The Legalnaija Blawg

Nigeria's 1st online legal education platform.

The Nigerian Blawg

Using innovative ways to empower Nigerians with legal information.

Follow @Legalnaija On Social Media

Your Favourite Law Blawg

The Legalnaija Blawg

Legal information at your finger tips.

The Nigerian Blawg

The 1st online legal education platform.

Feb 23, 2021

Hire A Social Media Manager For Your Law Practice

With the high rate of internet penetration in the country and the growing use of social media. Every business must aggressively employ the use of social media to reach its targeted audience and market. 

As law firms and lawyers directly communicate with the communities they serve, social media becomes a natural way to acquire new clients and establish your practice as a thought leader in your area of expertise. 

There are many benefits to using social media for your law firm and at Lawlexis, we would love to help you accomplish all your digital marketing and social media management goals for your law firm or legal practice.  Kindly contact us for free consultation via – 


-          09029755663 

Feb 18, 2021

Laws Governing Employment Relationship In Nigeria And The Rights Of Workers | Oluchi Atoyebi (Mrs.)

In establishing any organizational endeavor, an employment contract must be drawn up. In Nigeria, the employment relationship is governed primarily by the sources of employment laws in the country. A proper understanding of the laws that govern an employment relationship and adherence to laws that guide employees’ rights and employers’obligations, can protect the company from serious human rights violations.

Feb 16, 2021

Hon. Olubunmi Olugbade, The Apelua Of Ilawe Ekiti Was A Very Brilliant Legal Practitioner And An Outstanding Politician In Ekiti State | Dele Adesina SAN,FCIArb

A Gospel song writer says and I quote "What do we do when we don't know what to do? Where do we run to when we don't know where to go? And what do we say when we don't know what to say?" I must confess that I don't know what to say about the death of Chief Hon. Olubunmi Olugbade. I have been inundated with calls from friends and colleagues wondering whether the news of his death is true and how. Even though I do not know what to say, it has become inevitable for me to say something in his honour.

Let me start by saying that nobody no matter how powerful can add one second to his life. Secondly, I also recognise as a believer that there is no accident in predestination. Hence, the scripture says "that there is a time to be born and there is a time to die." The timing of these two great events of life is beyond the knowledge and comprehension of any man. With this understanding, no one can query God. "Kabio osi!"

Hon. Olubunmi Olugbade died exactly a week ago from today, February 9th, 2021 after a protracted illness. He was aged 61.  Hon. Olugbade's death is much more painful to me because I know that he carried the sole responsibility of looking after his six (6) children, his wife having died earlier in June 2018. Three (3) of these children are under 20. He was on sick bed for several months. I cannot help but to say that death is cruel and that devil, the author of death is wicked but I have a word for the children. That when the devil is at its worst, God is always at His best.

Hon. Olubunmi Olugbade was a good man. A very sincere and loyal friend, highly passionate and committed to relationship. A very brilliant Legal Practitioner and an outstanding Politician in Ekiti State. He was a former Honourable Member of the House of Assembly of Ekiti State where he made a mark. He was a former Chairman of Nigerian Bar Association, Ikere Branch, Ekiti State and a former member of the National Executive Committee of the Nigerian Bar Association. He was a great player and indeed an influencer in the affairs of Egbe Amofin – the South-west caucus of Nigerian Lawyers.  A transparent and honest man, highly reliable, unreservably selfless and absolutely committed to any cause that he believed in. I also know as a fact that he was a traditional title holder of Apelua of Ilawe, Ekiti and a great confidant of our traditional ruler back home.

The great legend Chief Obafemi Awolowo once said "All that I want in life is to live for history. To live for history is not to die but to be in the hearts of all men and to be in the hearts of men is to serve them selflessly." You served your community to the utmost best of your ability and capacity as Chief Apelua of Ilawe Ekiti. You served your State very diligently as a honourable member of the House of Assembly and you served your profession creditably to the level that circumstances and situations permitted the opportunity.  Above all, you served God dedicatedly through the platform of the Redeemed Christian Church of God. You therefore shall be in the hearts of so many people, too numerous to count and from different levels of humanity. Therefore, Chief Hon. Olubunmi Olugbade, you are not dead. You have barely transited from mortality to immortality. You are alive in our hearts.

I pray that God Almighty, the father of the fatherless shall rise up mightily for the children and other relatives that you left behind. He shall raise men and women for them and for their needs. When they need you, they shall see God.

Rest in perfect peace!

Dated 16th February, 2021.


