This article was first featured in the Insight newsletter.
Introduction
The digital revolution has blurred traditional boundaries between the private and public spheres, compelling states to rethink the frameworks through which rights are guaranteed and regulated. Nigeria’s case is instructive: a country rapidly embracing digital identity systems, online platforms, and data-driven governance without fully embedding human rights protections in its legal architecture. Scholars like Julie Cohen, in Configuring the Networked Self (2012), have long warned that the architecture of the digital space is not neutral—it encodes power relations. In Nigeria, that power is increasingly centralised in the state, with limited judicial or democratic oversight. This essay explores how tech law in Nigeria affects the enjoyment of civil liberties, focusing on data privacy, surveillance, digital identity, and freedom of expression.
The rapid digitisation of state functions, communications, and personal life in Nigeria has brought technology into intimate contact with human rights. However, legal developments in the country have lagged behind technological advancement, exposing fundamental freedoms—privacy, expression, association—to abuse. This essay interrogates the relationship between emerging technology law and human rights protections in Nigeria. Drawing on key insights from scholars such as Julie Cohen, Lawrence Lessig, Frank La Rue, and Shoshana Zuboff, the essay contends that Nigeria’s legal framework remains poorly equipped to confront the moral and constitutional imperatives of the digital age.
Legal Framework
Nigeria’s legal regime for digital rights is fragmented and reactive. The key instruments include:
(a) Cybercrimes (Prohibition, Prevention, etc.) Act, 2015
(b) Nigerian Data Protection Regulation (NDPR), 2019
(c) Nigerian Communications Act, 2003
(d) Freedom of Information Act, 2011
(e) National Identity Management Commission (NIMC) Act, 2007
The above laws rarely place human rights at the centre. Instead, as Lawrence Lessig observed in Code and Other Laws of Cyberspace (1999), they often act as instruments of state control rather than democratic safeguards. The NDPR, for instance, adopts data protection principles similar to the EU’s General Data Protection Regulation (GDPR), but lacks the institutional independence and enforcement power that makes the GDPR effective.
Surveillance and the Architecture of Control
Surveillance, as Shoshana Zuboff theorised in The Age of Surveillance Capitalism (2019), is no longer limited to commercial data extraction; it is a state logic. In Nigeria, surveillance is often justified on the grounds of national security but carried out without meaningful oversight.
The Cybercrimes Act and the National Security Agencies Act grant law enforcement and intelligence agencies the power to intercept communications, often without a warrant. These measures contradict both international human rights law as espoused by the UN Human Rights Committee and domestic constitutional provisions under Section 37 (right to privacy).
Frank La Rue, former UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, has repeatedly stated that “surveillance without independent judicial oversight is per se a violation of the right to privacy.” Nigerian laws do not meet this threshold.
Data Protection: Rights Without Remedies
Although Nigeria has a data protection framework under the NDPR and the Nigerian Data Protection Bureau (NDPB), these structures fall short of global best practices. The regulation exempts data processing by security agencies, creating a legal black hole for the most sensitive forms of data collection.
Daniel Solove, in his seminal work Understanding Privacy (2008), warns that privacy is not just about secrecy or concealment but about control and context. Nigerians are often unaware of how their biometric or communication data is collected, processed, or shared. The SIM–NIN linkage program, for instance, has resulted in mass surveillance without citizens’ informed consent.
Unlike South Africa’s Protection of Personal Information Act (POPIA) or Kenya’s Data Protection Act, Nigeria’s NDPR lacks the binding force of law, making data rights aspirational rather than enforceable.
Digital Identity and the Threat of Exclusion
Digital identity systems can facilitate access to services but also exacerbate exclusion. Scholars such as Anupam Chander and Urs Gasser argue in The Electronic Silk Road (2013) that the digital divide is not just about access to technology but access to rights mediated by technology. In Nigeria, the National Identity Number (NIN) scheme has created new forms of digital exclusion.
