The evolution of the internet has opened up more vistas necessitating a paradigm shift from the crude means to a more sophisticated approach to daily living. This shift cut across various facets of life including technology, education, communication, movement, etc. This has lessened the complexities often encountered in performing tasks as artificial intelligence could be explored not only by humans but by organizations leveraging technology to seamlessly perform these tasks. One area of such advancement is manifested in the Internet of Things (IoT). Despite the obvious advantages of exploring IOT in today's world, there are very high legal issues and consequences surrounding its use and adoption. This piece aims to explain IoT, privacy risks to users, and the data privacy and protection considerations surrounding its adoption.


According to the International Association of Privacy Professionals (IAPP), IoT is a term used to describe the many devices that are connected to the internet. In other words, any device that is built with a network interface and can be assigned an IP address to allow for automation and remote access is an IOT. It has also been described as the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data1.

IoT can further be described as a system of interrelated computing devices, mechanical and digital machines, objects, animals, or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.2 Just as humans are connected to the Internet, the IOT technological platforms have the potential to connect animals or common utilitarian objects to the Internet. This could be in the form of a wheelchair with embedded computer chips, a farm animal with a biochip transponder, automated farming techniques, etc.

Nigeria's adoption of IOT technologies has been marked by an impressive growth trajectory. Smart home devices, wearable technology, industrial sensors, and connected vehicles are now becoming increasingly prevalent, therefore, enhancing various aspects of daily life and business operations. From monitoring energy consumption to improving healthcare delivery, IoT applications offer transformative benefits across sectors.


XYZ, a 25-year-old lady suffers from paralysis and is confined to a customized wheelchair with embedded computer chips for ease of mobility. She lives alone in an apartment specially designed to cater to her mobility needs as the doors, windows, and other appliances (including electrical gadgets such as refrigerators, cookers, etc.) were specifically embedded with computer chips capable of being operated by her while seated in her wheelchair. This implies that all the connected devices are capable of transmitting and storing information regarding the frequency of usage and XYZ's location.


While IoT presents numerous opportunities, it also presents distinct data privacy challenges. The nature of IOT involves the collection and exchange of vast amounts of personal and sensitive data. This includes information such as location data, biometric identifiers, and behavioral patterns. The decentralized nature of IOT systems and the vast amount of data generated make securing this information a complex endeavor.

In Nigeria, the Nigeria Data Protection Act (NDPA)1 serves as a cornerstone for addressing data privacy and protection concerns. The NDPA delineates principles and guidelines for lawful data collection, processing, and storage.2 Organizations are tasked with implementing stringent data protection measures and obtaining explicit consent from individuals whose data is processed.

Therefore, striking a harmonious balance between fostering IOT innovation and ensuring comprehensive data privacy and protection is paramount as the collaboration of government bodies, industry stakeholders, and cybersecurity experts is essential to develop tailored security standards and best practices that address the unique challenges posed by IOT environments.

While many individuals may not fully comprehend the extent to which their devices gather and transmit data, it is essential to raise public awareness about IOT capabilities, data privacy, and data protection. This can be done by way of educating users about their rights, potential risks, and ways to manage device settings and empowering them to make informed decisions about their personal information.


The Internet of Things holds immense promise for Nigeria's technological advancement, offering solutions that enhance efficiency and quality of life. However, the widespread integration of IOT devices necessitates robust data privacy protections. By embracing a multi-stakeholder approach, fostering regulatory compliance, and prioritizing user education, Nigeria can harness the benefits of IOT while safeguarding the privacy and security of its citizens' data. This balanced approach will be pivotal in shaping a connected future that respects individual rights and promotes technological progress.


1. The Nigeria Data Protection Act, 2023

2. See generally Sections 24 and 25 of the NDPA

1. Lexicon, 2019

2. (accessed November 1, 2021)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.