In recent years, the demand for the personal data of data subjects across the globe has snowballed, largely driven by the exponential growth in ICT, e-commerce and social media. Globally, this has drawn unprecedented attention to the need for regulating how personal data is being processed.

The Nigerian Information Technology regulator, National Information Technology Development Agency (NITDA), issued its most recent Data Protection Regulation in 2019 (the “Regulation”) which among other considerations, prescribes consent as one of the primary bases for processing personal data of Nigerian citizens, both within and outside the country.

While the Regulation could be hailed as a timely legislative response, its provision on the consent requirements seems patchy and inexhaustive.

This article examines the concept of consent as a basis for data processing and the fundamental issues which underpin consent under the Regulation.