A coalition of 13 civil society organisations, including Media Rights Agenda (MRA), has called on the Nigerian Government to strengthen horizontal accountability for citizens’ data in its custody by supporting oversight institutions, regulators, and independent bodies to effectively monitor, investigate, and constrain the use of citizens’ data by public authorities.
The groups contend that the lack of horizontal accountability, where government institutions effectively monitor, investigate, and constrain the actions of one another, has left Nigerians vulnerable to data breaches, unauthorized access to sensitive information, and intrusive surveillance practices.
In a joint statement titled “Protected from the State, Not By It: Nigeria’s Data Protection Crisis is a Crisis of Implementation,” they argued that Nigeria’s data protection challenge is not the absence of laws but the failure of institutions to hold one another accountable when citizens’ data is misused.
The coalition expressed concern that despite the enactment of the Nigeria Data Protection Act (NDPA) 2023, the establishment of the Nigeria Data Protection Commission (NDPC), and the rapid expansion of the country’s digital identity system, enforcement remains weak and oversight mechanisms are inadequate.
The statement, signed by Media Rights Agenda, Paradigm Initiative, Accountability Lab Nigeria, Beacon of Transformative and Inclusive Development Center, and the Digital Rights Lawyers Initiative, among others, pointed out that Nigeria has one of Africa’s largest digital identity systems but lacks effective checks between agencies that handle sensitive information.
The coalition also called on the government to apply the Nigeria Data Protection Act equally to public institutions and private entities, including imposing sanctions where breaches originate from government systems or their contractors; and publish the findings of ongoing investigations into alleged unauthorized access to protected government databases, including breaches linked to INEC, NIMC, or their partners, and ensure accountability for misconduct.
The organisations cited recent reports involving alleged unauthorised access to voter registration information in the custody of the Independent National Electoral Commission (INEC). They noted that investigations indicated the data was not obtained through an external cyberattack but through valid official credentials that were improperly disclosed, demonstrating weaknesses in internal controls and oversight.
The coalition also pointed to investigations by civil society groups and journalists, which revealed that sensitive personal information, including National Identification Numbers (NINs), had reportedly been offered for sale online for as little as ₦100. They argued that such incidents underscore the urgent need for stronger accountability within public institutions responsible for collecting and managing citizens’ data.
While acknowledging Nigeria’s growing digital identity infrastructure, which now contains more than 121 million enrolment records, the organisations warned that expanding data collection without corresponding safeguards risks eroding public trust in government systems.
They also urged government to establish a legal and regulatory framework for public surveillance systems, including independent oversight, mandatory human rights impact assessments, transparency requirements, and accountability standards before further expansion; and amend Section 24 of the Cybercrimes Act to fully comply with the ECOWAS Court judgment and constitutional protections for freedom of expression and end its use against journalists, activists, and citizens engaged in lawful expression.
The rest of the signatories to the statement include Connecting Villages Initiative, Family Health care Foundation, ImpactForge Initiative, Smile Face Global Peace, 5GS Global Based, PROMAD, Hope Behind Bars Africa, and Build To Help Foundation.