Feb 15, 2021

Relevant Provisions From The Nigerian Finance Act 2020 | Olajumoke Ogunfowora

The Finance Bill 2020 has been enacted into law by President Mohammadu Buhari on December 31st 2020, taking effect from 1st January 2021. It has made over 80 amendments to 14 different laws following hot on the hills of the Finance Act 2019 which came into force on 13th January 2020. The Act has made several reforms to some tax and regulatory laws in the country; it has even included certain incentives towards the recent COVID-19 pandemic. In this article, we will be examining the significant changes the Act has made to various laws in Nigeria.

Feb 8, 2021

Cryptocurrency is still not illegal in Nigeria: A Digital Rights Lawyer’s Perspective | Olumide Babalola

I chose this caption advisedly, in spite of my understanding of the Central Bank of Nigeria's letter dated February 5, 2021 prohibiting "dealing in cryptocurrencies or facilitation of payment for cryptocurrency exchanges." Nevertheless, I will attempt to justify the caption of my intervention by briefly answering the following questions:

Are cryptocurrencies legal tenders within the regulatory purview of the Central Bank of Nigeria (CBN)?

The CBN would seem to have answered this question in their letter dated January 12, 2017 that: "The CBN reiterates that VC such as Bitcoin, Ripples, Monero, Litecoin, Dogecoin, Onecoin, etc and similar products are not legal tenders in Nigeria…."

Since cryptocurrencies are not legal tenders, one wonders where the CBN derives its arrogated powers to regulate cryptocurrency exchanges especially since the provision of section 2 of the CBN Act and section 1 of the Banks and Other Financial Institutions Act clearly define the perimeters of CBN's powers and functions, yet none contemplates regulation of "exchanges" in the mould of virtual currencies. I stand to be corrected on this interpretation though.

Apparently, since the CBN was in doubt as to the nature of and appropriate regulatory agency for cryptocurrencies, on the 14th day of September, 2020, the Securities and Exchange Commission (SEC) waded in and cleared CBN's doubts by issuing a statement to the effect that: "The position of the Commission is that virtual crypto assets are securities, unless proven otherwise" Accessed on February 8, 2021.

On regulating cryptocurrencies, SEC went ahead to state in their circular that: "Similarly, all Digital Assets Token Offering (DATOs), Initial Coin Offerings (ICOs), Security Token ICOs and other Blockchain- based offers of digital assets within Nigeria or by Nigerian issuers or sponsors or foreign issuers targeting Nigerian investors, shall be subject to the regulation of the Commission."

From SEC's intervention as seen in their circular, it is indubitable that CBN, with respect, jumped the gun by prohibiting "dealing" in an asset over which they do not have regulatory control and such a knee-jerk approach gives an impression of an ill-timed and "unthought out" entry into an unfamiliar terrain since they admitted in their letter of January 12, 2017 that the area is "unregulated."
Thankfully, SEC's position that cryptocurrencies are securities finds support in a US decision in United States of America v Maskim Zaslavskiy (17 CR 647)  where District Judge Raymond Dearie ruled that cryptocurrency is a security and that it would fall under the United State's Security Exchange Commission's purview.

Enough said on this!
Should CBN's Letter supersede SEC's statement on cryptocurrencies?
Section 13 of the Investments and Securities Act (ISA) establishes SEC as the apex regulator of securities. Chambers Dictionary  defines the word 'apex' as "the highest point." Hence, it is our modest view that CBN should ordinarily steer clear of virtual currencies since it is outside their areas of competence which ought to be in the exclusive preserve of the SEC.

The CBN's letter was neither referred to as a circular nor a regulation, hence the legal weight to be attached comes into question. Even if it bears such nomenclature, since SEC is designated the apex regulator of securities by the ISA, then their position should always override that of CBN on issues bordering on cryptocurrencies.
Does the CBN's letter criminalise dealing in cryptocurrencies or facilitation of payment for cryptocurrency exchanges?
Although CBN's letter expressly prohibits dealing in cryptocurrency, the source (if any) of such powers is suspect. Assuming they even have such imaginary powers, the courts have ruled that, an offence cannot be created by an administrative circular or letter. 

For proper context, in Omatseye v Federal Republic of Nigeria (2017) LPELR- 42719 (CA), the Court of Appeal held that:
"Administrative circulars or notices have its place in government but cannot create an offence. The apex Court in the case of Maideribe v. FRN (2013) LPELR-21861(SC) on circulars held thus: " Such circulars are- "a common form of administrative document by which instructions are disseminated; many such circulars are identified by serial numbers and published and many of them contain general statements of policy... they are therefore of great importance to the public giving much guidance about Governmental organization and the exercise of discretionary powers. In themselves they have no legal effect whatsoever, having no statutory authority. Exhibit "PD16z" is not known to law and therefore cannot create an offence because it was not shown to have been issued under an order, Act, Law or statute. In the absence of statutory authority in the said Exhibit "PD16z" or legal notice it cannot be said to have any legal effect."

