Implementing Data Sovereignty and Digital Privacy in Nigeria Using Legislative Instrument: A Governance and Policy Analysis for a Secure Digital Economy

This paper provides a detailed governance and policy analysis of Nigeria’s legislative instruments deployed to achieve data sovereignty and digital privacy within its rapidly growing digital economy. Nigeria, a key member of the Digital Cooperation Organisation or DCO, utilizes a sophisticated, hybrid regulatory architecture established primarily through the Nigeria Data Protection Regulation 2019 or NDPR and the Data Protection Act 2023 or NDPA (Mitchell & Mishra, 2024). This approach strategically blends comprehensive individual rights protections, largely influenced by the European Union’s rights-based model, with stringent, state centric data localisation mandates aimed at economic self reliance and national security (Mitchell & Mishra, 2024; Han, 2024). The core objective is to evaluate how this legislative strategy, using the Governance by Design framework, balances the imperatives of securing national interests and safeguarding data subject rights against the necessity of fostering scalable digital trade (Fedynyshyn, 2025; Mitchell & Mishra, 2024). The analysis finds that Nigeria’s reliance on broad geographical restrictions, particularly in critical sectors such as telecommunications and finance, risks functioning as a costly non tariff trade barrier, thereby hindering innovation and exacerbating conflicting legal obligations arising from transnational regimes like the United States CLOUD Act (Han, 2024; Chander, 2025). The study concludes that optimising Nigeria’s digital economy necessitates a policy shift from focusing purely on data residency to mandating technical control through measures such as encryption key management and promoting transparent enforcement mechanisms (Thales, 2025; Chander, 2025). This requires leveraging regional initiatives, including the African Continental Free Trade Agreement or AfCFTA, to establish interoperable, trust based data governance frameworks (Mitchell & Mishra, 2024).

Data Sovereignty, Cross-Border Data Flows, Data Localisation, Data Governance

1. Chander, A. (2025). The national security internet. Scholarship at Georgetown Law. Retrieved April 7, 2025, from https://scholarship.law.georgetown.edu/ [Google Scholar] [Crossref]

2. Chen, R. (2021). Mapping data governance legal frameworks around the world, findings from the global data regulation diagnostic (Policy Research Working Paper 9615). World Bank. [Google Scholar] [Crossref]

3. Fedynyshyn, R. (2025, September 23). Data sovereignty, what does compliance require in 2026? N iX. Retrieved November 18, 2025, from https://www.n-ix.com/data-sovereignty/ [Google Scholar] [Crossref]

4. Gu, H. (2023). Data, big tech, and the new concept of sovereignty. Journal of Chinese Political Science, 29(4), 591 to 612. [Google Scholar] [Crossref]

5. Han, S. (2024). Data and statecraft, why and how states localise data. Business and Politics, 26(2), 263 to 288. [Google Scholar] [Crossref]

6. Houser, K. A., and Bagby, J. W. (2023). Next generation data governance. Duke Law and Technology Review, 21(1), 62 to 106. [Google Scholar] [Crossref]

7. Hummel, P., Braun, M., Tretter, M., and Dabrock, P. (2021). Data sovereignty, a review. Big Data and Society, 8(1), 1 to 17. [Google Scholar] [Crossref]

8. Kaya, M., and Shahid, H. (2025). Cross border data flows and digital sovereignty, legal dilemmas in transnational governance. Interdisciplinary Studies in Society, Law, and Politics, 4(2), 219 to 233. [Google Scholar] [Crossref]

9. Li, L. (2025). Data sovereignty and national security, governance challenges and pathways in the digital age. Global Review of Humanities, Arts, and Society, 1(1), 49 to 58. [Google Scholar] [Crossref]

10. Mitchell, A. D., and Mishra, N. (2024). Cross border data regulatory frameworks, opportunities, challenges, and a future forward agenda. Fordham Intellectual Property, Media and Entertainment Law Journal, 34(4), 842 to 899. [Google Scholar] [Crossref]

11. Ryan, M., Gürtler, P., and Bogucki, A. (2024). Will the real data sovereign please stand up, an EU policy response to sovereignty in data spaces. International Journal of Law and Information Technology, 32, eaae006. [Google Scholar] [Crossref]

12. Thales. (2025, June 10). Why data sovereignty and privacy matter to you, not just nations. Retrieved August 3, 2025, from https://cpl.thalesgroup.com/blog/encryption/data-sovereignty-privacy-governance [Google Scholar] [Crossref]

13. TrustArc. (2025). The global rise of data localisation, risks, tradeoffs, and what comes next. Retrieved October 26, 2025, from https://trustarc.com/resource/global-rise-data-localization-risks/ [Google Scholar] [Crossref]

14. Wan, Y. (2025). The regulatory framework, practical challenges, and solution pathways for cross border data flow. International Theory and Practice in Humanities and Social Sciences, 2(5), 47 to 58. [Google Scholar] [Crossref]

15. Zygmuntowski, J. J., Zoboli, L., and Nemitz, P. F. (2021). Embedding European values in data governance, a case for public data commons. Internet Policy Review, 10(3). [Google Scholar] [Crossref]

• The Impact of Ownership Structure on Dividend Payout Policy of Listed Plantation Companies in Sri Lanka
• Urban Sustainability in North-East India: A Study through the lens of NER-SDG index
• Performance Assessment of Predictive Forecasting Techniques for Enhancing Hospital Supply Chain Efficiency in Healthcare Logistics
• The Fractured Self in Julian Barnes' Postmodern Fiction: Identity Crisis and Deflation in Metroland and the Sense of an Ending
• Impact of Flood on the Employment, Labour Productivity and Migration of Agricultural Labour in North Bihar