Data Privacy: Unsolicited Messaging and The Limits of Opt-Out Provisions

In recent years, there has been a global surge in the enactment and awareness of data protection and privacy laws. While drawing comparisons to similar provisions in other jurisdictions, this article by TEMPLARS Partner, Ijeoma Uju, and Associates, Nafisa Haliru and Ruqayyatu Umar, examines the legal framework in Nigeria, especially regarding the rights to object and opt-out, and analyses the limitations of opt-out provisions in unsolicited emails and SMS.

Nigeria has taken significant steps by enacting the Nigeria Data Protection Act (NDPA), 2023 through the Nigerian Data Protection Commission (NDPC). The NDPA aligns with global data protection standards and safeguards citizens’ fundamental right to privacy under the Constitution of the Federal Republic of Nigeria, 1999. Despite this, significant challenges persist, particularly the widespread violation of the right to opt-out by data controllers and processors.

The recent judgment of the High Court of Lagos State in Tokunbo Olatokun v Polaris Bank Limited, demonstrates the limitations of opt-out provisions. Data controllers must implement systems that promptly process these requests, or they could face severe penalties under the NDPA. To ensure compliance and avoid potential fines, businesses must treat data protection as an opportunity to build trust with customers and prioritize privacy rights.

View full publication