Until the contrary is established, it is our humble position that, the CBN's letter dated February 5, 2020 remains in the realm of a mere (administrative) letter as admitted by its last paragraph that: "This Letter is with immediate effect" (Emphasis mine). Hence, it cannot create an offence upon which the Nigerian Police can arrest or harass any dealer in cryptocurrency, as one can already imagine.

Can the Police arrest dealers in cryptocurrencies?
As at press time, there is no law that criminalizes dealing in cryptocurrencies in Nigeria to my knowledge as the provisions of section 36(8) and (12) of the Constitution of the Federal Republic of Nigeria, 1999 (As amended) prohibit prosecution for an act which does not constitute an offence at the time of such act.  In interpreting section 36(12) of the Nigerian Constitution, the Court of Appeal held in Ibrahim v Nigerian Army (2015) LPELR- 24596(CA) that:
"The ingredients of section 36(12) of the 1999 Federal Constitution as amended (supra) are as follows: "The offence has to be defined in a written law which term refers to:- (i) An Act of the National Assembly;(ii) A Law of a State House of Assembly;(iii) Any subsidiary legislation; or (iv) Instrument under the provisions of a law. The penalty shall also be prescribed in a written law which term refers to:-(i) An Act of the National Assembly;(ii) A Law of a State; or(iii) Any subsidiary legislation; or(iv) Any instrument under the provisions of a law." 

Applying the foregoing parameters to the CBN's letter, the bank will have to further explain to Nigerians whether it is intended to be a subsidiary legislation or it provides penalty as required by the Constitution, bearing in mind the meaning of subsidiary legislation and the decision of the Supreme Court's decision in Comptroller General of Customs v Gusau (2017) LPELR – 42081 (SC) to the effect that, guidelines are not subsidiary legislation, hence there exists no law creating an offence (of dealing in cryptocurrencies) upon which the police can lawfully arrest anyone in Nigeria.

Conclusively, without prejudice to the (right or wrong) economic and socio-political sentiments, whipped up by the CBN in their Press Release of February 7, 2021 justifying the prohibition, it remains this writer's respectful opinion that the apex bank overstepped its regulatory boundaries by usurping the statutory powers of the Security and Exchange Commission to regulate securities in the mould of cryptocurrencies.

Photo credit -

Feb 4, 2021

Data Protection And Intellectual Property: A Global Approach To Dissecting Emerging Legal Issues | Oyetola Muyiwa Atoyebi, SAN



According to OECD in 2015, data is seen as the very infrastructure underlying the modern digital economy.

To succeed in the modern economic environment, businesses and technology models heavily rely on huge amount of data to thrive. Top companies lik
e Facebook, amazon and google, some of the world’s digital economy leaders, are leaders in the business world due to their access to immense amount of data from their users which they then apply with their algorithms. it helps keep their market at a remarkably high level.

The questions of who owns the data, who gets access to it and whether data is something that can be owned in the first place is yet to be settled. In the same vein, it leaves us with so many questions on intellectual property rights.

Although there exists bits and pockets of legal frameworks for data, the EU’s General Data Protection Regulation (GDPR) which came in force in 2018 took centre stage and replaced most existing data laws, particularly Directives 95/46/EC (the Data Protection Directive) and 2002/58/EC (the ePrivacy Directive). Other new regimes like the California Consumer Privacy Act (CCPA) which became operative on the 1st of January 2020 is also a subject of much discourse.



The question that keeps arising is, how much does these laws recognise Intellectual Property rights?

One thing that is certain is that IP rights are not expressly spelt out in most data protection laws and some may even have counter effect on IP. Under the GDPR for example, right owners wishing to take action against domain name owners whose domains have infringed their trademarks, design or copyright, will find it harder to obtain details of a UK domain name owner allegedly infringing their rights due to the consent provision of the GDPR.

Similarly, the GDPR does not recognize company rights but just personal rights. The European Commission (EC) stated that the rules only apply to personal data about individuals and do not govern data relating to legal entities.

The Nigerian data protection regulation (NDPR) also takes a similar approach to data rights. The NDPR defines a ‘data subject’ as a person who can be identified directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, economic, cultural or social identity. It also defines personal data as information relating to an identified or identifiable natural person which may be a name, address, photo, email address, bank details, posts on social networking websites, medical information, etc. thus,

Giving the restriction of data subjects to majorly natural persons only, the current data protection regime has left a huge void regarding intellectual property rights.



