Nigeria

Workplace surveillance and employee rights: Where should organisations draw the line?

26 June 2025 4 min read

By Olufunmilola Oyinkansola Binuyo and Caleb Nmeribe

At a glance

  • Organisations engage in workplace surveillance for a number of reasons such as ensuring employee safety, protecting company assets, preventing misconduct, improving productivity and complying with regulatory requirements.
  • Organisations must balance the need for employee surveillance with employee privacy rights, especially in view of Nigerian laws which impose strict rules on monitoring in the workplace.
  • Employees have rights over their personal data collected through surveillance including rights to access, correction and objection. Employers on the other hand must justify surveillance, conduct impact assessments and implement clear, Nigeria Data Protection Act (NDPA)-compliant policies.
  • Excessive monitoring can harm morale and trust. As such, a balanced, transparent approach helps protect privacy while supporting legitimate business and security goals.

Background

In Nigeria's evolving workplace, organisations face a complex challenge: balancing the implementation of effective monitoring systems while respecting employees’ fundamental right to privacy. This challenge has become more pronounced with the promulgation of the NDPA and the issuance of the General Application and Implementation Directive, 2025 which explains the provisions of the NDPA. The NDPA provides additional obligations for employers who collect and process employee personal data via surveillance tools.

Understandably, security concerns, performance management and regulatory compliance have made employee surveillance inevitable. As such, the pertinent question is no longer whether workplace surveillance is necessary but how to draw the line between legitimate business interests and employees' constitutional right to privacy and their personal data, as guaranteed under the Nigerian Constitution and data protection laws respectively.

Constitutional and legal framework

The approach to privacy with a view to workplace surveillance is anchored in constitutional protections that guarantee privacy rights.

The NDPA has also expanded the legal framework governing workplace surveillance. Further to the NDPA, employers must establish a lawful basis for processing personal data, which in this context, is collected through surveillance systems. The most applicable lawful basis to employee surveillance is the legitimate interest pursued by the organisation. This must however, be balanced against employee privacy rights guaranteed under the Constitution. This legal requirement transforms surveillance from a unilateral employer decision into a carefully considered process requiring legal justification.

The penalty structure under the NDPA, provides the possibility of negative impacts to the bottom-line of the organisation. This no doubt is an additional incentive for compliance. Where the Nigeria Data Protection Commission (NDPC) issues orders pursuant to a breach, failure to comply attracts fines for the organisation and terms of imprisonment upon conviction, for any personnel responsible for non-compliance.

The NDPA also imposes several key principles and obligations that organisations must navigate when implementing surveillance policies. These include:

  • Transparency: Prior to surveillance, employers must provide clear information to employees about surveillance activities, including the legal basis and purpose(s) for processing collected data.
  • Data minimisation: Surveillance activities must be 'adequate, relevant and limited to the minimum necessary' for their stated purposes.
  • Storage limitation: Personal data collected through surveillance should be retained for no longer than is necessary to achieve the lawful bases for which it was collected.
  • Security: Collected data must be processed and stored securely to avoid any type of unlawful access, loss, damage, destruction, damage or any form of data breach.

Employee rights within the context of workplace surveillance

In respect of the processing of their personal data through surveillance activities, employees have the right to:

  • Access their personal data. In the case of CCTV surveillance, Employees have the right to access footage in which they appear.
  • Challenge the accuracy of personal data collected.
  • Request deletion in certain circumstances eg when the data is no longer necessary for the original purpose or is unlawfully processed.
  • To rectify their data collected and processed through monitoring systems.
  • Object to processing their personal data.
  • Lodge a complaint with the NDPC in respect of the unlawful processing of their personal data.

In cases where consent is relied on for processing, employees have the right to withdraw consent for data processing. This may however conflict with legitimate security requirements. In this case, the organisation may validly continue the processing of the personal data by relying on other lawful bases such as the pursuit of its legitimate interest – which could include security requirements.

Practical guidelines for organisations

Moving forward, effective management of workplace surveillance requires a risk-based approach that includes the following steps:

  • Organisations must conduct data privacy impact assessments before implementing new monitoring systems, considering both the necessity and proportionality of surveillance, in addition to its potential impact on employee privacy and workplace culture.
  • Transparency is critical to the implementation of monitoring systems, so, organisations must inform employees about the scope, purpose and presence of such systems. Notices about the use of such monitoring systems should be prominently displayed in workplaces.
  • NDPA-compliant policies should be implemented. Such policies will govern surveillance activities and establish clear procedures for employees to raise privacy concerns and exercise their data protection rights.
  • Regular reviews of surveillance, necessity and proportionality must also be undertaken.
  • Organisations should also ensure that access to surveillance data is strictly controlled, with surveillance records only accessed by authorised personnel for legitimate employment-related purposes or legal requirements.
  • Lastly, comprehensive training should be provided to employees based on surveillance policies.

Conclusion

Successfully managing workplace surveillance under Nigerian law requires organisations to move beyond simple compliance checklists, toward a nuanced understanding of privacy as both a legal requirement and a workplace culture foundation. The most effective approach involves transparent communication with employees about the necessity of the surveillance proposed to be engaged, implementation of robust data protection measures and regular evaluation of whether monitoring practices remain proportionate to their intended purposes.

Should you require advice with respect to employment related issues, please do not hesitate to contact us at employment@olajideoyewole.com.

More to explore

Workplace surveillance and employee rights: Where should organisations draw the line?

Nigeria

Workplace surveillance and employee rights: Where should organisations draw the line?

An overview of workplace surveillance and employee rights inNigeria. 

26 June 2025 4 min read
Status of legislative proposals following the federal election

Germany

Status of legislative proposals following the federal election

Proposals put forward by the previous federal Parliament are now on hold due to recent elections.

25 March 2025 3 min read
Changes to the retention period for employment documents

Hungary

Changes to the retention period for employment documents

From 1 January 2025, changes to the retention period for employment documents in Hungary will come into force.

20 December 2024 1 min read
Draft of a new Employee Data Act (update)

Germany

Draft of a new Employee Data Act (update)

The draft Employee Data Act introduces a separate employee data law outside the scope of the Federal Data Protection Act.

19 November 2024 2 min read
Changes to privacy laws in Quebec with regards to anonymising personal information

Canada

Changes to privacy laws in Quebec with regards to anonymising personal information

New privacy laws impact on anonymising of personal information.

30 September 2024 1 min read
Supreme Court ruling on remuneration transparency

Spain

Supreme Court ruling on remuneration transparency

The Court ruled that Spanish law does not require salary registers to include data that identifies individual employee remuneration.

13 December 2024 1 min read