Patients' Right to Data Privacy and Protection in Nigeria: A Right or Privilege?

The digital transformation of healthcare has intensified concerns surrounding the protection of 
patient health data globally. In Nigeria, the question of whether data privacy constitutes a 
fundamental right or a mere privilege for patients remains largely unresolved, creating significant 
gaps in legal protection and clinical accountability. This study adopts a doctrinal methodology 
and a comparative approach. This research examines the legal framework governing patient data 
privacy in Nigeria, with particular focus on the Nigeria Data Protection Act 2023, the National 
Health Act 2014 and other relevant laws. It further interrogates the extent to which these 
instruments adequately protect patient health information and analyses the tensions between 
regulatory intent and practical enforcement. Drawing on comparative analysis with the United 
Kingdom’s General Data Protection Regulation (GDPR), it is argued that patient data privacy in 
Nigeria is constitutionally grounded and must be treated as a fundamental right, not a 
discretionary privilege. It further identifies systemic enforcement failures, institutional non
compliance, and low patient awareness as critical barriers to realising this right. The article 
concludes by recommending legislative harmonisation, stronger regulatory oversight, and 
mandatory data protection compliance frameworks tailored specifically to the Nigerian healthcare 
sector