On March 11, 2022, the Socio-Economic Rights and Accountability Project (SERAP) filed a lawsuit (FHC/L/CS/448/2022) at the Federal High Court in Lagos against then-President Muhammadu Buhari, challenging his February 2022 approval allowing security agencies to access personal details via the National Identification Number (NIN)-SIM linkage without due process. “The failure to review and rescind [this approval]… amounts to violations of private and digital communication rights, right to family life, human dignity, and personal liberty,” SERAP argued, seeking a court order to overturn the decision and issue a perpetual injunction against unlawful data access. Respondents included Attorney General Abubakar Malami and Minister of Communications Isa Pantami.
Privacy Concerns and Legal Arguments
SERAP contended that the policy infringes on Nigerians’ right to privacy, protected under Section 37 of the 1999 Nigerian Constitution, Article 17 of the International Covenant on Civil and Political Rights, and Article 5 of the African Charter on Human and Peoples’ Rights. “If President Buhari’s approval is not rescinded, millions of law-abiding Nigerians may feel that their private lives are the subject of constant surveillance,” the suit stated. With over 73 million Nigerians having linked their NIN to SIM cards by 2022, SERAP warned of potential mass surveillance, arguing that any restriction on privacy must meet “principles of legality, necessity, and proportionality” and be clearly defined by law, not arbitrary presidential approval.
Context of NIN-SIM Policy
Introduced in 2020, the NIN-SIM linkage policy aimed to enhance security by linking phone numbers to national identities, ostensibly to track criminals. However, its implementation sparked controversy, with 72 million subscribers barred from making calls by April 2022 for non-compliance, per Vanguard News. “The power to access individual’s details raises serious concerns as to their arbitrary use,” SERAP noted, citing risks to freedom of expression and other rights. The policy’s enforcement, coupled with Buhari’s approval for security agencies to access the National Identity Management Commission (NIMC) database, fueled fears of unchecked surveillance, especially given Nigeria’s history of data breaches, with NIMC reporting 1.4 million hacking attempts in 2021.
Broader Implications and Public Response
The lawsuit reflected broader concerns about Nigeria’s data protection framework, with SERAP urging a robust system to safeguard privacy amid a “power imbalance” between citizens and authorities. Public reaction was mixed: some supported the policy for security, while others, including 46% of Nigerians in a 2022 NOI Polls survey, feared privacy violations. By August 2025, under President Bola Tinubu, the policy persists, with 107 million NIN-SIM linkages completed, per NIMC. However, ongoing data breaches and arrests of opposition figures, as noted in X posts, heighten distrust. “The government must prioritize transparency and judicial oversight,” a digital rights advocate tweeted, echoing SERAP’s call.
Outcome and Ongoing Challenges
No hearing date was set for the 2022 suit, and its outcome remains unclear, with SERAP’s later lawsuits against Tinubu’s administration suggesting limited progress. Nigeria’s Data Protection Act 2023 has strengthened regulations, but enforcement lags, with only 3% of public institutions compliant, per the Nigeria Data Protection Commission. “The right to privacy can enable the enjoyment of other rights,” SERAP emphasized, underscoring the stakes. As Nigeria navigates security and privacy tensions, the NIN-SIM policy remains a flashpoint, requiring clear legal frameworks to prevent abuse and protect citizens’ rights in an increasingly digital landscape
