Symposium on the Economic Impacts of Data Localisation in Africa: The Economic Impact of Data Localisation Policies on Nigeria's Regional Trade Obligations


May 18, 2022


The unrestricted movement of data is a key enabler of the digital economy. However, the development of data protection and data localisation policies is becoming one major area of concern for international trade and investment. Among the mechanisms for protecting individuals is data localisation. This requires that data or a copy thereof (both personal and non-personal) should only be stored and processed locally and should not be exported for processing. The import of this, for instance, is that all data generated within Nigeria must be confined to the boundaries of Nigeria, effectively restricting the flow of data. While localisation of data has significant economic and social benefits, it is also associated with several unintended (negative) consequences, especially from an economic perspective. This is especially true for developing countries like Nigeria that is moving towards greater data localisation with several policies skewed in that direction. This contribution briefly examines the implications of Nigeria’s increasing move towards data localisation on its regional obligations for the promotion of free trade in Africa.

Data Protection, Data Localisation and Nigeria’s Digital Economy

The Nigerian government faces a need to re-orient its oil-based economy and integrate digital technology to restructure its economy. Therefore, recent trends have seen the introduction of economic policies and investments channeled towards developing ICT capacity and infrastructure necessary for facilitating digital economy among local and international trade partners. It is in line with this that the Nigerian Government re-named the Federal Ministry of Communications as the Federal Ministry of Communications and Digital Economy to influence Nigeria’s digital economic policy and strategy and has pushed several other similar initiatives.

Apart from the Nigeria Data Protection Regulation (NDPR) with its potential data localising effect, the National Information Technology Development Agency (NITDA) has also pushed for data localisation through various legal instruments. It recently published its privacy policy to guarantee the privacy rights of all persons whose personal information are in the database of the agency. The policy also addresses “clear negative trade balance” in the IT sector by setting a target of 50% local content threshold for goods and services in the IT sector. To further this objective, NITDA introduced several measures purportedly to encourage indigenous innovation. The first measure is the release of the Guidelines for Nigerian Content Development in Information and Communications Technology (ICT) 2013. These Guidelines require all indigenous original equipment manufacturers to assemble all hardware in Nigeria and maintain fully staffed facilities for that purpose. It also requires all telecommunications companies to host all subscriber and consumer data in Nigeria. Furthermore, all network service companies are required to host all subscriber and consumer data in Nigeria. To ensure data sovereignty, the Guidelines made further provisions which require that all ministries, departments, and agencies (MDAs) in Nigeria to host websites locally and under a registered ‘’ domain. Similarly, all data and information management companies must host all sovereign data in Nigeria, and MDAs shall host all sovereign data on local servers within Nigeria.

In 2019, NITDA introduced another initiative with a potential data localising effect with the release of National Cloud Computing Policy issued pursuant to Section 6 (a-c) of the NITDA Act. While this policy encourages cross-border data flows, it requires that ‘agencies must do so in line with the requirements of the Nigerian Data Protection Regulation and any other content regulation. Thus, federal public institutions are only to contract cloud service providers that will store data in a jurisdiction that provides a level of data protection that is deemed equivalent to that of Nigeria based on guidance provided by NITDA.

At a regional and international level, Nigeria signed the AfCFTA in July 2019 and ratified the Agreement on 5th December 2020. The Agreement is aimed at increasing intra-African trade by creating a liberalised market and delivering a wide-ranging and constructive trade agreement among the member states. The main objectives of the AfCFTA is to create a single market and promote free trade on the continent. AfCFTA has, indeed, eased the flow of services and information among member-countries and its resultant effect is that there is an obligation on each member-state to ensure the free flow of data, including personal data of their citizens, to other member-countries. This is especially necessary for digital trade and e-commerce. Invariably, this creates a sharp contrast between the objectives of AfCFTA and Nigeria’s data localisation policies. Thus, the data protection frameworks in Nigeria must be compatible with the international trade regime if it is to benefit from the global digital economy under the several bilateral and multilateral trade agreements to which the country is a party.

The Malabo Convention is another instrument, which creates trade obligations for Nigeria but is yet to be signed or ratified by Nigeria. Indeed, issues of cybercrime and cybersecurity has become worrisome in Africa. Specifically, cybercrime and cybersecurity could also be a trade barrier because it creates lack of trust in an e-commerce platform. This fact is recognized even in the Convention's preamble where it provides that the major obstacles to the development of electronic commerce in Africa are linked to security issues. The Malabo Convention therefore encourages AU member states to recognise the need to protect personal data and to encourage free flow of information to develop a credible digital space in Africa. This convention is brought about by the increase in international trade, international relations and cybercrime, which are all direct results of advancement in ICT.

ECOWAS is mindful of the need to promote regional trade among member states and has recognized the fact that issues of data protection could be an obstacle to this goal. It is in the light of this that the ECOWAS Supplementary Act on Data Protection (2010) was adopted. The Supplementary Act directly applies in member states and it creates an obligation on members to ‘establish a legal framework of protection for privacy of data relating to the collection, processing, transmission, storage, and use of personal data without prejudice to the general interest of the State.’ There is very little activity surrounding the implementation or actualisation of the Act. However, it remains a formidable instrument that balances data privacy of citizens of the member states with trade liberalization objectives of the community.

The Effect of Nigeria’s Data Localisation Policies on its Trade Liberalization Obligations

The efforts at the domestic level to develop Nigeria’s digital economy must be matched with a sustained commitment to its regional obligations. No nation can effectively develop today without paying a close attention its digital economy. Nigeria’s increasing move toward greater localisation of data affects its commitment under international and regional frameworks in the following crucial ways.

First, data localisation is a key barrier to digital trade. Indeed, traditional services can now be transacted across borders through digital means. However, data is the hallmark of any digital transaction and where there are restrictions to the availability of data, this would cause a clog in the wheel of digital trade. Consequently, Nigeria’s obligation to guarantee free trade under relevant treaties could be affected by its strict data localisation measures.

In addition, data localisation may cause “protectionist barriers that increase the cost of doing business in a country or region.” For instance, because of the threats data localisation portends to American businesses, the US government has built safeguards against data localisation. Data localisation policies have a tendency to restrict market accessibility, and this is against the free trade obligation to allow unhindered access to the Nigerian markets, including e-markets. For a country like Nigeria struggling to diversity its economy, data localisation significantly impacts trade in both goods and services.

More broadly, some observe that ‘data localisation requirements could actually increase privacy risks by requiring data to be stored in single centralised locations that are more vulnerable to intrusion.’ Localisation of data can cause unnecessary regulation of citizens since the government can easily control and monitor the data of citizens. Where data localisation policies are too restrictive, it will have negative impacts on investments when there are too many administrative hurdles to cross in obtaining relevant data necessary for trade. And this would be against the free trade agreements intended to guarantee cross-border trade with no form of hindrance.


There is now a global recognition of the significance of a strong digital economy for the development of the country. This is only recently being appreciated by emerging economies such as Nigeria. Digital trade is one aspect that countries such as Nigeria should take seriously. Data localisation is, without a doubt, a significant non-tariff barrier to international trade and development and this has a severe impact on the growth and development of the economy. It is apposite to state that localisation of data has some good justifications. Indeed, even the UN in a recent report has advised developing countries to restrict data flow for a variety of reasons including protection of its citizens, security, and economic reasons. However, these justifications must be reconciled with Nigeria’s commitment under international and regional treaty frameworks of liberalizing trade.