Close this search box.

The Role of State and Non-State Actors in Data Protection

The Role of State and Non-State Actors in Data Protection

By Sulaimon AbdulBaqqi Amoo


In one of the latter months of 2019, Comparitech uncovered that Microsoft suffered a huge data leak involving 250 million customers. Notable reports of data breaches suffered by companies in 2020 include Cam4 (10.88 billion records), Advanced Info Service (8.3 billion records), Keepnet Labs (56 billion records). 2021 data breaches are according to reports not as tremendous as that of 2020; companies that suffered the biggest data breach in 2020 include Comcast (1.5 billion records), Facebook (533 million records), LinkedIn (500 million records), Byeka (400 million), and a lot more. These year-to-year statistics show the stupendous value of data to people operating in the illicit sphere of the digital world. These statistics are drawn from the Unites States and the United Kingdom as little is known of data breaches perpetrated  in Africa. Although, there is a chasm between data protection and the right to privacy, these two rights are immensely akin and should be seen as being equally pivotal to a sufficient protection of people’s privacy. In recent years, the users of internet keep increasing. Consequently, the amount of data collected is on a perpetual increase; the increase in the amount of data collected demands sophisticated measures to combat data breaches. The importance and need of data protection in our contemporary world can’t be overemphasized. 

As a prefatory point, data Protection involves the practice of protecting digital information from unauthorized access, corruption or theft. Vital information of customers such as names, addresses, emails, phone numbers, health information, bank details, etc. are all forms of data which should be carefully stored and protected. Menaces like data breaches can cause tremendous damage.

Governments and Corporations as Repositories of People’s Data:

In recent years, there has been a spate of data breaches and cyberattacks on corporations and governmental bodies. Governments and corporations are repositories of people’s data; consequently, they have a duty to protect people’s data against all forms of vulnerability in their systems and networks. The role the private and public sector can play in protecting data entrusted to them will be enunciated below:  

The Role of State Actors:

An inquiry into the role of state actors in data protection without first clarifying who state actors are will result in a minor inadequacy. State actors are public officials acting in their official capacity. 

The legislative arm of the government has a foremost duty to consult and seek guidance from cybersecurity professionals for the enactment of legislations which are aimed at ensuring sufficient protection of data by organizations and state actors, and aimed at providing punitive measures for perpetrators of data breaches, cyberattacks, and data intrusions of any form. Furthermore, technology continue to evolve; therefore, laws protecting people’s privacy need to be able to adapt to changes in the digital world, changes such as data breaches and cyberattacks. As a resultant of this, the legislative arm of government should ensure that laws protecting people’s privacy are up-to-date with menaces causing data breaches.
Governments should work in tandem with governments of other countries in creating and enforcing effective legislative standards for data protection. The crime of cybercrime is botherless, international collaboration is immensely essential. For the purpose of illustration, in 2018 the European Union issued the General Data Protection Regulation (GDPR) which aimed to harmonize data privacy laws across Europe; protect and empower all European Countries’ citizens as regards their data privacy; and reshape the way organizations across the region approach data privacy. Although, the Africa Union has created an international instrument (the Malabo Convention) to regulate data and privacy protection, the convention is yet to be ratified in some countries such as Nigeria.  

Governments should ensure that entities that collect, use, process, and share data subjects’ personal information are obliged to take reasonable steps to protect them. Also, there is a need to ensure that entities which transmit personal information do so in ways that respect the privacy interests of individuals linked to the information.

Furthermore, privacy laws protecting people’s data should be backed by enforcement agencies equipped with sophisticated up-to-date tools, so as to ensure the adequacy of strategic measures against cybercriminals.  

Additionally, governments should engage in a public enlightenment campaign that enlightening people on corporate practices that are detrimental to consumers and also informs customers about what they can do to protect their data.

