Sports Betting and Data Protection in Nigeria: Cybersecurity and Privacy Rights in Nigerian Gaming Industry

Based on statistics, around 66% of people in Nigeria have made a bet on a sporting event at least once in their lives. That is a significant amount of gambling. Online gaming is massive and developing at a breakneck pace. By 2023, it is predicted to expand to a worldwide industry of 93 billion dollars.


This rapidly expanding sector of gaming law has implications for cybersecurity, data protection, and individual rights to privacy. Legalized sports betting rapid expansion, as well as igaming, mobile gaming, daily fantasy sports (DFS), and competitive video gaming (esports), has produced both possibilities and problems for the lawyer.


Online and mobile platforms for sports betting and daily fantasy sports, as well as team trademarks and esports game design, create concerns of intellectual property, data collecting and reporting, data ownership, protection, and privacy, and assuring data security.


These issues are becoming more entwined with the dynamic field of digital currencies and cryptocurrencies, blockchain technology and transactions, and compliance inside and beyond local and international governments.


Annual gross gaming yield (the amount gambling facilities get after payments) has been estimated to exceed $400 billion . And, while it may appear as though the sports betting sector has exploded into mainstream society, this was not always the case.


Prior to betting becoming legal, the sports betting sector was relegated to seedy pubs, basements, and back alleys. Sports betting was notorious for its involvement in illicit activity and was inextricably linked to organized crime. However, it appears as though the legality of online sports betting has not deterred attempts to launder huge sums of money.


Hacking, cyberattacks, and viruses have evolved into a constant battleground for mainstream betting platforms. What was originally associated with localized, targeted criminal attacks has evolved into a global risk for betting platforms.


The gambling business has traditionally placed a premium on data security. The gaming business relies on computer systems for a variety of activities, including controlling gaming devices, securing gaming floors, and collecting and storing player data, all of which can be targets for hackers and cheaters. Data protection is more critical than ever with the recent proliferation of regulated sports betting.



Sports Betting and Data Protection in Nigeria

Cybersecurity experts warn of the dangers posed by the projected volume associated with sports betting, both legal and criminal. While money laundering and theft are problems, so are data breaches involving user information, which may prove to be considerably more important — and detrimental — in the long run for both user and operator.


Bettor’s date of birth, Social Security number, physical and email addresses, and other personally identifiable information may be requested. Additionally, they may be forced to establish accounts that include financial and banking information, as well as passwords and security questions. Customer behavior and preferences may be recorded via players club cards and mobile applications. Age (often via date of birth) and location data are also gathered for online and mobile betting.



However, sports Betting Generates Additional Useful Data: Sports Data.

Not only do sports books accept betting on the game’s outcome (win or moneyline), but also on the score (over/under, point spread) and special events (proposition bets, such as whether the game will go into overtime or whether a particular player will score a touchdown). In-play or live betting enables bettors to place bets following the start of an event and continuing until it concludes. The odds on all of these bets are determined by sports statistics on individuals, teams, competitions, and leagues. The credibility of regulated sports betting is contingent upon the protection of sports data.


As technology advances, gaming platforms must assure their users’ online safety and security. After all, a multibillion-dollar industry cannot afford to have its platforms jeopardized. There are several ways for a person to attack a website, and the intensity of the assault is dependent on the platform’s online security.



Data Protection Laws Applicable in Nigeria

While data protection, data privacy, and breach notification are all acknowledged as key facets of cybersecurity law, regulation, and policy in Nigeria, these concerns are yet to be addressed in any comprehensive legislation.   In Nigeria, data protection is a fundamental right established by Section 37 of the Federal Republic of Nigeria’s 1999 Constitution (as amended) (‘the Constitution’). 


Nigeria’s primary data protection regulation is the Nigerian Data Protection Regulation, 2019 (‘NDPR’). The National Information Technology Development Agency (‘NITDA’) released the NDPR. The NDPR clarified the constitutional idea of data protection. The NDPR regulates data subjects’ rights, data controllers’ and data processors’ duties, and data transmission to a foreign jurisdiction, among other things. Although other legislations, as indicated below, included data protection measures, the NDPR serves as a starting point for comprehending Nigeria’s data protection environment.


The Constitution

Section 37 of Nigeria’s 1999 constitution lays the groundwork for the country’s data privacy rights and protection. Section 37 preserves and safeguards Nigerians’ right to privacy in their residences, mail, telephone calls, and telegraphic communications. It considers privacy to be a basic right in this regard, enforceable in a court of law when violated. Prior to the NDPR, the majority of instances involving data privacy violations were prosecuted under this clause.



2019 Nigeria Data Protection Regulation (NDPR)

The NDPR is the primary law addressing data privacy and protection in Nigeria. The National Information Technology Development Agency (NITDA) released the regulation in 2019 to thoroughly govern and manage the usage of data in Nigeria. The regulation, which is a copycat of the EU GDPR, addresses data processing principles, the requirement of Data Compliance Officers, the requirement of data subject consent for data collection and processing, the requirements for international data transfers, and the rights of data subjects, among other things. Additionally, it establishes sanctions for non-compliance with the regulation.



