Implementing Data Sovereignty and Digital Privacy in Nigeria Using Legislative Instrument: A Governance and Policy Analysis for a Secure Digital Economy

Abstract

This paper provides a detailed governance and policy analysis of Nigeria’s legislative instruments deployed to achieve data sovereignty and digital privacy within its rapidly growing digital economy. Nigeria, a key member of the Digital Cooperation Organisation or DCO, utilizes a sophisticated, hybrid regulatory architecture established primarily through the Nigeria Data Protection Regulation 2019 or NDPR and the Data Protection Act 2023 or NDPA (Mitchell & Mishra, 2024). This approach strategically blends comprehensive individual rights protections, largely influenced by the European Union’s rights-based model, with stringent, state centric data localisation mandates aimed at economic self reliance and national security (Mitchell & Mishra, 2024; Han, 2024). The core objective is to evaluate how this legislative strategy, using the Governance by Design framework, balances the imperatives of securing national interests and safeguarding data subject rights against the necessity of fostering scalable digital trade (Fedynyshyn, 2025; Mitchell & Mishra, 2024). The analysis finds that Nigeria’s reliance on broad geographical restrictions, particularly in critical sectors such as telecommunications and finance, risks functioning as a costly non tariff trade barrier, thereby hindering innovation and exacerbating conflicting legal obligations arising from transnational regimes like the United States CLOUD Act (Han, 2024; Chander, 2025). The study concludes that optimising Nigeria’s digital economy necessitates a policy shift from focusing purely on data residency to mandating technical control through measures such as encryption key management and promoting transparent enforcement mechanisms (Thales, 2025; Chander, 2025). This requires leveraging regional initiatives, including the African Continental Free Trade Agreement or AfCFTA, to establish interoperable, trust based data governance frameworks (Mitchell & Mishra, 2024).