Our Commitment We will never sell your personal data. We will never share it for purposes incompatible with our mission. We will process your data only as necessary to serve you, comply with the law, or defend digital rights.
Introduction
Welcome to the Digital Rights Lawyers Initiative (DRLI). We are a team of digital rights lawyers, policy advocates, and researchers dedicated to defending and advancing digital rights in Nigeria and across West Africa, including the right to privacy, freedom of expression online, data protection, and freedom from unlawful surveillance.
We respect your privacy — not only because the law requires it, but because digital rights are the very cause we champion. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, interact with our content, or engage our services.
By using our website or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy.
Who We Are
The Digital Rights Lawyers Initiative (DRLI) is a non-governmental, not-for-profit organisation based in Nigeria. We are not a government agency, nor are we affiliated with any political party. Our work includes:
- Litigating digital rights cases before Nigerian courts (from Magistrate Courts to the Supreme Court) and the ECOWAS Community Court of Justice.
- Providing legal advice and representation to victims of digital rights violations.
- Conducting research, policy advocacy, and public education on digital rights.
- Engaging with regulatory bodies such as the Nigeria Data Protection Commission (NDPC) and the National Information Technology Development Agency (NITDA).
Personal Data We Collect
We collect only the personal data that is necessary for our legitimate activities as a digital rights law firm and advocacy organisation.
| Category | Examples |
|---|---|
| Identity Information | Full name, title (e.g., Mr., Ms., Dr.), profession |
| Contact Information | Email address, phone number, postal address |
| Enquiry Information | Details you provide when contacting us for legal assistance, pro bono representation, or media inquiries |
| Newsletter Subscription Data | Email address, name (if provided), subscription preferences |
Sensitive Personal Data: We do not intentionally collect sensitive personal data (e.g., biometric data, health records, political opinions, religious beliefs). However, if you voluntarily disclose such information in the course of seeking legal assistance, we will treat that information with the highest level of confidentiality and process it under the legal basis of legal professional privilege and your explicit consent.
How We Collect Your Data
4.1 Directly from You
- When you fill out our contact form or request legal assistance form.
- When you sign up for our newsletter or events.
- When you send us an email, call us, or communicate via social media.
- When you engage our legal services (including client intake forms).
4.2 From Third Parties
- We may receive your information from referral partners, partner civil society organisations, or pro bono clearinghouses.
- We may obtain publicly available information from court records or regulatory filings for legitimate advocacy or litigation purposes.
Legal Basis for Processing (NDPA 2023 Compliance)
Under the Nigeria Data Protection Act (NDPA) 2023, we process personal data only on the following lawful bases:
| Legal Basis | When We Rely on It |
|---|---|
| Consent | When you subscribe to our newsletter, accept non-essential cookies, or voluntarily provide sensitive data. You may withdraw consent at any time. |
| Contractual Necessity | When processing is necessary to provide legal services to you under a retainer or pro bono agreement. |
| Legitimate Interests | For website security, analytics, internal administration, and advocacy communications that are not overridden by your privacy rights. |
| Legal Obligation | When required by law, court order, or regulatory directive (e.g., anti-money laundering checks for legal retainers). |
| Vital Interests | In rare emergency situations involving risk of harm. |
How We Use Your Personal Data
| Purpose | Description | Legal Basis |
|---|---|---|
| Provision of Legal Services | To assess your enquiry, provide legal advice, represent you in court, and communicate with you about your case. | Contract + Legitimate Interests |
| Client Intake and Conflict Checks | To determine whether we can represent you without conflict of interest. | Legal Obligation + Legitimate Interests |
| Website Improvement | To analyse how visitors use our website and improve user experience. | Legitimate Interests |
| Newsletter and Communications | To send you updates, event invitations, and digital rights news. | Consent (or Legitimate Interests for existing clients) |
| Advocacy and Public Education | To publish anonymised case summaries, reports, and policy briefs. | Legitimate Interests + Public Interest |
| Security and Fraud Prevention | To monitor for unauthorised access, cyberattacks, or other security incidents. | Legitimate Interests + Legal Obligation |
| Compliance with Court Orders | To comply with subpoenas, court orders, or lawful requests from regulators. | Legal Obligation |
Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. However, we may share your data in the following limited circumstances:
| Recipient Category | Purpose | Safeguards |
|---|---|---|
| Service Providers | Hosting, email delivery, analytics, payment processing. | Data protection agreements (DPAs) with providers. |
| Professional Advisers | External lawyers, consultants, or experts assisting on your case (with your consent). | Subject to confidentiality and legal privilege. |
| Courts and Arbitral Tribunals | Filing legal documents, evidence, or briefs as required for litigation. | Required by law; limited to what is necessary. |
| Law Enforcement or Regulators | Where required by law, court order, or regulatory investigation. | We will resist overbroad requests and notify you if permitted. |
| Partner Organisations | Joint advocacy campaigns or events (only with your explicit consent). | Separate consent obtained. |
Important: As a digital rights initiative, we will always push back against unlawful or overbroad requests for user data. We will notify you of any legal demand for your data unless prohibited by law.
