Attorney - Centurion Law Group
Defamation, Privacy and Data Protection
Contributor: Tamaraemi Jombai (Attorney, Centurion Law Group)
By this provision of the Constitution, the protection of information deemed to be private is a fundamental Human Right protected by the Constitution. Although the Nigerian Constitution provides for citizens’ rights to privacy, it is not clear the extent to which data privacy is guaran-teed under Nigerian law. Further, the 1999 Constitution does not have any provisions relating to defamation specifically.
At common law, anyone involved in the publication of a defamatory statement, no matter how slight, including a newspaper vendor who may be unaware but merely sells newspapers allegedly containing offensive materials, may be liable for defamation. However, in the 21st century, with the evolution of social media and/or digital platforms, such as Twitter, Facebook, Instagram, Amazon, Blogger, search engines, and other modes of online expression, there is a need to specifically address the issues and circumstances that may emerge as a result of these technologies.
Defamation, in law, is the act of communicating false statements about a person that result in damage to that person’s reputation. In Nigeria, defamation under the Criminal Code Act is de-fined as “defamatory matter likely to injure the reputation of any person by exposing him to hatred, contempt, or ridicule, or likely to damage any person in his profession or trade by any injury to his reputation.” While under the Penal Code Law, “whoever, by words either spoken or reproduced by mechanical means or intended to be read by signs or by visible representations makes or publishes any imputation concerning any person, intending to harm or knowing or having reason to believe that such imputation will harm the reputation of such person, is said to defame that person.”
There is a distinction in the definition because in Nigeria, the legislation operational in the southern part of Nigeria contains both state and federal offences and it is contained in a single document (the Criminal Code Act); while the Penal Code is operational in the northern part of Nigeria and it is not contained in a single document, rather in two separate documents. One is the “Penal Code Law” (this is for state offences like stealing, rape, arson, and murder), and the other is the “Penal Code (Northern States) Federal Provisions Act (No. 25 of 1960)” (this is for federal offences, like treason, sedition, and customs offences).
The Criminal Code Act and the Penal Code Law are the laws that provide for the offence of defamation.
From a civil standpoint, the remedies available in defamation are damages and, in some cases, injunctive relief.
An award of damages for defamation is essentially dependent on two factors: the seriousness of the defamatory imputation found to arise from the defamation and the extent of publication.
Occasionally, courts will issue injunctive relief to prevent the dissemination of more defamatory content. Injunctive relief may occasionally be given on an interim basis in order to prevent publication of the defamatory content or further publication where publication has commenced while the case is still under trial.
Generally, awards for damages are deemed to be sufficient. However, courts typically only provide injunctive relief in exceptional cases where it can be demonstrated that the right to free expression has already been or will be abused.
Defamation can take the form of slander or libel. For a claimant to succeed in an action for defamation, the claimant must be able to prove:
Under Section 392 of the Penal Code Law, any person who defames another shall be punished with imprisonment for a term that may extend to two years, or with a fine, or with both. The Penal Code Law further extends the punishment of any person who prints or engraves a matter knowing it to be defamatory with imprisonment for a term that may extend to ten years, a fine or both, while the sale of printed or engraved material containing defamatory matter is punished with imprisonment for a term that may extend to five years, with a fine, or both.
By the provisions of Section 375 of the Criminal Code Act, any person who publishes any defamatory matter is guilty of a misdemeanor and is liable to imprisonment for one year; and any person who publishes any defamatory matter knowing it to be false, is liable to imprisonment for two years. A defendant who publishes a defamatory matter with the intent to extort is guilty of a felony and is liable to imprisonment for seven years.
There are several defences that can be raised by a person who is sued for defamation. These defences can be raised by anyone accused of either libel or slander. The defences available to a person sued for defamation are;
The publication of defamatory matter is not an offence if the publication is, at the time it is made, for the public’s benefit and if the defamatory matter is true. Until it is clearly established that an alleged libel is untrue, it will not be clear that any right at all has been infringed. Under a plea of justification, the onus is on the defendant to show that the alleged defamation is true. It is appropriately described in the Latin maxim “damnum absque injuria”. A defence of justification is therefore a complete bar to any relief sought by a party who complains of defamation.
A defendant will only be successful with the defence of fair comment if they can show that they expressed their opinion in good faith based on facts truly stated on a matter of public interest.
In order for a defendant to be availed of defence of fair comment, the following conditions must be present:
(a) It must be based on facts truly stated
(b) It must be an honest expression of the writer’s real opinion
(c) It must not contain insinuations of corrupt or dishonourable motives on the person whose conduct or work is criticised save in so far as such imputation is warranted by facts
Privilege is either absolute or conditional. The former protects the speaker or publisher without reference to his motives or the truth or falsity of the statement. This may be claimed with respect, for instance, to statements made in performance of a political, judicial, social, or personal duty. Conditional or qualified privilege will protect the speaker or publisher unless actual malice and knowledge of the falsity of the statement is shown.
