In churches across Nigeria, testimonies are powerful moments. From healing stories to breakthroughs after prayer, they inspire faith and encourage worshippers. For many believers, sharing a testimony is a public declaration of God’s work in their lives. As churches increasingly ask members to provide medical reports, test results, photographs, and videos to “verify” these testimonies, especially for livestreams and social media, an important question arises: what happens to people’s personal data?
With the introduction of the Nigeria Data Protection Act (NDPA) 2023, churches, like other organisations, now have legal responsibilities when handling personal and sensitive information.
What the Law Says
The Nigeria Data Protection Act classifies information such as medical records, health status, and biometric data as sensitive personal data. The law says such data must only be collected and shared with clear, informed, and voluntary consent from the individual involved.
Importantly, the law does not exempt churches or religious bodies. Any church that collects testimonies, records videos, stores documents, or publishes members’ stories online can be regarded as a data controller under the law.
This means churches are expected to:
● Tell members why their data is being collected.
● Use the data only for that stated purpose.
● Protect it from misuse or unauthorised access.
● Allow members to withdraw consent if they change their minds.
The consent problem in churches
In many churches, members may feel pressured to comply with church requests because of respect for pastors or fear of appearing ungrateful to God.
When a member is asked to submit hospital reports or appear on camera during service, is that consent truly voluntary? Do they fully understand that the video may remain on the internet permanently?
The law is clear: consent must be freely given, not obtained through pressure, emotional influence, or spiritual authority.
Common practices that raise concerns
Across Nigeria, it is common to see:
● Full names and faces of testifiers broadcast online
● Medical scans displayed during services
● Testimony videos shared repeatedly on Facebook, YouTube, and WhatsApp
● No clear explanation of how long such data will be kept
Without proper safeguards, these practices may expose churches to legal complaints and penalties under the NDPA.
What churches can do
To balance faith with the law, churches should consider:
● Asking for written consent before collecting or publishing testimonies
● Explaining clearly where and how the testimony will be shared
● Allowing members to opt out without embarrassment or penalty
● Avoiding unnecessary display of medical or personal documents
● Training church media and admin teams on basic data protection rules
● Appoint a Data Protection Officer, as required by law.
Respecting data privacy does not weaken faith; it strengthens trust. Churches are moral leaders in society, and how they treat members’ personal information reflects their commitment to dignity and care.
Moyosore Saka CIPP/E, MBA, LL.M, B.L, LL.B; Founder, The Bricksleek Legal. info@bricksleeklegal.com, msaka@bricksleeklegal.com
