Nigerian NDPA vs European Union GDPR: Comparing Data Subject Rights and Privacy Protection

Abstract

In an era marked by rapid digital transformation, the protection of data subject rights and privacy has become a critical issue globally. This thesis undertakes a doctrinal comparative analysis of the data subject rights found in the Nigerian Data Protection Act (NDPA) and the European Union's General Data Protection Regulation (GDPR), together with an examination of its approaches to privacy protection. The study aims to elucidate the adequacy of these legal frameworks in safeguarding personal data and ensuring privacy. The research begins by providing a background on the evolution of data protection laws, highlighting significant cases such as Digital Rights Lawyers Initiative & 2 Others v. National Identity Management Commission & 1 Other which exemplified recent data privacy issues in Nigeria. The thesis examines the specific legal provisions of the data subject rights together with the enforcement provisions found in NDPA and GDPR, which identifies both similarities and divergences influenced by their distinct legal, social, and economic contexts. A critical part of the study involves analysing the enforcement mechanisms of both regulations to determine if the right to privacy is adequately adhered to. The thesis also delves into the cultural, social, and economic factors impacting the implementation of these laws in Nigeria compared to GDPR compliant regions. Key findings from the comparative analysis reveal that while the GDPR provides a more stringent and comprehensive framework for data protection, the NDPA represents a significant step towards enhancing data privacy in Nigeria. The study identifies areas where the NDPA could benefit from adopting elements of the GDPR, particularly in strengthening enforcement mechanisms by adopting a decentralised approach and ensuring broader rights for data subjects are provided for. On the other hand, the GDPR can emulate the broader provision of the NDPA on the right to data portability. The thesis concludes with a summary of key findings from the comparative analysis and recommendations for policymakers to restructure the provision of data subject rights and enforcement mechanism in the NDPA. Further recommendation is made for policy makers to review the right to data portability found in the GDPR. This work also suggests strategies for overcoming implementation challenges, emphasizing the need for awareness and better enforcement structures in data privacy. This research contributes to the broader discourse on data privacy by offering insights into the adequacy of data protection laws within the Nigerian and European Union frameworks, serving as a foundation for future comparative studies in this domain.