By the provisions of Section 9 of the Limitation Act, Abuja and Section 10 of the Limitation Law, Lagos, an action claiming damages for slander must be commenced within 3 (three) years of its occurrence.
Both laws only make provision for a limitation period for Slander specifically and is silent on the limitation period for an action for damages for Libel.
In Nigeria, there is no one single piece of legislation that establishes the legal framework for the protection of the privacy of an individual. The 1999 Constitution of the Federal Republic of Nigeria (as amended) provides Nigerian citizens with a fundamental right to privacy. Section 37 of the Constitution guarantees privacy protection to citizens in their homes, correspondence, telephone conversations, and telegraphic communications.
The constitution (as amended) does not list privacy as an item under the exclusive, concurrent, or residual legislative lists. The implication of this is that both the federal and state legislature can legislate on privacy matters within the country. Following this, the Lagos State Legislature (for example) enacted the Law Reform (Torts) Law, Ch. L82 Laws of Lagos State 2015 (Law Reform (Torts) Law) which provides for the invasion of privacy and the remedies available.
Section 29 of the law provides that:
“(1) Anyone who intentionally intrudes, physically or otherwise, on the solitude or seclusion of another or private affairs or concerns, is liable for invasion of privacy, if the intrusion would be highly offensive to a reasonable person.
(2) Anyone who uses the name or likeness of another in a manner and to an extent which suggests to a reasonable person an intention to appropriate the name and likeness of another or that is associated with another is liable to damages.
(3) Anyone who publicizes a matter concerning the private life of another is liable for invasion of privacy, if the matter publicized is of a kind that:
(a) Would be highly offensive to a reasonable person and (b) is not of legitimate concern to the public.”
The law goes further in section 31 by providing for remedies thus:
“The remedies that a Court may grant in an action for invasion of privacy includes:
(c) Order directing the defendant to account to the claimant profits that have accrued or may later accrued to the defendant because of the invasion of privacy
(d) Order directing the defendant to deliver to the claimant any material, article, photograph or documents that have come into the defendant’s possession because of violation of privacy and
(e) Any other appropriate order or relief.”
The Limitation of Actions Act 2004 (as modified) and the applicable state limitation laws specify the limitation period within which legal actions must be filed or begun from the day the injury or omission that resulted in the damage or loss occurred. The prescribed limitation period for instituting an action for invasion of privacy under the Law Reform (Torts) Law, is three years from the date on which the cause of action accrued or the date (if later) on which the claimant be-came aware, or should reasonably have become aware, of the damage, the defect, and the identity of the producer (Section 24 of the Law Reform (Torts) Law).
Although the Limitation of Actions Act 2004 does not provide a limitation period for an action for invasion of privacy, the Law Reform (Torts) Law states that the statutes of limitation will apply to a tort action brought under the act subject to the provisions of section 24 of the Law Reform (Torts) Law.
Although the 1999 Constitution of Nigeria provides for the protection of privacy as a fundamental human right in Nigeria, the Constitution does not define the scope of “privacy” or contain detailed privacy provisions. However, there are a number of pieces of legislation that make different provisions for data protection matters for residents of Nigeria, as well as Nigerian citizens abroad as defined by the Nigeria Data Protection Regulation (“NDPR”) issued by the National Information Technology Development Agency (“NITDA”).
The legislation that provides for data protection in the different sectors of the economy include:
(I). The National Information Technology Development Agency (NITDA) Act 2007 and the Nigeria Data Protection Regulation (NDPR) 2019. In 2020, NITDA also issued an Implementation Framework in respect of the NDPR as well as Guidelines for the Management of Personal Data by Public Institutions in Nigeria to regulate personal data processing within public institutions. These laws form the primary legislative outline that establishes the standards, guidelines, and frameworks for the development, standardisation, and regulation of information technology practices in Nigeria.
The NITDA Act provides that no person or corporate body shall have access to data or information contained in the database with respect to a registered individual entry with-out the authorisation of the Commission.
(II). The Child Rights Act 2003 (Section 8) protects the privacy, family life, home, correspondence, telephone conversation, and telegraphic communications of every child (persons under the age of 18 years) in Nigeria.
(III). The National Health Act 2014 (“NHA”) provides the legislative framework for the regulation, development and management of a national health system and sets standards for rendering health services in Nigeria. The NHA further provides the requirement for health care providers to keep the health records of every user of health services with an obligation on the health care provider to maintain the confidentiality of a user’s information, imposes restrictions on the disclosure of a user’s information, and requires the person in charge of health establishments to set up control measures for preventing un-authorised access to information. The NHA covers all data relating to a patient’s health care, treatment, and admission to a medical facility, as well as DNA samples taken by a medical facility.
