When towards the end of the last decade,
tax payers in Lagos state, Nigeria woke up to the sensational news of the
admitted data breach on the payment portal of Lagos Internal Revenue Service –
the state’s tax collection agency – one would have thought that, the Service
would have been bombarded with a myriad of law suits for such unprecedented
“invasion of privacy” but the Country’s extant laws, with the exception of the
Nigeria Data Protection Regulation (NDPR), which is, at best, fairly managing
to gain traction, is largely  believed to
be devoid of express provision on “invasion of privacy”

Having reviewed a couple of legal
articles and papers on the tort of invasion of privacy in Nigeria, the common
denominator seems to be the unconscious omission of the provisions of our local
statutes on torts, in exclusive favour of the common law of England from where
we inherited our jurisprudence on tort.

This repeated snub may however not be
unconnected with the widespread misconception that, the solitary source of our
law of torts is the common law of England thereby leading to the under-utility
of the texts of indigenous statutes that expressly and comprehensively make
provision for the tort of invasion as far back as 1961 when the Torts
Laws of Western and Eastern Nigeria
were enacted.

On the consciousness of our courts to
statutory (general) torts, as early as 1986, the Supreme Court in the decision
in Nasiru Bello v A.G. Oyo State (1986)
5 NWLR at page 828
took cognizance of the Torts Laws of Western Nigeria
which has now been codified into the Torts Law of Oyo State 1978. The

Worthy of mention however, is the recent
decision in Portland Paints &
Product Nig. Ltd v Mr. Jimmy Olaghere (2019) 2 NWLR (pt. 1657) 569
the Respondent sued the Appellant before the High Court of Lagos State for
breaching his privacy as a tort, but neither cited nor relied on the only law
that provides for “invasion of privacy” as a tort in Lagos State, although
trial court and Court of Appeal ruled in the Respondent’s favour, the golden
opportunity to utilize the Law of Lagos State on invasion of privacy was
momentarily lost.

For the avoidance of doubt, section 29 of
the Law
Reform (Torts) Law, Ch. L82 Laws of Lagos State 2015
provides that:

29. Invasion of privacy                                                                             “(1)
Anyone who intentionally intrudes, physically or otherwise, on                           the solitude or
seclusion of another or private affairs or concerns,                            is liable for invasion of privacy, if the
intrusion would be highly                         offensive
to a reasonable person.

(2) Anyone who
uses the name or likeness of another in a manner and to an extent which
suggests to a reasonable person an intention to appropriate the name and
likeness of another or that is associated with another is liable to damages.


(3) Anyone who
publicizes a matter concerning the private life of                         another
is liable for invasion of privacy, if the matter publicized is                      of a kind that:

Would be highly offensive to a reasonable person and                           (b) is not of legitimate concern to the

The law goes further in section 31 by
providing for remedies thus:

31. Remedies                                                                                        
“The remedies that a Court may grant in an action for invasion of    privacy includes:

(a)  Injunction.

(b)  Damages

(c)  Order directing
the defendant to account to the claimant profits that have accrued or may later
accrued to the defendant because of the invasion of privacy:

(d)  Order directing
the defendant to deliver to the claimant any material, article, photograph or
documents that have come into the defendant’s possession because of violation
of privacy and

(e)  Any other
appropriate order or relief.”

While reading subsection 3 of section 29
above, what readily came to mind was the wanton exposure of tax payers’ data by
the Lagos State Internal Revenue Service
and the data breach allegedly suffered by SureBet 247 which all seemed to have
gone without consequences, either under the extant Nigeria
Data Protection Regulation
(NDPR) or other relevant legislations.

This author is of the view that with or
without the Nigerian Data Protection Regulation (NDPR), the provisions of
sections 29 and 30 are comprehensive enough to be taken advantage of, for tortious
claims bordering on all kinds of privacy invasion (including data breach), and
same could be used to supplement and/or complement the new privacy regulations issued
to cater for the increasing privacy concerns in Lagos State and Nigeria as a

the managing partner of Olumide
Babalola LP
(a licenced Data Protection Compliance Organization) writes
from Lagos State, Nigeria.