The Nigeria Data Protection Commission (NDPC) has disclosed plans to seek a review of the Nigeria Data Protection Act (NDPA) 2023 to address emerging technologies such as Artificial Intelligence (AI), robotics and big data, amid growing concerns over privacy, cybersecurity and data governance in an increasingly digital economy.
The proposed review comes as regulators across the world grapple with the rapid adoption of AI-driven technologies and the challenges they pose to existing legal frameworks designed to protect personal data and privacy rights. Experts believe the move signals Nigeria’s determination to align its data protection regime with global technological developments and emerging regulatory standards.
Speaking during activities marking the third anniversary of the signing of the Nigeria Data Protection Act into law, National Commissioner and Chief Executive Officer of the NDPC, Dr. Vincent Olatunji, said the current law requires updates to adequately reflect technological realities that have evolved significantly since its enactment.
According to him, the pace of innovation has made it necessary for policymakers to move beyond broad references to emerging technologies and provide clearer regulatory guidance.
“We are in the era of emerging technologies. At the time the law was drafted, we could only make broad references to emerging technologies, but today we can specifically mention Artificial Intelligence, robotics and big data,” Olatunji said.
The NDPC boss noted that technologies which were once considered futuristic have now become central to economic activities, digital services and public administration.
“Ten years ago, nobody was talking about AI the way we are doing now, but today it has become central to virtually every aspect of digital transformation. We need to be more specific about what constitutes emerging technologies and provide examples because the technologies keep evolving,” he added.
Industry stakeholders say the review is timely, given the increasing deployment of AI tools across sectors including banking, telecommunications, healthcare, education and public services. They argue that clearer rules are needed to govern automated decision-making, algorithmic accountability, data ownership and cross-border data transfers.
The proposed amendment also aligns with the National Assembly’s ongoing work to assess the existing law and identify areas to strengthen in light of evolving cyber threats and technological advancements.
Chairman of the Senate Committee on ICT and Cybersecurity, Senator Afolabi Salisu, had earlier indicated that lawmakers were reviewing the legislation to ensure it remains relevant in addressing developments such as AI and emerging cybercrime threats.
Analysts believe the review could further strengthen investor confidence in Nigeria’s digital economy by providing clearer regulatory certainty for businesses operating in data-intensive sectors.
The NDPA 2023 established the NDPC as the country’s primary data protection regulator and created a legal framework for the collection, processing, storage and transfer of personal data. Since its enactment, the Commission has ramped up enforcement, compliance monitoring, and awareness campaigns to strengthen data governance across public and private institutions.
Olatunji, however, cautioned against excessive reliance on AI technologies, stressing that human oversight remains critical in data processing and decision-making systems.
“We still need the human component. We should not leave everything to artificial intelligence,” he said.
He further noted that issues relating to digital footprints, privacy rights and responsible data use would continue to demand regulatory attention as technology becomes more integrated into everyday life.
Technology policy experts say the emergence of generative AI, machine learning systems and autonomous technologies has created new legal and ethical questions that many existing privacy laws were not originally designed to address. These include concerns around automated profiling, bias in AI systems, consent management, surveillance and accountability for decisions made by intelligent systems.
Meanwhile, the NDPC has in recent months demonstrated a growing focus on AI governance, including participation in international initiatives aimed at promoting responsible and privacy-conscious deployment of artificial intelligence technologies.
Stakeholders believe that any amendment to the Act should strike a balance between protecting citizens’ privacy rights and supporting innovation within Nigeria’s rapidly expanding digital economy.
Hence, the proposed review signals the likelihood of stricter compliance obligations for business and increased scrutiny of how personal data is collected, processed and utilised. While experts advise organisations to begin strengthening internal governance frameworks, data management systems and privacy compliance programmes in anticipation of future regulatory changes.
Consequently, the planned review of the Data Protection Act underscores the growing recognition that regulatory frameworks must evolve alongside technological innovation, while for policymakers, the challenge will be ensuring that the law remains flexible enough to encourage innovation while robust enough to protect citizens in an era increasingly defined by data and artificial intelligence.
We’ve got the edge. Get real-time reports, breaking scoops, and exclusive angles delivered straight to your phone. Don’t settle for stale news. Join LEADERSHIP NEWS on WhatsApp for 24/7 updates →
Join Our WhatsApp Channel
