As Nigeria embraces the rapid growth of Artificial Intelligence (AI), the intersection of technology and data protection has become a pressing concern. With a digital economy expanding and a youthful population eager for innovation, Nigeria is poised to play a significant role in the AI revolution. However, this progress raises critical questions about the collection, processing, and safeguarding of personal data, particularly in an era where information is both a valuable asset and a potential risk.
**AI and Data Violations**
Data breaches linked to AI technologies are becoming more common, often stemming from the complexity of AI systems, weak data protection measures, or unethical practices. One prominent concern is the misuse of facial recognition systems, which have been linked to privacy violations globally. For example, in 2020, several police departments used facial recognition software without regulation, leading to wrongful identifications and the exposure of personal information.
Similarly, social media platforms have been notorious for harvesting user data. A notable case occurred in December 2022, when Meta (Facebook’s parent company) paid $725 million to settle a lawsuit involving the unlawful use of data for political advertising, which was partially driven by AI algorithms.
Voice-activated AI assistants like Amazon’s Alexa and Google Assistant have also raised privacy concerns, with some devices inadvertently storing and analyzing conversations without user consent. Additionally, AI-powered chatbots used for customer service can also become targets for malicious actors who may exploit vulnerabilities to steal sensitive information.
**Health Data Breaches**
In healthcare, AI is increasingly used to analyze patient data for better diagnoses and treatment. However, breaches can occur if these systems are not properly secured. Cybersecurity weaknesses in AI models analyzing patient records have led to concerns about the unauthorized access of personal health data.
Despite these challenges, Nigeria has made strides in incorporating AI into sectors like agriculture, finance, and healthcare, improving efficiency and decision-making. Yet, the growing reliance on data-driven technologies also increases the potential for data misuse, identity theft, and privacy violations.
**Regulatory Efforts**
Nigeria’s data protection framework is governed by the Nigeria Data Protection Commission (NDPC), established under the Nigeria Data Protection Act of 2023. This Act, along with the 2019 Nigeria Data Protection Regulation, seeks to align the country’s data collection and processing practices with international standards. However, questions remain about the effectiveness of these regulations, particularly with enforcement challenges in the country’s informal economy.
In 2021, reports surfaced about a major data breach exposing millions of Nigerians’ personal information, including National Identification Numbers. This prompted further concerns about the security of data stored in government databases. In June 2024, a probe was launched into a breach of the National Identity Management Commission’s database, after a civil society group alleged that personal data was being sold online.
Weak security on e-commerce platforms has also contributed to data breaches, including compromised customer financial data. As AI systems often rely on datasets sourced from individuals without consent, these breaches highlight the risks posed by unregulated data collection and storage practices.
**Weak Enforcement and Public Trust**
Experts have expressed concern about the enforceability of Nigeria’s data protection laws. Ebuka Ogbodo, an AI expert, argued that while Nigeria has sufficient data privacy laws, the challenge lies in their enforcement. He noted that the lack of job opportunities and widespread cybercrime contribute to the exploitation of data privacy gaps. Ogbodo further emphasized that the government must take a comprehensive approach, including creating employment opportunities and strengthening labor laws, to address the root causes of cybercrime.
Maxwell Adigun, another expert, warned against overreliance on AI without sufficient checks and monitoring. He pointed out that AI systems could be used to manipulate or exploit personal data, making it essential for the government to regulate AI technologies more rigorously.
**Strengthening Data Protection**
Experts agree that while innovation should be encouraged, it is vital to strike a balance with the protection of individual rights. They advocate for stronger public awareness campaigns, enhanced training for government agencies, businesses, and NGOs, and improved enforcement mechanisms for data protection laws.
Seun Ishola, a data analyst, suggested that promoting transparency among organizations about their data-handling practices, investing in advanced data security technologies, and ensuring redress for victims of data breaches could significantly boost public trust in Nigeria’s data protection system.
As Nigeria continues to expand its digital economy, it must prioritize robust data protection frameworks to safeguard its citizens’ privacy. By aligning with global best practices and fostering cooperation across sectors, the country can secure its future in AI development while upholding citizens’ rights.