Trade secrets arguably enjoy the most protection under the current data protection laws. The Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) sets out standard minimum levels of protection of trade secrets as Intellectual Property Rights and provides a definition of the information that can be protected, focusing on these three requirements:

(i)                Secrecy,

(ii)              commercial value; and

(iii)            reasonable steps to keep the information secret.


Trade secrets regime in the EU has been recently regulated by Directive (EU) 2016/943 (“Trade Secrets Directive”). As evinced from Recital 10 and Article 1 of the Trade Secrets Directive, the aim of the Directive is not to introduce a full EU trade secrets regime, but rather to reach a partial harmonisation through a minimal standard of protection, leaving room for Member States to provide for more far-reaching protection.



The CCPA particularly provides an interesting cover for trade secrets. Generally, the CCPA allows California consumers to request that a business disclose the specific pieces of personal information (PI) the business has collected. The consumer also may request that the business delete any PI about the consumer that the business has collected. If a business is able to verify the identity of the consumer making the CCPA request, it must comply with the request unless one of the enumerated exceptions applies. Unexcused failure to do so exposes the business to a civil action by the California Attorney General for injunctive relief and civil penalties of up to $7,500 for each violation.

The question now is, what happens if the personal information covered by the consumer request includes information considered as trade secret data? Given the wide meaning of both PI and trade secrets under the CCPA, a conflict in this regard is inevitable.

Although the CCPA does not provide a clear-cut safe harbor to address this dilemma, a potential argument that may support a decision to withhold trade secret data when responding to a consumer request may arise.



Seeing that Artificial Intelligence (AI) is already becoming omnipresent in our everyday life, the development raises broad and multi-disciplinary policy questions, including several aspects of intellectual property (IP). Much like the countries in which they operate, an increasing number of corporations are convinced that AI will be essential to maintaining a leading position in the future.

Determining the owner of an IP right in AI driven technologies are quite complicated. Biometrics, as an AI initiative provides a brilliant case study. The GDPR includes specific provisions for biometric data. In particular, the GDPR covers the processing of biometric data for the purpose of uniquely identifying a natural person. Biometric data is data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

A company that is desirous of collecting the biometric (or other prohibited data) of an EU citizen, the company must be able to demonstrate that it has met an exception to the GDPR’s general prohibition. A non-exhaustive list of these exceptions include: that the EU citizen has given explicit consent for a specified purpose for the data; that processing the data is essential to protect the vital interests of the individual and he or she is incapable of giving consent; or that processing the data is necessary for the purposes of preventive or occupational medicine, and subject to the conditions and safeguards referred to in the GDPR.

In addition to meeting one of the exceptions, a company must also comply with data protection requirements and obligations. For example, a company must provide EU citizens with the right to be forgotten, meaning that an individual shall have the right to withdraw his or her consent at any time. This can lead to severe penalties for the company for failure to comply. The question then arises, at the point where consent was yet to be withdrawn, who owned the intellectual property right? If it is the company, do they lose that ownership when the data subject decided they want to be forgotten?

In this regard, it could be argued that ownership of IP rights in big AI resides with the data subjects and only upon certain exceptions can companies use it.



The global technology transition brings into question several fundamental IP concerns. Seeing that most IP laws were written at a time when only natural and human intelligence were contemplated, AI challenges many traditional IP legal notions such as originality, copying, author, designer, and inventor among others. Arguably, when AI systems are engaged to perform creative or other cognitive tasks, the prevailing humanistic approach to IP is not well suited to protect the generated results.

Let’s look at copyrights for example. Under EU and American copyright law, copyright protection applies to the expression in any form of a computer program, provided that the program is original in the sense that it is the author’s own intellectual creation. In respect of the criteria to be applied in determining whether a computer program meets the originality requirement, no tests as to the qualitative or aesthetic merits of the program should be applied.

However, ideas, methods and principles which underlie any element of a computer program, including those which underlie its interfaces, are not protected by copyright. Only expressions of intellectual efforts are protected. In addition, since no registration is neces­sary for copyright protection to arise (with varying exceptions), collection of evidence may sometimes be difficult.

In conclusion therefore, from an economic standpoint, the scope of copyright protection (and other IP protection including trademarks and trade secrets) for an AI system is insufficient. Seeing that copyright will not protect the creativity, skill and inventiveness devoted to the development of the functional concept behind an AI system, it may be recommended not to rely solely on copyright law and data protection laws. The current data regime completely ignores this possible insufficiency. These insufficiencies for the main time are best circumvented via a robust contractual agreement, although it has its inadequacies, especially when dealing with a large number of data subjects.




On the back of several reports of privacy violations against Facebook, the United States Federal Trade Commission imposed a $5,000,000,000(Five-Billion Dollar) fine on the company in July, 2019. Earlier in January, 2021, social media giants – Twitter, permanently suspended the account of Former American President, Donald Trump for inciting violent protests at the Capitol (the Nation’s legislative building) via his tweets on the platform. 