(IV). The Freedom of Information Act, 2011 (“FOI Act”) seeks to protect the personal privacy of persons. Section 14 of the FOI Act provides that a public institution must deny an application for information that contains personal information unless exempted under this section, the person consents to it, or the information is publicly available. Section 16 of the FOI Act provides that a public institution may deny an application for disclosure of information that is subject to various forms of professional privilege conferred by law (such as lawyer-client privilege, health worker-client privilege, etc.). Section 26 of the Act restricts the Act from applying to information relating to:
(V). The Nigerian Communications Commission (Registration of Telephone Subscribers) Regulations 2011, issued by the Nigerian Communications Commission (“NCC”), provides that the information of subscribers contained in the Central Database of the NCC is to be held on a strict confidentiality basis and no person or entity shall be allowed ac-cess to any subscriber’s information that is on the Central Database except as pre-scribed by the Regulation (Sections 9 and 10 of the Regulation). The Regulation further provides telephone subscribers with a right to view and update personal information held in the NCC’s central database. Under the regulations, there are penal sanctions for misuse of the database (Section 21 of the Regulation).
(VI). The National Identity Management Commission (“NIMC”) Act creates the National Identity Management Commission (NIMC) which was created to establish and manage a National Identity Management System (“NIMS”) in Nigeria. NIMC is responsible for enrolling citizens and legal residents, creating and operating a National Identity Database and issuing unique national identification numbers to qualified citizens and legal residents. Section 26 of the NIMC Act provides that no person or corporate body shall have access to data or information in the Database with respect to a registered individual without authorisation from the NIMC. The NIMC is empowered to provide a third party with information recorded in an individual’s database entry without the individual’s consent, provided it is in the interest of national security.
(VII). The Consumer Code of Practice Regulations 2007 (‘the NCC Regulations’) were issued by the regulator of the telecommunications industry in Nigeria, the Nigerian Communications Commission (‘NCC’). The NCC Regulations provide that all licensees must take reasonable steps to protect customer information against improper or accidental disclosure and must ensure that such information is securely stored and not kept longer than necessary. It also provides that customer information must not be transferred to any party except to the extent agreed with the customer, as permitted or required by the NCC or other applicable laws or regulations.
(VIII). The Central Bank of Nigeria (CBN)‘s Consumer Protection Framework was enacted pursuant to the CBN Act 2007. CBN is the regulator of all banks and other financial institutions in Nigeria. The broad objective of this framework is to enhance consumer confidence in the financial services industry and promote financial stability, growth, and innovation. The Framework includes provisions that prohibit financial institutions from disclosing customers personal information and requires that financial institutions have appropriate data protection measures and staff training programs in place to prevent unauthorised access, alteration, disclosure, accidental loss, or destruction of customer data.
Paragraph 2.6 of the Framework provides for protection of consumer assets and privacy and also instructs financial institutions to take appropriate measures to guarantee protection of consumer assets and privacy.
Also, it directs that a consumer’s financial and personal information shall be protected at all times and shall not be released to a third party without the consent of the consumer, except as required by law.
(IX). The Cybercrimes (Prohibition, Prevention, Etc.) Act 2015 provides an effective, unified, and comprehensive legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. This Act ensures the protection of critical national information infrastructure, and promotes cybersecurity and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property, and privacy rights.
The Act directs that service providers shall keep all traffic data, sensitive information, and subscriber information with due regard to the individual’s constitutional right to privacy and shall take appropriate measures to safeguard the confidentiality of the data retained, processed, or retrieved. By the Act, any person who contravenes any of the provisions of the Act commits an offence and shall be liable on conviction to the sanctions prescribed by the Act for the offence committed (Part III of the Act).
(X). The Credit Reporting Act 2017 was established to promote access to accurate, fair, and reliable credit information and to protect the privacy of such information, and facilitate credit information sharing. Section 5 of the Act requires that credit bureaus maintain credit information for at least 6 years from the date that such information is provided to them or, if later, from the date on which it last provided such information to a credit in-formation user, after which such credit information shall be archived for a further period of 10 years and may thereafter be destroyed by the Credit Bureau. Section 9 of the Act provides the confidentiality rights of data subjects (i.e. persons whose credit data are held by a credit bureau) to privacy, confidentiality, and protection of their credit information. Section 9 further prescribes instances in which the credit information of the data subject may be disclosed.
Contributor: Tamaraemi Jombai
Centurion Law Group (Nigeria)
122 Awolowo Road
The material in this Guide is for general information only and does not constitute legal advice. The content of this page is accurate as at January 2024.
SEE MORE INTERNATIONAL MEDIA LAW GUIDES