The Role of non-state Actors:

An examination of the role of non-state actors in data protection without elucidating what non-state actors are will result in a minor insufficiency. Non-state actors include organizations and individuals that are not affiliated with, directed by or funded by the government. Corporations such as private financial institutions are non-state actors.  

 Some companies such as Apple and Mozilla have made sufficient privacy protection as a central feature of their product offerings while some companies have opted to neglect protecting their users’ privacy sufficiently.

Companies involved in processing and managing people’s data should appoint a data protection officer. The appointment of a data protection officer symbolizes an organization’s earnest approach towards protecting customers and users’ data. The data protection officer should be tasked with ensuring that her organization protects the personal data of its staffs, customers, and any other individual who falls under the scope of a data subject. The appointment of a data protection officer should be based on her professional qualities, immense attention should be paid to her expert knowledge of data protection. Also, the data protection officer should be tasked with conducting audits, addressing potential issues proactively, and acting as a liaison between her organization and the public regarding data privacy matters. Some regulatory framework such as the General Data Protection Regulation (GDPR) of the European union, the Nigerian Data Protection Regulation (NDPR) and some others, make provision for a data protection officer.

Additionally, corporations should have adequate and efficient security measures in place to prevent data breaches. Corporations should put in place an intrusion detection system and an intrusion prevention system. Also, corporations have a duty to invest adequate resources in protecting their customers’ data. They should conduct thorough background checks and put in place very stringent safeguards to ensure that employees don’t have access to data related materials unless they need to perform their duties. Also, companies should have policies that ensure adherence to compliance measures, security checks and mandatory trainings for employees.

Furthermore, corporations should report instances of data breaches to an appropriate body and the affected person. This will enable a disruption of the continuing act of data breach, swifter investigatory action, and an effective harm mitigation for victims.



A large amount of data is shared with corporations and governments. As a repository of this data, corporations and governments have a responsibility to protect data kept with them. Considering the fact data is a widely sought-after commodity in the digital sphere, sufficient measures must be structured out to protect data from unauthorized access. Feasible measures of protecting data have been discussed above.

About Author

Full Name: Sulaimon AbdulBaqqi Amoo

Phone Number: 09070828387

Email Address:

Current School of Study: Lagos State University


This work is published under the free legal awareness project of Sabi Law Foundation ( funded by the law firm of Bezaleel Chambers International ( The writer was not paid or charged any publishing fee. You too can support the legal awareness projects and programs of Sabi Law Foundation by donating to us. Donate here and get our unique appreciation certificate or memento.


This publication is not a piece of legal advice. The opinion expressed in this publication is that of the author(s) and not necessarily the opinion of our organisation, staff and partners.


🛒 Take short courses, get samples/precedents and learn your rights at

🎯 Publish your legal articles for FREE by sending to:

🎁 Receive our free Daily Law Tips & other publications via our website and social media accounts or join our free whatsapp group: Daily Law Tips Group 6


Get updates on all the free legal awareness projects of Sabi Law (#SabiLaw) and its partners, via:

YouTube: SabiLaw

Twitter: @Sabi_Law

Facebook page: SabiLaw

Instagram: @SabiLaw.org_

WhatsApp Group: Free Daily Law Tips Group 6

Telegram Group: Free Daily Law Tips Group

Facebook group: SabiLaw




This publication is the initiative of the Sabi Law Foundation ( funded by the law firm of Bezaleel Chambers International ( Sabi Law Foundation is a Not-For-Profit and Non-Governmental Legal Awareness Organization based in Nigeria. It is the first of its kind and has been promoting free legal awareness since 2010.


As a registered not-for-profit and non-governmental organisation, Sabi Law Foundation relies on donations and sponsorships to promote free legal awareness across Nigeria and the world. With a vast followership across the globe, your donations will assist us to increase legal awareness, improve access to justice, reduce common legal disputes and crimes in Nigeria. Make your donations to us here  or contact us for sponsorship and partnership, via: or +234 903 913 1200.


Leave a Reply

Related Posts

Contact Support


Welcome! Log into your account