Social Media Platforms May Be Compelled to Open Offices in Nigeria Under New Law

A newly proposed piece of legislation in Nigeria, which has successfully passed its first reading in the Senate, is set to significantly impact how social media platforms, data controllers, and data processors operate within the country. The Bill, sponsored by Senator Ned Nwoko of Delta North, seeks to mandate these entities to establish physical offices within Nigeria’s territorial boundaries, enhancing compliance with data protection laws and improving the security and economic landscape of the country.

The full title of the Bill is “A Bill for an Act to Alter the Nigeria Data Protection Act, 2023, LFN, to Mandate the Establishment of Physical Offices within the Territorial Boundaries of the Federal Republic of Nigeria by Social Media Platforms and for Related Matters.” The Bill aims to reinforce Nigeria’s commitment to global data protection standards and ensure better accountability from international tech platforms that operate within the country. At the same time, it seeks to create a more robust mechanism for addressing complaints and resolving issues quickly, which will ultimately foster trust among stakeholders and users of digital services.

One of the core provisions of the Bill is that the Nigeria Data Protection Commission (NDPC) will have the authority to require all entities involved in data processing—such as data controllers and data processors, as well as operators of social media platforms—to set up and maintain a physical office within Nigeria. This office must be fully functional and staffed to ensure these entities can engage with the relevant regulatory bodies, respond to inquiries, and fulfill their operational and legal obligations. The failure to comply with this requirement for a continuous period of 30 days would result in the entity being prohibited from conducting operations in Nigeria, ensuring a strict enforcement mechanism.

By mandating the establishment of local offices, the Bill aims to ensure that international companies with significant digital footprints in Nigeria are held accountable within the country’s jurisdiction. These companies will be subject to Nigerian laws, regulations, and governance structures, which will enhance data protection, improve transparency, and provide a clear avenue for addressing grievances from Nigerian users. This local presence is intended to help bridge the gap between global tech companies and local users, ensuring that the latter’s privacy and data rights are not overlooked in the digital ecosystem.

The Bill also proposes amendments to the Nigeria Data Protection Act (NDPA) of 2023, with particular focus on the definitions of “Data Controllers” and “Data Processors.” Data Controllers, according to the proposed amendment, are entities that determine the purpose and means of processing personal data, and they bear the legal responsibility for ensuring that data protection laws are followed. This includes making decisions about how data is collected, used, and stored. Data Processors, in contrast, are entities that process personal data on behalf of Data Controllers. They are required to act solely on the instructions of the Data Controller and do not have control over the purposes or methods of processing the data.

The term “Physical Offices” is also clarified within the Bill. A physical office, as defined, refers to a permanent, operational business location within Nigeria that can be used by these entities to interact with regulators, the public, and other relevant stakeholders. This office must be sufficiently staffed with employees who are authorized to handle legal and operational issues on behalf of the company, further ensuring that these entities can fulfill their legal and regulatory obligations. This provision is designed to ensure that companies are not simply outsourcing operations to external jurisdictions but are directly engaging with Nigerian authorities and customers.

The Bill also highlights the responsibilities of “Operators of Social Media Platforms,” which refers to any entity that owns, manages, or controls a digital platform that facilitates user interaction, content sharing, or communication. By including social media operators under this mandate, the Bill seeks to ensure that platforms such as Facebook, Twitter, Instagram, and other widely used digital platforms are more accountable for the data they collect and how they interact with Nigerian users. These operators, too, will be required to establish a physical office within Nigeria to continue operating in the country, making them more accessible to local regulators and ensuring compliance with Nigerian data protection laws.

Senator Nwoko, in presenting the Bill, stressed that its introduction would significantly enhance Nigeria’s regulatory framework in terms of data protection and digital governance. By requiring international digital platforms and entities to set up a local presence in Nigeria, the country would be better positioned to ensure the privacy and security of its citizens’ personal data. This measure is also seen as a step toward aligning Nigeria’s digital governance with international best practices, making the country more attractive to foreign investments while simultaneously protecting the rights of Nigerian consumers.

The Bill is not just about data protection; it is also an effort to boost Nigeria’s digital economy by ensuring that international tech companies contribute more directly to the local economy. By establishing physical offices, these companies will be encouraged to invest in Nigerian infrastructure, create jobs, and contribute to the broader economic development. Moreover, it ensures that Nigeria maintains oversight of global tech platforms, which increasingly influence local markets, politics, and society.

In addition to its focus on data protection, the Bill aims to enhance security and efficiency within the Nigerian digital ecosystem. It provides a more transparent and accountable framework that can be relied upon by both local users and international tech companies. The requirement for a local presence in Nigeria ensures that global companies are not operating in a regulatory vacuum but are instead required to comply with Nigerian laws, regulations, and security standards.

By advancing this Bill, Nigeria is taking a crucial step toward a more secure, transparent, and equitable digital future. The Bill’s potential impact is vast: it could significantly reshape the landscape of data protection, increase foreign investment, and provide greater protection to Nigerian users. As such, the Bill stands as a critical piece of legislation in ensuring Nigeria is well-positioned in the global digital economy while safeguarding the interests and privacy of its citizens.