The Freedom of Information Act 2019

Personal data are protected under Section 14 of the Freedom of Information Act. It prohibits public entities from disclosing information containing personal information unless the data subject consents or the information is publicly available. Additionally, the Act specifies that a public institution may decline a request for disclosure of material that is legally protected (e.g. Attorney-client privilege, doctor-client privilege).



The Cybercrime (Prevention, Prohibition, and Punishment) Act 2015

The Cybercrime (Prevention, Prohibition, and Punishment) Act, Nigeria’s primary cybercrime legislation, criminalizes data privacy violations. In general, this Act bans, criminalizes, and prosecutes cybercrime in Nigeria. It requires everyone or any service provider in possession of a person’s personal data to implement proper safeguarding procedures.



The Child Rights Act 2003

The Child Rights Act safeguards children’s privacy rights. The Act protects and ensures each child’s right to privacy, family life, home, correspondence, telephone conversation, and telegraphic communications that are not subject to parental or guardian monitoring or control.



The Consumer Protection Framework 2016

The Consumer Protection Framework of the Central Bank of Nigeria bans financial institutions from exposing their customers’ personal information. Additionally, it assures that these financial institutions take sufficient safeguards to protect their customers’ data and requires their customers’ prior written authorization before sharing this data with anybody.



The National Identity Management Commission (NIMC) Act 2007

Section 26 of this Act requires the Commission’s consent before a corporate entity or anyone else can have access to data kept in a database. Additionally, the Act authorizes the NIMC to collect, consolidate, and handle data pertaining to Nigerian citizens and residents.



The Federal Competition and Consumer Protection Act 2019

The Federal Competition and Consumer Commission is required by this Act to guarantee that the business secrets of all parties involved in its investigations are effectively secured at all phases of the investigation or inquiry.



The National Health Act (NHA) 2014

The NHA, which governs health consumers and healthcare workers, places restrictions on how personal information about health service users is disclosed in their records. Additionally, it guarantees that healthcare professionals take the required safeguards to protect such information.


Case Laws

As in the case of many other common law jurisdictions, judicial judgments are an intrinsic source of law in Nigeria, and while there are few court decisions on data privacy and protection, there are several. Consider the following: An action can be brought against a sports/gambling company for failing to comply with the NDPR’s privacy policies. The publication of customers’ personal information and the processing of pictures and other personal data without consent breaches Section 37 of the Constitution and Section 2.1(a) of the NDPR.



Additional guidelines may include the following:

  • Framework for Consumer Protection 2016
  • 2019 Framework and Recommendations for Public Internet Access
  • Internet Service Provider Guidelines
  • Nigerian Data Protection Regulations 2019: A Framework for Implementation, 2020


These regulations address extremely different types of data and privacy expectations, imposing distinct responsibilities on relevant industry players.




Although estimating the actual amount of online sports betting is challenging, it is estimated that sports betting accounts for about 40% of the worldwide gaming market. The ongoing development of authorized gambling platforms bolsters the market’s anticipated growth over the next two years.


Online and mobile sports betting platforms, as well as team trademarks and the design of esports games, present a slew of new and dynamic challenges and concerns about intellectual property and data protection, privacy, and security.


It is commendable that Nigerian authorities are taking aggressive initiatives to secure citizens’ personal data through their laws and numerous regulations. Despite the proliferation of laws and regulations governing data privacy and protection, the only law that addresses this topic directly and thoroughly is the recently released NDPR by NITDA. As a result, it is clear that the country is on the right track, while there is still potential for improvement.


One must understand how data protection compliance and intellectual property operate in these rapidly evolving contexts as they intersect with gaming law in both retail casino operations and online or mobile betting. Fortunately, the Sports, Entertainment, and Technology (S.E.T.) Group at Olisa Agbakoba Legal will continue to highlight and address these concerns as they emerge.


We have skilled and experienced cyber and sport lawyers at Olisa Agbakoba Legal (OAL) who can provide legal support and advice in cases involving sport betting money recovery, cybercrime and cyber security. Our Cyber and sports lawyers handle cybercrime cases that involve individuals, organizations, or the government, as well as cases involving e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, and other topics. They collaborate with stakeholders to protect against today’s sports-related cybercrimes and to develop more secure and resilient infrastructure for the future.


Please contact Our Lawyers if you do have any questions about sports betting scams or cyber crimes in Nigeria. You can meet with Beverley Agbakoba-Onyejianya”, the head of Sports, Entertainment and Technology Practice Unit at Olisa Agbakoba Legal (OAL), recognized as one of Nigeria’s leading Technology Lawyer.




Written By:

Josephine Uba

Lead Digital Strategist, OAL.