What indeed is the nexus between these narratives? Simply put, the former narrative on the fine imposed on Facebook encapsulates the importance placed on the need to protect data rights as contained in databases. The later relays the great extent to which the owner of an intellectual property can exploit his powers (in this instance, it was exercised to outlaw a President from social media). Moving forward, it is without doubt that in several jurisdictions the world over, various laws have been put in place to uphold various rights and more importantly in this discuss – data rights and intellectual property rights.


This paper seeks to open a conversation on the need to ensure that the exercise of database rights by an intellectual property owner, does not infringe on the data rights of others.




Although no Nigerian legislation defines database rights, in Nigeria, it can be regarded as a literary work eligible for protection under Section 1, of the Copyright Act, 2004.  For the purposes of clarity however, the definition of a database under the United Kingdom’s Copyright and Rights in Databases Regulations, 1997, may be adopted. Regulation 6 of the Regulation defines a database as ‘a collection of independent works, data or other materials which are arranged in a systematic or methodical way, and are individually accessible by electronic or other means’.


Therefore, in basic terms, a database right refers to the intellectual property right accorded to a person in recognition of the effort put in forming/creating a database.


As earlier stated, these rights are accorded protection under the Copyright Act of Nigeria. Consequently, the owner of a database enjoys the protection of the following rights as a copyright owner:


1.       Economic rights: These rights aim at safeguarding the financial interests of a copyright owner by conferment of an exclusive right to exploit the work commercially. They consequently provide the following benefits:


·        Enhance the market value of a business by leveraging on the goodwill provided by ownership of IP.

·        A source of earning as they can be licensed/assigned


2.      Moral rights: These seek to protect the integrity of the author’s work as it encapsulates the reputation of a copyright owner. To this end, the law will operate to prevent a copyright owner’s work from being used in a manner contrary to the owner’s wishes or without his prior approval.




As earlier established, database rights under Nigerian law enjoy the benefit of copyright protection which enable a copyright owner to exploit the benefits therein. However, whilst the law will recognise and afford protection to the ingenuity of an author (copyright owner) who has exerted effort in compiling such a database, such a compilation must be done in a manner that does not infringe on the rights of others. It is indeed in this regard, that the issue of Nigeria’s data protection regime comes to fore.


Whilst they exist pockets of industry specific legislations on data protection in Nigeria, the Nigerian Data Protection Regulation (NDPR), 2019 constitutes the only comprehensive and holistic piece of data protection in Nigeria. The regulation principally seeks to ensure that the processing of the data of Nigerians is carried out lawfully in a manner consistent with the privacy rights of Nigerians.


Since its coming into force, the NDPR has strengthened the nation’s data protection framework by ushering in a number of laudable developments as follows:


1.       Enhanced Privacy Rights: The NDPR most importantly, has articulated the privacy rights of Nigerian citizens guaranteed under Section 37 of the 1999 Constitution as amended. In a landmark decision, the Federal High Court in Abuja, in 2019, affirmed the data privacy rights of Nigerians and ordered the Nigerian Information Management Commission to protect the data rights of Nigerians beyond merely having bogus security policies which it had prior to the suit, failed to implement. [See Incorporated Trustees of Paradigm Initiative for Information Technology (PIIT) & Sarah Solomon-Eseh v National Identity Management Commission (NIMC) & Anor)].


Essentially, the NDPR preserves the data rights of Nigerians by requiring all data controllers (organisations processing the data of Nigerians) to ensure that in processing (making use of) the data of Nigerians:


·        consent must be obtained;

·        it must be in the interest of the data subject or in public interest;

·         for the performance of a contract which the data subject is a party to, amongst others.


2.      Commitment to Ensuring Data Protection: The NDPR also solidifies the commitment of the Nigerian government in ensuring that all cybercrimes and associated threats linked to breaches in data bases are addressed. Article 2.6 of the NDPR places a duty on all data processors to put in place security measures to protect data which amongst other things include setting up firewalls, protection of emailing systems and employing data encryption technologies.


Reports indicating that 588 businesses have filed data audit reports           with the National Information Technology Development Agency           (NITDA) as at August, 2020, as opposed to a near zero compliance level           before the inception of the NDPR is indeed a silver lining in the quest        for data protection in Nigeria.


3.     Expansion of Nigeria’s Job and Wealth Creation Potential:

In Nigeria, the National Information and Technology Development Agency (NITDA) licenses Data Protection Compliance Officers (DPCOs) to not only provide data audit services, but to provide general training on data compliance which obviously comes at a cost to data controllers patronizing such DPCOs thereby fuelling wealth and job creation. In a similar vein, an avenue is created for the government to generate funds through licensing fees for DPCOs and applicable fines for breach of data rights.


