New Technologies in International Law / Tymofeyeva, Crhák et al.

handling substantial amounts of personal data are subject to commensurate regulatory expectations, aligning with safeguarding individual privacy and data security. According to the NDPA, for data controllers or processors of ‘major importance,’ the maximum fine for breaching the personal data of individuals is stipulated at being between the greater of ₦ 10,000,000 (ten million Naira) or 2% of the annual gross revenue of the data controller’s preceding financial year, and for less significant data controllers or processors, the maximum fine for data breaches is the more significant sum between ₦ 2,000,000 (two million Naira) or 2% of their annual gross revenue in the preceding financial year. 483 This marks a significant improvement on the penalties previously outlined in the repealed NDPR 2019, which levied a fine of 2% of the annual gross revenue or ₦ 10 million (ten million Naira) for breaches involving over 10,000 data subjects and 1% of the annual gross revenue or ₦ 2 million (two million Naira) for breaches involving fewer than 10,000 data subjects. 484 Because the law was recently passed, it is anticipated that the NDPC will issue regulations and guidelines to clarify the compliance requirements outlined in the Act. This includes defining the parameters for classifying a data controller or processor as one of ‘major importance,’ specifying the frequency and content of compliance returns for such entities, and outlining steps for data controllers to inform subjects of personal data breaches adequately. 485 The enactment of this law by the Nigerian government establishes robust safeguards for data protection. It ensures that integrating AI tools in healthcare settings prevents data privacy breaches. It sets a precedent for developing countries aspiring to institute comprehensive data protection laws, thereby safeguarding data protection as a fundamental human right. Bias Issues relating to bias and fairness are predicated on the ethical obligation that mandates that all humans should be treated equally and stipulates that the application of AI should not result in unfair discrimination against individuals, communities, or groups. 486 However, despite AI’s potential to address healthcare issues in developing countries and improve health outcomes of individuals living in these disadvantaged nations, the opposite unintended effect of AI tools restricting access to healthcare to individuals may arise due to issues relating to bias. This issue may arise because AI tools perpetuate bias and unfairness due to the training data used in the development stage that reflects existing biases in diagnosis, treatment, and provision of services to marginalized populations or through algorithmic bias. 487 In such a scenario, the AI tool 483 Ibid., Fn 479, Section 48. 484 Data Protection Regulation , Nigeria (2019) 485 KPMG, The Nigeria Data Protection Act, 2023 A Review of the Key Compliance Provisions and their Implications for Nigerian Businesses (2023). 486 Fountain JE, ‘The moon, the ghetto and artificial intelligence: Reducing systemic racism in computational algorithms’ (2022) 39 Governmental Information Quarterly 101645. 487 Ferryman K, Pitcan M, ‘Fairness in precision medicine’ ( Data & Society , February 2018) .

115