In today’s Nigeria, almost everything requires a digital identity, from opening a bank account with your Bank Verification Number (BVN), to registering a SIM card, and even getting your National Identification Number (NIN) for public services. Nowadays, almost every online platform requires you to submit any of these personal information in order to complete a mandatory KYC process. While this has made a lot of transactions smoother, it has also raised a serious question: how safe is your personal data out their in the hands of these various companies?
What Is Digital Identity?
Digital identity is the electronic version of your personal details, like your name, fingerprints, phone number, and financial records, stored and verified through technology. These identifiers link individuals to services in banking, telecoms, fintech, and even government platforms. In Nigeria, the most common forms include:
- NIN (National Identification Number)
- BVN (Bank Verification Number)
- TIN (Tax Identification Number)
- Driver’s Licence & International Passport
- SIM registration data
Why Data Protection Matters
Unfortunately, cases of data misuse are growing. From loan apps spamming borrowers on WhatsApp, to unauthorized use of phone numbers for marketing. This is not to mention the unnecessary spam calls that attack the phones of innocent citizens who are victims of a data leak. This is where the law and particularly the more recent Nigeria Data Protection Act (NDPA) 2023 steps in.
The NDPA 2023 is Nigeria’s first comprehensive data protection law and it made provisions for the following:
- Establishes the Nigeria Data Protection Commission (NDPC) to oversee compliance.
- Gives citizens the right to know how their data is collected, stored, and shared.
- Requires companies and government agencies to obtain consent before processing personal data.
- Imposes heavy fines (up to millions of naira) on organizations that misuse or leak citizens’ data.
What Citizens Must Know
As individuals, Nigerians now have enforceable rights under the NDPA. You can:
- Request access to your personal data from any company that holds it. Section 34(1)(a) & 34(1)(b)
- Demand correction if your data is inaccurate. Section 34(1)(c)
- Withdraw consent if you no longer want your data shared. Section 35(1) & 35(2)
- Report violations to the NDPC for investigation and possible compensation. Section 34(1)(a)(vi) & Section 46
What Lawyers Must Know
For legal practitioners, the NDPA creates new responsibilities and opportunities:
- Advising companies on data compliance policies.
- Representing victims of privacy breaches.
- Drafting privacy agreements and consent clauses for fintechs, digital lenders, and startups.
- Understanding how NDPA interacts with older laws like the Nigerian Communications Commission Act and the Cybercrimes Act (2015).
However, several critics argue that while the enactment of NDPA is a good step, its enforcement remains relatively weak. Many Nigerians still fear that government agencies and private companies may ignore these rules without facing the consequences. One the other hand, others worry about cybersecurity threats if hackers breach NIN or BVN databases, millions of personal information could be exposed.
Conclusion
Digital identity is here to stay, and so are the risks that come with it. The NDPA 2023 gives Nigerians a legal shield, but citizens must be proactive, ask questions, know your rights, and demand accountability. For lawyers, this is an evolving area of practice that blends law, technology, and human rights.
In a digital-first Nigeria, data is the new gold and protecting it should be everyone’s business.
Briefs & Brunch 2025: Moses Faya Set to Speak at the Tech Corner
