How INEC and Nigeria’s Major Parties Are Failing the First Test of Digital Democracy

As the world worries about AI-generated ads, political chatbots, and the automation of political persuasion, in Nigeria even the most basic duty to protect citizens’ personal data is still being treated with alarming carelessness.

This issue goes to the heart of democratic trust. When political parties and election institutions ask Nigerians to submit personal information online, whether for voter registration with the Independent National Electoral Commission (INEC), for party membership sign-ups and documentation, or to ease political party campaign mobilization, they are not merely collecting names. They are collecting identity, political affiliation, location, loyalty, and, in some cases, vulnerability and personalized identification such as National Identity Number (NIN). They are building a database of civic and political life.

And yet, too often, they appear to be doing so with little visible regard for the legal and ethical duties that come with digital data collection.

That contradiction is now in plain sight. As candidates commence campaigns for the next election, INEC requires political parties to maintain a digital register of members and submit that register to the Commission within a statutory timetable. Political parties also want the convenience of online recruitment and easier mobilization. Everyone wants the efficiency of technology. But too few appear willing to accept the discipline that technology requires.

My review of INEC and political party websites tells a sobering story. Of the seven parties examined, including the ruling All Progressives Congress (APC) and major opposition parties such as the People’s Democratic Party (PDP), Africa Democratic Congress (ADC), Accord Party, and Labour Party with millions of followers, only the Africa Democratic Congress appeared to have some form of privacy policy. Neither INEC nor the other political parties appear to have a publicly accessible privacy policy. In fact, opening PDP’s privacy link leads you to a template for a website of a barber’s shop in New York City called the ‘Gentleman Barber Shop.’ I also found no cookie policy or notice across the political parties reviewed, and no clear cookie notice or privacy policy on INEC’s main website.

This is not a minor website defect nor the sort of thing to be dismissed as a technical oversight or an unfinished page. It is a governance problem. It is an accountability problem. And it reveals something deeper about how power is imagined in Nigeria’s digital politics: as the right to collect, but not necessarily the duty to explain.

A privacy policy explains what data is collected, why, how long it is kept, and users’ rights. A cookie notice reveals website tracking. Under Nigeria’s data-protection framework, both are essential, not optional, according to the Nigeria Data Protection Act 2023 and the NDPC’s 2025 General Application and Implementation Directive (GAID).

From this, it is clear that INEC and Nigeria’s major parties are digitizing politics without fully accepting the duties that come with digital data collection. And if they are failing at this visible and elementary first step, what else might they be failing to do with the data of millions of Nigerians at home and abroad? A missing privacy notice is often a warning sign. It invites harder questions. How is data shared with consultants, campaign contractors, or political operatives? What happens when a database is copied, leaked, sold, or weaponized?

Political data is among the most sensitive categories of personal information. Joining a political party is more than subscribing to a newsletter or shopping online. It reveals beliefs, loyalty, and associations, and, in a fragile or captured democracy like Nigeria, can expose citizens to targeting, pressure, retaliation, exclusion, such as who gets or does not get the ‘city boys’ palliatives.’

Privacy compliance is also about both rights and liability. Some of those registering with political parties today are Nigerians in the diaspora. Some are dual citizens. Some live in jurisdictions with stricter data-protection cultures. A political party that carelessly collects and stores personal information is inviting domestic embarrassment and exposing itself to cross-border and future legal complications, without safeguards.

Political parties, moreover, cannot demand transparency from government but practice opacity themselves. A commission such as INEC, trusted with the integrity of the electoral process, should not make privacy discoverable only by accident.

Of course, some will say people hardly read privacy policies anyway. That is true. However, many people do not read every label on their drugs either, but the manufacturers must still disclose. Notice is not useless because some people scroll past it. Notice is a discipline imposed on power. It forces institutions to declare themselves. Others will say the law does not literally state that every website must have a privacy policy. That is only half an argument. The 2025 GAID clearly expects privacy policies to be published on platforms and privacy and cookie notices to appear on the main page.

However, this is not a Nigerian problem alone. Across the world, elections are becoming more digital and more vulnerable to abuse. But Nigeria also has something many countries in the region still lack: a serious data-protection framework and an institution capable of shaping good practice. The question is whether that framework will stop at banks, telecoms, and fintech firms, leaving political actors to treat it as if the law reaches them last.

INEC should place a clear privacy policy and cookie notice on its main website. Political parties should publish accessible privacy policies, explain their lawful basis for data collection, identify who is responsible for complaints, and state how long data will be retained and with whom it may be shared. But Nigeria should also think beyond standard compliance. INEC and the NDPC could introduce a public digital trust seal for parties that meet minimum privacy standards before elections. Civil society groups and media organizations could run independent election-tech audits and publish simple scorecards that citizens can understand. And because democracy is not only about elites with smartphones, privacy notices should appear in plain, major local languages, and audio formats that reflect how people actually access information.

The first test of digital democracy is neither speed, convenience, nor innovation. It is whether those who hold our sensitive political information show that they deserve to do so.