Enforcing data privacy in Kenya and Nigeria : Towards an African Approach to Regulatory Practice

As digital transformation accelerates across Africa, the need for effective data protection frameworks is increasingly urgent. The African Union’s Digital Transformation Strategy (2020–2030) calls for harmonised legal and institutional measures to protect personal data and privacy rights. Yet, in practice, enforcement remains inconsistent, hindered by limited capacity, fragmented regulation, and low public awareness. This article presents a comparative analysis of data privacy enforcement in Kenya and Nigeria, focusing on the Data Protection Act 2019 and the Nigeria Data Protection Act 2023, respectively. It examines the roles of the Office of the Data Protection Commissioner and the Nigerian Data Protection Commission, particularly their institutional strengths and challenges. Using a qualitative approach, the study evaluates legislation, enforcement practices, and organisational structures, supported by case examples and regulatory outcomes. The findings indicate that Kenya has achieved measurable progress in data protection enforcement whereas Nigeria is still grappling with foundational issues. Despite these contrasts, both countries show alignment with global data protection norms such as the GDPR, offering a foundation for growth. The paper recommends targeted strategies to reinforce enforcement, including increasing institutional autonomy, expanding public education efforts, and building stronger technical capacity.