Millions of Nigerians, particularly in rural or conflict-affected areas, lack the means to enrol, and failure to link NIN to SIM cards has led to the disconnection of millions of users. This not only violates their right to communication (Section 39 of the Constitution), but their ability to access health, education, and banking services.
The World Bank’s Principles on Identification for Sustainable Development stress the need for digital ID systems to be inclusive, non-discriminatory, and anchored in legal safeguards. Nigeria’s NIN regime fails all three.
Freedom of Expression and the Weaponisation of Tech Law
Digital platforms now constitute vital fora for public discourse, political mobilisation, and civic engagement in Nigeria’s democratic landscape. However, these digital spaces remain perennially imperilled by repressive statutory instruments. Notably, the Cybercrimes (Prohibition, Prevention, etc.) Act 2015, particularly Section 24, criminalises so-called “cyberstalking,” a term couched in indeterminate and overly broad language.
This legislative vagueness has facilitated the prosecution and harassment of individuals, including journalists, activists, and private citizens, for merely exercising constitutionally protected speech, especially when such expression is critical of public officeholders. Despite legislative efforts by the National Assembly aimed at refining and circumscribing the scope of Section 24 to align with constitutional and international standards on freedom of expression, the provision continues to suffer from doctrinal ambiguity.
The definitional opacity surrounding “cyberstalking” and “cyberbullying” has thus rendered the section susceptible to arbitrary interpretation and selective enforcement, thereby undermining the rule of law and chilling legitimate online expression.
David Kaye, former UN Special Rapporteur on Freedom of Expression, has warned that vague laws around online speech can enable “legal harassment.” In Nigeria, this has become the norm. The arrest of journalists and activists under the guise of protecting reputations has created a chilling effect, violating Article 9 of the African Charter on Human and Peoples’ Rights.
The Twitter ban in 2021—a direct reaction to the deletion of a presidential tweet—demonstrated the authoritarian impulse that governs Nigeria’s tech regulation. No court order was sought, and no law cited. As Jack Balkin has noted, “freedom of expression in the digital age depends not only on state laws, but on the norms that govern platforms and governments alike.”
The Judicial Response
Although the judiciary has historically been cautious, it has occasionally risen to defend digital rights. In Incorporated Trustees of Digital Rights Lawyers Initiatives v. NIMC (2021) 52 E-WRN / 02, the Court of Appeal held that the protection of the right to privacy under Section 37 of the Constitution also includes the right to protection of personal information and personal data.
However, such progressive decisions remain isolated. Many digital rights cases are bogged down in procedural delays or dismissed on technicalities. The judiciary must adopt a purposive, rights-centred interpretation of existing laws and develop jurisprudence that reflects the evolving digital context.
Pathways for Reform
To harmonise tech law and human rights in Nigeria, the following reforms are necessary:
- Enact a Comprehensive Data Protection Act: One that is enforceable, rights-based, and independent of executive interference.
- Reintroduce the Digital Rights and Freedom Bill: To enshrine online rights into law, following global standards set by instruments like the ICCPR.
- Limit Governmental Surveillance: All surveillance must be subject to judicial oversight, necessity, and proportionality as per UN Resolution 68/167.
- Protect Online Expression: Repeal or amend vague provisions in the Cybercrimes Act that criminalise speech.
- Promote Digital Inclusion: Ensure that digital ID systems and tech infrastructure are inclusive, rights-based, and protect against exclusion.
- Build Institutional Capacity: Agencies like the NDPB must be better funded, independent, and empowered to impose sanctions and conduct audits.
Conclusion
As technology becomes the primary medium of rights in the 21st century, the legal architecture governing it must shift from control to protection. In Nigeria, tech law is currently a tool of coercion rather than liberation. To reverse this, the legal system must draw from global best practices and embed human rights into the very fabric of digital governance.
As Julie Cohen reminds us, the future of liberty in the digital age will be decided not only by laws, but by the structures of power embedded in code, institutions, and state behaviour. For Nigeria, the task is urgent and existential: to ensure that technology serves as a bridge to freedom, not a cage of control.