International Data Transfers
Our website hosting and some service providers (e.g., email marketing platforms, analytics tools) may be located outside Nigeria, including in the European Union, the United States, or other jurisdictions.
When we transfer personal data outside Nigeria, we ensure adequate safeguards under the NDPA 2023, such as:
- Transferring to countries with adequate data protection laws as determined by the Nigeria Data Protection Commission (NDPC); or
- Implementing standard contractual clauses (SCCs) or binding corporate rules (BCRs); or
- Obtaining your explicit consent for the specific transfer.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law, professional obligations, or our legitimate interests. After the retention period, data is securely deleted or anonymised.
Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, accidental loss, alteration, or disclosure. These include:
- Encryption of data in transit (TLS/SSL) and at rest where feasible.
- Access controls — only authorised personnel (lawyers and support staff) have access to personal data.
- Regular security audits of our website and systems.
- Staff training on data protection and confidentiality (including legal professional privilege).
- Incident response plan for data breaches.
Despite these measures, no system is 100% secure. You are responsible for keeping any passwords you create confidential.
Your Rights as a Data Subject (NDPA 2023)
Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal data:
| Right | What It Means | How to Exercise |
|---|---|---|
| Right to Access | Request a copy of the personal data we hold about you. | Email our DPO. |
| Right to Rectification | Correct inaccurate or incomplete data. | Email our DPO with the correction. |
| Right to Erasure | Request deletion of your data where no legal basis for retention exists. | Email our DPO; we will assess. |
| Right to Restrict Processing | Limit how we use your data in certain circumstances. | Email our DPO. |
| Right to Data Portability | Receive your data in a structured, machine-readable format and transfer it to another controller. | Email our DPO. |
| Right to Object | Object to processing based on legitimate interests or direct marketing. | Email our DPO or click "unsubscribe" in emails. |
| Right to Withdraw Consent | Withdraw previously given consent at any time. | Email our DPO or use consent management tools. |
| Right to Lodge a Complaint | Complain to the Nigeria Data Protection Commission (NDPC). | Contact NDPC directly (we will cooperate). |
Important: Your rights are not absolute. For example, we may retain data if required by law (e.g., anti-money laundering records) or if necessary for legal proceedings. To exercise any right, please contact our Data Protection Officer at dpo@digitalrightslawyers.ng. We will respond within 7 days for simple requests and within 30 days for complex requests, as prescribed by the NDPA.
Children's Privacy
Our website and services are not directed at persons under the age of 16. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us. If we discover that a minor has provided data without parental consent, we will delete it promptly.
Third-Party Links
Our website may contain links to third-party websites, resources, or social media platforms. This Privacy Policy applies only to the DRLI website. We are not responsible for the privacy practices of third-party sites. We encourage you to read their privacy policies before providing any personal information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the law, our data processing practices, or our organisational activities. Any changes will be posted on this page with an updated "Effective Date."
For significant changes, we will notify you via:
- A prominent notice on our website; and/or
- An email to our newsletter subscribers (if we have your email).
We encourage you to review this Privacy Policy periodically.
Our Data Protection Officer (DPO)
Under the NDPA 2023, certain data controllers must designate a Data Protection Officer. Although DRLI may not yet meet the mandatory threshold, we have voluntarily appointed a DPO to demonstrate our commitment to data privacy.