INEC and Major Parties Fail Digital Democracy Test on Voter Data Privacy
As Nigeria's political landscape increasingly shifts online, the protection of personal data has emerged as a critical concern for democratic integrity. In a detailed analysis, public policy expert Timi Olagunju highlights how the Independent National Electoral Commission (INEC) and major political parties are failing to uphold basic digital privacy and accountability standards, putting voter information at risk.
Digital Politics Without Accountability
This issue strikes at the core of democratic trust. When political entities request Nigerians to submit personal details online—for voter registration, party membership, or campaign mobilization—they are not merely gathering names. They are collecting sensitive information, including identity, political affiliation, location, and even National Identity Numbers (NIN), effectively building a database of civic and political life. However, Olagunju notes that this data collection often occurs with little regard for the legal and ethical responsibilities that accompany digital operations.
A System Collecting Data Without Clear Rules
The contradiction is now evident. As election campaigns ramp up, INEC mandates political parties to maintain digital member registers and submit them within statutory deadlines. Parties seek the convenience of online recruitment and mobilization, embracing technology for efficiency. Yet, few appear willing to adopt the necessary discipline that technology demands, such as implementing robust privacy measures.
Privacy Gap Hiding in Plain Sight
Olagunju's review of INEC and political party websites reveals a sobering reality. Among seven parties examined, including the All Progressives Congress (APC), People’s Democratic Party (PDP), Africa Democratic Congress (ADC), Accord Party, and Labour Party, only the ADC had a semblance of a privacy policy. INEC and the other parties lacked publicly accessible privacy policies or cookie notices. For instance, PDP's privacy link redirected to a template for a barber shop in New York City, highlighting a significant governance and accountability problem.
This is not a minor oversight but a fundamental issue that reflects how power is perceived in Nigeria's digital politics: as a right to collect data without the duty to explain its use. Under the Nigeria Data Protection Act 2023 and the 2025 General Application and Implementation Directive (GAID), privacy policies and cookie notices are essential, not optional, for transparency.
Risks Behind Missing Privacy Protections
The absence of these protections raises serious concerns. If INEC and parties are failing at this basic step, what else might they be mishandling with the data of millions of Nigerians? Missing privacy notices often signal deeper issues, such as potential data sharing with consultants, leaks, or weaponization. Political data is highly sensitive, revealing beliefs and associations that could expose citizens to targeting or exclusion in a fragile democracy.
Law, Liability, and Institutional Responsibility
Privacy compliance involves both rights and liability. With Nigerians in the diaspora and dual citizens registering online, parties risk domestic embarrassment and cross-border legal complications without proper safeguards. Moreover, political parties cannot demand government transparency while practicing opacity themselves. INEC, as an electoral integrity body, should not make privacy an afterthought.
Why Privacy Notice Still Matters
Some argue that people rarely read privacy policies, but this does not negate their importance. Just as drug manufacturers must disclose ingredients, institutions must declare their data practices. The 2025 GAID explicitly expects privacy policies on platforms and notices on main pages, making compliance a legal necessity.
The First Real Test of Digital Democracy
Olagunju recommends that INEC place clear privacy and cookie notices on its website, and parties publish accessible policies explaining data collection, retention, and sharing. Beyond standard compliance, he suggests INEC and the Nigeria Data Protection Commission (NDPC) introduce a digital trust seal for parties meeting privacy standards. Civil society and media could conduct independent audits and publish scorecards for public understanding. Notices should also be available in local languages and audio formats to ensure inclusivity.
The first test of digital democracy is not about speed or innovation but whether those handling sensitive political information demonstrate they deserve that trust. As Nigeria navigates this digital era, addressing these gaps is crucial for safeguarding democratic processes and voter confidence.
