Fingerprint Generated Data: An Evaluation of the Efficacy of the Nigerian Data Protection Regulation

There has been an upsurge in the use of fingerprint recognition in Nigeria. However, an assessment of its usage suggests varying degrees of non-compliance with (Nigerian) data protection law. In January 2019, the National Information Technology Development Agency (NITDA) issued the Nigerian Data Protection Regulation (NDPR), which is the first comprehensive regulatory instrument on data protection law in Nigeria. Over a year after its coming into force, this article examines the effectiveness of the NDPR by using its ability to regulate fingerprint generated data as a metric for achieving this purpose. Two specific case studies are used to highlight the regulatory impact of the NDPR on the protection of personal data in Nigeria. Recommendations which are geared towards improving the NDPR are made as deemed necessary. This article considers the processing of fingerprint data in the private sector and, by extension, non-law enforcement sectors of the Nigerian State.