Paradigm Initiative (PIN) has applauded countries that have enacted or strengthened data protection legislation over the past year, describing the trend as a critical step towards safeguarding individuals’ privacy rights in an increasingly digital world.
In a statement issued on Thursday, January 29, 2026, to mark Data Privacy Week, PIN praised governments that have taken concrete legal action to protect personal data under the global theme, “Take Control of Your Data.” Data Privacy Week commemorates the signing of Convention 108 on January 28, 1981, the first legally binding international treaty on privacy and data protection.
PIN highlighted Djibouti, the Gambia and Burundi for enacting data protection laws in June 2025, September 2025 and January 2026 respectively. The organisation also acknowledged Botswana, whose data protection law came into force in January 2025, as well as Algeria, which amended its existing legislation in July 2025 to introduce obligations around the appointment of Data Protection Officers.
While welcoming these developments, PIN stressed that passing laws alone is not enough. The organisation urged data protection authorities to prioritise effective implementation and enforcement to ensure that the rights of data subjects are fully protected.
“Beyond the adoption of data protection laws, there must be deliberate efforts to enforce these frameworks and hold violators accountable,” the organisation said.
PIN also highlighted its advocacy and litigation work across Africa, citing several landmark cases in Nigeria. In 2024, the organisation challenged widespread data privacy violations involving unauthorised websites that allegedly provided access to sensitive personal and financial information of Nigerian citizens for as little as ₦100.
That same year, following strategic litigation supported by PIN, the United Bank of Africa (UBA) Plc was ordered to pay ₦8 million in damages for grossly violating a customer’s right to data privacy. The bank was found to have unilaterally opened a domiciliary account for Miss Folashade Molehin without her consent.
In 2025, the Federal High Court in Abuja delivered another precedent-setting judgment against Domino’s Pizza, operated in Nigeria by Eat’n’Go, for unlawfully using a customer’s personal data for direct marketing. The court ruled that the restaurant violated Section 37 of the Nigerian Constitution and Sections 25 and 26 of the Nigeria Data Protection Act, 2023, after sending unsolicited marketing messages to the applicant, Chukwunweike Araka Akosa, without his consent. Akosa was awarded ₦3 million in damages.
PIN disclosed that the Domino’s case was reported through its Ripoti platform, which documents and responds to digital rights violations across Africa. Through the platform, the organisation provides support to victims, including pro-bono legal representation and other forms of assistance.
Despite the progress recorded in some countries, PIN warned that the absence of comprehensive data protection legislation in several African states continues to pose serious risks to individual privacy. Countries cited include the Democratic Republic of Congo, Mozambique, South Sudan, Sudan, Guinea-Bissau, Eritrea and Western Sahara.
The organisation called on countries without data protection frameworks – including Liberia, Namibia, Sierra Leone, Mozambique and Libya – to urgently enact laws and policies that safeguard the rights of data subjects.
According to PIN, the growing recognition of data protection as a fundamental right is encouraging, but sustained political will and enforcement remain essential to ensuring meaningful privacy protection across the continent.