BIG TECH, BIG RISK: REGULATING INTERNATIONAL TECH GIANTS UNDER NIGERIA’S CYBER AND DATA PROTECTION LAWS

Abstract

This paper examines the regulatory challenges posed by international technology giants, commonly referred to as “Big Tech,” operating in Nigeria, with a particular focus on data protection and cybersecurity. Companies such as Meta, Google, Apple, and Amazon collect and process vast amounts of personal data, creating significant risks including privacy breaches, unauthorised data use, market dominance, and potential threats to national security. Using a doctrinal research approach, the study critically analyses Nigeria’s legal framework, including the Nigeria Data Protection Act (NDPA) 2023, the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (as amended 2024), and related regulations from the Nigeria Data Protection Commission (NDPC), National Information Technology Development Agency (NITDA), and Nigerian Communications Commission (NCC). The analysis identifies gaps in enforcement, jurisdictional limitations, regulatory overlaps, and low public awareness, which constrain the effectiveness of existing laws in regulating foreign tech companies. The paper also examines the compliance obligations of Big Tech, encompassing data protection, cybersecurity, consumer protection, and digital taxation, and provides practical examples of non-compliance in Nigeria and beyond. Drawing on these findings, it proposes targeted legal and policy reforms, including mandatory data localisation for sensitive information, appointment of local regulatory representatives, enhanced enforcement powers, algorithmic transparency, and international cooperation. By addressing these challenges, Nigeria can establish a regulatory framework that ensures accountability of international tech companies while fostering innovation, economic growth, and the protection of users’ rights. The study contributes to the discourse on digital governance in Africa, providing actionable insights for policymakers, regulators, and stakeholders as they navigate the balance between global digital engagement and local legal standards.