            In capturing the wealth and job creation potential available via the NDPR, Isa Pantami, Nigeria’s Minister of Communications and Digital      Economy in an interview in September, 2020, observed succinctly:


“One of my greatest sources of joy on the Regulation is its job creation potential. Over 1.5 million businesses and non-governmental organisations would need to file Data Audit Reports on or before March 15 every year. Each of these reports must bear a Verification Statement, sign and seal of a licensed DPCO. If each DPCO provides service for an average of 50 Data Controllers, we would need over 300,000 professionals to meet this need.” [Available On: Premium Times, ‘The      Huge Prospects of Nigeria’s Data Protection Regulation 2019, By Isa Ali Ibrahim Pantami’ (Premium Times, 16 April 2019) accessed 7th September 2020].




Although, the provisions of the NDPR are laudable and set the tone for much potential in Nigeria’s efforts at achieving a world class data protection status in which all data rights are protected, nonetheless, there exist few challenges:


1.       Scope: The NDPR only guarantees data protection for Nigerians in Nigeria (Article 1.2 NDPR). Consequently, the regulation does not extend protection to non-residents. In contrast, the General Data Protection Regulations, GDPR (applicable to countries in the European Union) has extra-territorial provisions governing such outsourcing needs. See Article 3 of the GDPR.


2.      The Status of the NDPR:  It has been submitted, that the efficacy of the provisions of the NDPR is watered down as it is not a legislation. Consequently, in the event of a conflict between the regulation and statute, the later shall prevail. For example, the provisions of the Cyber Crimes Act, 2015, on the release of personal data pursuant to Court orders and statutory fines, will take precedence over the NDPR. In sharp contrast however, the provisions of the General Data Protection Regulations (applicable to the European Union) is a substantive legislation of parliament.


3.      Deterrence Measures: In light of the serious damage privacy infringement may occasion and the huge profits earned by infringing companies doing business, it is observed that the penalty imposed by the regulations should be made weightier. Article 2.10 of the NDPR imposes a fine of 2% on domestic gross annual revenue or 20 Million Naira, whichever is greater on companies (handling above 10,000 data subjects) in breach of the regulation. With the combined values of the top tech companies Facebook, Netflix, Google and Amazon placed at 2.3 trillion dollars in 2018, the 20 Million Naira fine under the NDPR should be increased to deter violations.



Nigeria’s quest to achieving a compliant data protection status capable of securing database rights and indeed all other ancillary intellectual property rights cannot be achieved overnight.  Nonetheless, the above issues discussed are cardinal and must be tackled as a first step:


1.   Need to Improve Capacity: It is germane that NITDA as the principal body for data protection in Nigeria consolidates on its successes and takes steps to improve further. Whilst the agency must be applauded for opening investigations into a number of alleged data breaches, notably breaches by TrueCaller, Surebet247 and the Lagos Inland Revenue Service, the absence of sanctions or the non-publicity of same must be addressed. The agency must begin to impose sanctions on defaulting organisations. The NITDA should take a cue from countries within the European Union which have imposed a minimum €114,000,000 in fines since the inception of the GDPR in 2016.


2.      Scope of the Act: The definition of data under the NDPR must be reviewed to explicitly include non-electronic data.  This will ensure that data not electronically stored is also afforded protection. Such an amendment must also include an obligation on data controllers to inform data subjects of data breaches thus affording such subjects the opportunity to take extra precautionary measures and further ultimately bring the NDPR into conformity with international best practices on data protection.


3.     Increased Licensing Capacity: Lastly, it is firmly believed that by licensing more competent data compliance officers, market forces would operate to dictate cost of data audit reports and associated due diligence on data compliance. This would remedy the effect of the current regime were high compliance costs currently cripple the efforts of data controllers at achieving compliance.


4.     Passage of the Digital Rights Bill: The Nigerian Government must take steps in ensuring that the Digital Rights Bill is passed into law. Following President Buhari’s non-assent to the Bill, the National Assembly must take the bull by the horn to ensure passage by addressing the reasons for the President’s decline of assent (for e.g. the failure to address specific digital rights extensively). The Act, if passed will not only crystallise the data rights of Nigerians it would also allay all fears pertaining to the genuineness of Nigeria’s data protection regime.





This Legal content appraises the role of the intercourse between Data protection and intellectual property rights from a global and ever evolving purview, while succinctly addressing the need for an improvement in the Global and Nigeria’s data protection framework with a view to ultimately ensure that a balance is achieved in the protection of data rights and database rights.



