As the world commemorates Data Privacy Week, under the theme “Take Control of Your Data”, Paradigm Initiative (PIN) applauds countries that have enacted or amended their data protection legislation over the past year to safeguard individuals’ privacy rights. Data Privacy Week commemorates the signing of Convention 108 on January 28, 1981, which was the first legally binding international treaty on privacy and data protection.
Djibouti, the Gambia, and Burundi enacted data protection legislation in June 2025, September 2025, and January 2026, respectively. We acknowledge Botswana, whose law came into force in January 2025, and Algeria, which amended its data protection law in July 2025 to include obligations regarding the appointment of Data Protection Officers. Beyond the adoption of data protection laws, PIN urges all relevant data protection authorities to ensure the implementation of laws safeguarding data privacy and to guarantee the enforcement of data protection laws to safeguard data subjects’ rights.
Through its work, PIN has challenged rights violations in 2024, in Nigeria, where unauthorised websites claimed to hold and provide access to sensitive personal and financial data of Nigerian citizens for as little as 100 Naira. In 2024, following PIN’s strategic litigation efforts, the United Bank of Africa (UBA) PLC in Nigeria was ordered to pay its customer N 8,000,000 for gross violation of her right to data privacy by unilaterally opening a domiciliary account for Miss Folashade Molehin without her consent. In 2025, the Federal High Court in Abuja, Nigeria, delivered a precedent-setting judgment against Domino’s Pizza, a restaurant chain owned and operated by Eat’n’Go, for using a customer’s data for direct marketing purposes. The court established that the restaurant’s usage of the applicant, Chukwunweike Araka Akosa’s data for direct marketing purposes was unlawful and violated Section 37 of Nigeria’s Constitution and Sections 25 and 26 of the Nigeria Data Protection Act, 2023.
Akosa was awarded N3,000,000 (Three Million Naira) upon establishing that the restaurant sent him direct unsolicited marketing messages via his phone without his consent. The case was reported through Paradigm Initiative’s Ripoti Platform, after which the organisation supported the applicant’s legal redress. Through Ripoti, PIN documents, responds to and addresses digital rights violations including data privacy breaches in Africa and is interested in supporting victims through pro-bono legal representation and other forms of support to protect victims of digital rights violations.
Despite these strides, the absence of robust data protection legislation in countries like the Democratic Republic of Congo (DRC), Mozambique, South Sudan, Sudan, Guinea-Bissau, Eritrea and Western Sahara poses significant risks to individual data privacy. The existence of such laws signals progressive steps towards safeguarding privacy rights. PIN calls on countries without data protection laws, including Liberia, Namibia, Sierra Leone, Mozambique, and Libya, to enact laws and policies to safeguard the rights of data subjects.
//ENDS//