Nigeria: Communications Commission adopted Internet Code of Practice, including data protection regulation

On 13 February 2026, the Communications Commission adopted the Internet Code of Practice, including data protection regulation. The Code provides that internet access service providers must not permit the harvesting or third-party access to transactional data on their networks without prior written approval from the Commission, which will conduct an impact assessment considering national interests, consumer protection, and personal data implications. Transactional data includes metadata and activity logs generated through network use, such as behavioural patterns, usage trends, communication details, time and duration records, and other information used for billing, operational, analytical, or regulatory purposes.