Written by: Oyetola Muyiwa Atoyebi, SAN

Mr. Oyetola Muyiwa Atoyebi, SAN is a seasoned Intellectual  Property and data protection expert with over a decade’s worth of experience in legal practice and technology. He has facilitated numerous transactions and given countless legal opinions on Intellectual property and data protection inclined matters in Nigeria. Against the backdrop of his stellar expertise, Atoyebi has also facilitated several panel discussions and engagements on  Intellectual  Property and data protection.

Brand Stumping – Legal Positions On Comparative Advertising | Abimbola Balogun

I was in my office one fine day when my good friend Mr. B paid me a short friendly/business visit. While we had our usual chat exchanging pleasantries, he would take occasional pauses when he spotted anything new and interesting to show me and as usual I could not but look; as I like gist like that. One of the interesting topics he showed me was a new Pepsi advert featuring the famous female rapper Cardi B. In this advert (in summary), the customer at a restaurant/bar requests for a coke to which the waiter replied, oh we don’t have coke; but is a Pepsi ok? Cardi B in dismay asks the waiter “what do you mean is a Pepsi okrrrrr, of course a pepsi is okrrrr.. etc”. While we both found this advert hysterical, Mr. B’s question quickly turned our entertainment into an academic journey.

Feb 1, 2021

Privacy Versus Data Protection Debate in Nigeria: The Two Schools of Thought | Olumide Babalola  

Privacy and data protection (as a practice area) is relatively nascent and in its developmental stages in Nigeria: the main legislation are inadequate or inelegantly drafted, the regulator is facing legitimacy and capacity challenges, many professionals are few and ill-equipped, industry practitioners a little bit laid back and ultimately, the government is, regrettably, sluggish with its legislative attempts towards birthing a principal legislation for data protection.


From my experience as a privacy litigator, the first issue that confronts an Applicant in Nigerian courts is, whether or not data protection is actionable as a fundamental right to privacy, or they are to be approached as one of those statutory rights litigable under the regular civil procedure as opposed to the sui generis approach under the Fundamental Rights Enforcement Procedure Rules 2009.


Some notable Nigerian academics and legal practitioners have embraced two schools of thought along the lines of their professional convictions and proclivities, while seemingly situating same on their perceived state of the relevant data protection legislation in Nigeria.


Data Protection is not Privacy (First School)



From an academic perspective, Dr. Adekemi Omotubora, a senior lecturer at the University of Lagos appears, with respect, the most vociferous and consistent Nigerian proponent of this school of thought, who doesn't spare blushes when expressing her belief that data protection should be distinguished and severed from right to privacy. In the wake of issuance of Nigeria Data Protection Regulation in 2019, the learned academic penned an instructive article on "The NITDA Regulations on Data Protection: A Peculiarly Nigerian Approach?" wherein she asserted that:


"The critical point here is that the assumption underlying an objective to safeguard 'a right to data privacy' in the Regulation is misguided if not unconstitutional. It is misguided because it shows lack of understanding of the conceptual differences between privacy and data protection. It is unconstitutional because it aims to safeguard a non-existent right to data privacy. Therefore, unless we can argue, presumably ingeniously, that it is possible for the NITDA Regulation to create a right to data privacy, then the entire Regulation could be challenged for its unconstitutionality."


Again, in March 2020, she co-authored a scholarly paper titled  "Next Generation Privacy" published in Routledge Information and Communications Technology Law Journal where she posited that:


"Perhaps to further underline the distinction between the two concepts, the Charter of Fundamental Rights (CFR) created a separate right to data protection in article 8 although the authorities had already proclaimed that protection of personal data must be seen as fundamental to a person's enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of the Convention….While it remains unclear whether and how a new fundamental right to personal data and a change in nomenclature (from privacy to data protection) would herald a new jurisprudence of data protection, it is clear that the EU law now considers the interchangeable use of privacy for data protection an anomaly."



Litigators' Submission


From the practicing lawyers' perspective, the Law Firm of Templars (one of  Nigeria's largest commercial law firms) recently released a publication titled "Enforcing Data Subject Right Under Nigeria's Data Protection Regulation: The Wrong Way (And the Right Way)" wherein they pitched their tent with this school of thought as follows:


"…we would readily throw our weight behind the FHCN's decision. The reason is not far-fetched. The FHCN's reasoning that, a breach of a Data Subject's rights under the NDPR cannot be remedied by way of an action brought under the FREP Rules aligns with the basis for FREP Rules, as a specialized procedure reserved for enforcement of fundamental rights under Chapter IV of the Constitution or the African Charter… In light of the foregoing backdrop, it may not be out of place to adjust the FREP Rules in a way that would make the Rules readily amenable and flexible to accommodate emerging rights, such as the Data Subject's rights in the NDPR, that are similar to the rights of citizens specifically provided for in the Constitution. But until such an adjustment, it may be important that originating processes with the reliefs sought in an action brought under the FREP Rules, are carefully couched to avoid being thrown out of court at a preliminary stage of the proceedings. The substantive or principal claim must be in relation to a breach of a fundamental right as contained in Chapter IV of the Constitution or African Charter, while the ancillary claim may be a breach of the provisions of the NDPR. Better still, and perhaps, a better approach, would be to make a claim for breach of the NDPR and NITDA Act a stand- alone proceeding, rather than lumping it together with a fundamental right enforcement action under the FREP Rules. That way, any unnecessary controversy with its attendant risks, can be avoided."
Judicial Decisions
In two separate judgments delivered by the Federal High Court in 2020, the very hardworking late Hon. Justice Ibrahim Watila (God rest his soul) did not mince words when his lordship held that data protection has nothing to do with right to privacy under section 37 of the Nigerian Constitution and actions bordering on data breach cannot be validly brought under fundamental rights procedure. (See the unreported decisions in Suit No. FHC/AB/CS/85/2020 between Digital Rights Lawyers Initiative and Unity Bank and Suit No. FHC/AB/CS/ 79 between Laws and Rights Awareness Initiative and National Identity Management Commission delivered in December 2020.
Data Protection is cognizable under Right to Privacy (Second School)
Dr. Lukman Adekunle Abdulrauf, a lecturer at the University of Ilorin, is arguably Nigeria's most prolific scholarly writer on data protection with several papers published in local and international journals and length his weight to this school of thought that posits data protection as a human right.
In his co-authored work published in Springer's Liverpool Law Review titled "Personal Data Protection in Nigeria: Reflections on Opportunities, Options and Challenges to Legal Reforms" he contends that's:
"Without ignoring the strengths of the arguments in favour of data protection as commercially driven, there is an equally stronger movement in favour of data protection as a human right. The contention is that anchoring data protection on economic success rather than human rights will naturally have the effect of relegating privacy and autonomy to the background…. In spite of the commercial purposes, there is no denying that data protection has its roots in the right to privacy in international human rights instruments like the Universal Declaration of Human Rights (UDHR),57 International Covenant on Civil and Political Rights (ICCPR)58 and European Convention on Human Rights (ECHR).59 Thus, the normative basis of data protection is in human rights instruments which arguably makes it a human right too… Based on the above, data protection can be said to be a composite human right because of its strong attachment to the right to privacy and other human rights."
In the same school, another prolific academic, Dr. Bernard Jemilohun of the Ekiti State University wrote in his paper "Regulations or Legislation for Data Protection in Nigeria? A Call for a clear legislative Framework" that:
"Data protection legislation is a form of human right protection legislation and it will amount to gainsaying to think all that is about data protection is just about technology and the need to develop its use or prevent the abuse thereof."
Litigators' Perspective
In 2020, the Alliance Law Firm via its erudite principal partner, Mr. Uche Val Obi, SAN (author of Nigeria's only book on class actions) published a paper titled " An Extensive Article on Data Privacy and Data Protection Laws in Nigeria" where the learned Silk states that:
"As is applicable to most jurisdictions, Nigeria's data privacy and data protection regime emanates from the fundamental legislation of the land i.e. the Constitution of the Federal Republic of Nigeria 1999, as amended ("the Constitution"), which, by virtue of section 37 thereof protects the rights of citizens to their privacy and the privacy of their homes, correspondence, telephone conversations and telegraphic communication. Data privacy and protection are thus extensions of a citizen's constitutional rights to privacy."
Judicial Decisions
Earlier in 2020, the High Court of Ogun State (per Akinyemi, J. and Ogunfowora, J.) in two separate judgments unequivocally held that right to privacy under the Constitution extends to data protection. (See Suit N. AB/83/2020 between Digital Rights Lawyers Initiative and National Identity Management Commission and Suit No. HCT/262/2020 between Digital Rights Lawyers Initiative and LT Solutions Media Ltd)
I had the privilege of participating in all the judgements referred to in this piece and since they are all subject of pending appeals, I will refrain from stating my position. That said, the law on relationship between data protection and privacy remains unsettled within and outside the Nigerian courts. Hence, anyone can safely pitch his tent with any of the schools of thought and still remain on the right wicket since none of the decisions are yet to be set aside on appeal.
Ultimately, until we have the benefit of an appellate court decision on this all-important industry issue or a remedial legislative intervention, the banters on the nature of data protection rights as fundamental or ancillary claims will continue for a long time and this may not augur well for the stakeholders, especially the courtroom practitioners.