Authored By: Eziefula Chidera Angel
Nnamdi Azikiwe University
- INTRODUCTION
Data protection has gained greater visibility in the last 3 years than in previous years. It is evident because individuals are much more aware of the rights they have as data subjects, and companies, data controllers, and data processors are aware of any action or inaction that would amount to a breach of those rights. They are also aware of the ethical principles they must abide by and uphold when it comes to data, especially personal data, to ensure its protection. There are various ethical principles of data protection, and they include: Lawfulness, fairness, & transparency, purpose limitation, data minimization, accuracy, storage limitation, security, and accountability. All of these principles were put in place to ensure that data is collected and processed in a good way so as not to be misused or cause discomfort or harm to data subjects.
This article aims to discuss the concept of transparency in data collection & processing, and accountability for data misuse & ethical misuse. It will also discuss the relationship between transparency & accountability, the challenges, and ways to promote ethical transparency and accountability.
2.0 CONCEPT OF TRANSPARENCY AND ACCOUNTABILITY IN DATA PROTECTION
One of the safeguards provided by the European Union’s General Data Protection Regulation (GDPR) is the principle of transparency. Transparency is what colorless water is. Simply put, transparency is being clear, open, and honest with others about one’s actions or activities. As concerning data protection, it is a fundamental legal principle requiring organizations to process data lawfully, fairly, and openly. Article 5 (a) of the GDPR provides that “personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject. The Nigerian Data Protection Act also makes a similar provision. Section 27 further stipulates information that the data controller must make known to the data subject before the personal data is collected, which shall be contained in a privacy policy and expressed in a clear, concise, intelligible, and easily accessible format, taking into consideration the class of data subjects targeted by the data processing. Article 12 of the OECD Guidelines also provides that there should be a general policy of openness about developments, practices, and policies with respect to personal data.
In 2019, a decision by the National Data Protection Commission (CNIL) led to the imposition of a €50million fine on Google, because the information provided by Google was not easily accessible for users. Relevant Information were only accessible after 5-6 steps had been taken. It was also observed that some information wasn’t always clear or comprehensive, and as a result, users were not able to fully understand the extent of the processing operations carried out by Google. Further, the purposes of processing and the categories of data processed for these various purposes were described in a manner that was too generic and vague, and the information about the retention period was not provided for some data.
Essentially, any information addressed to the public or to the data subject must be concise, easily accessible, and easy to understand. Where this is not the case, there would be sanctions as the case may be and as provided in the law or statute.
Accountability, on the other hand, is when a person can give an account for every action or inaction and be held liable for any damaging action or inaction. In relation to data protection, accountability means that organizations must take responsibility for the personal data under their possession or control, and they must have appropriate measures and records in place to be able to demonstrate their compliance with the other principles of data protection. Such measures may include: Adequate documentation on what personal data is processed; How, to what purpose, and how long data will be processed for; Documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; and the presence of a Data Protection Officer (if required) who is integrated in the organization planning and operations etc.
Accountability is seen by several commentators as a promising way to deal with the challenges presented by the increasingly Globalized nature of information flows. I agree with this position. There is every need for organizations who collects personal data to be responsible for how the data is collected, used, and to whom it is distributed. As is the case with transparency, when data cannot be accounted for, there might be sanctions and consequences.
3.0 THE RELATIONSHIP BETWEEN TRANSPARENCY AND ACCOUNTABILITY AND THEIR IMPORTANCE
Transparency and accountability are two fundamental and interconnected principles of modern data protection law. Together, they ensure that the processing of personal data is conducted in a fair, lawful, and responsible manner. Neither principle operates effectively in isolation; rather, each reinforces the other in both legal theory and regulatory practice.
Transparency serves as a foundation for accountability by making data processing activities visible and understandable to data subjects and regulators. Without transparency, it would be impossible to assess whether data processing is lawful or to hold controllers responsible for breaches. Hidden or unclear processing practices undermine oversight and weaken enforcement mechanisms.
Conversely, accountability gives transparency practical and legal effect. Through accountability measures such as privacy policies, records of processing activities, data protection impact assessments, and internal compliance procedures, controllers ensure that transparency obligations are not merely theoretical. Accountability requires that the information provided to data subjects is accurate, consistent, and verifiable, thereby transforming transparency into an enforceable obligation.
Transparency and Accountability are important because it empowers data subjects. It is also important because it ensures responsibility and compliance. When individuals are clearly informed about how their personal data is collected and used, they are able to make informed decisions and meaningfully exercise their rights. Transparency and accountability strengthen trust between individuals, organizations, and regulators. They also help in educating customers. They support democratic values and the rule of law. By ensuring openness and responsibility in data processing, they limit abuses of power, promote fairness, and protect individuals from arbitrary or excessive data use.
4.0 CHALLENGES AND WAYS TO PROMOTE ETHICAL TRANSPARENCY AND ACCOUNTABILITY
Ethical transparency and accountability are essential to ensuring that personal data is processed responsibly, fairly, and in a manner that respects human dignity. However, achieving these principles in practice presents several challenges. Some of the challenges and the way forward will be listed below.
One major challenge is the complexity of data processing systems. Modern data ecosystems involve big data analytics, artificial intelligence, cloud computing, and cross-border data flows. These systems are often too complex for data subjects to understand, making it difficult for organizations to provide meaningful and intelligible transparency.
Another challenge is the proliferation of devices. The surge in connected devices, from laptops and smartphones to wearables and smart home devices, poses challenges in securing data across various platforms and endpoints.
Commercial interests and trade secrets also pose challenges. Organizations may resist full transparency to protect proprietary algorithms, business models, or competitive advantages. This tension is particularly evident in automated decision-making systems, where meaningful explanation is often limited.
Data visibility is another challenge. With the massive amount of data exchanged daily, understanding what data exists, where it resides, who can access it, and how it is transmitted becomes critical for organizational data security.
A further challenge is weak enforcement and accountability mechanisms. In some jurisdictions, data protection authorities lack sufficient resources, independence, or technical expertise to effectively enforce transparency and accountability obligations. This results in low compliance incentives.
Again, there is the issue of cross-border data flows. Information can be easily transferred and stored across geographical boundaries. Countries have varying data privacy regulations, making it difficult for organizations to ensure compliance when user data is located in different jurisdictions.
However, there are ways forward to curb these challenges. Privacy information should be concise, layered, and written in plain language, enabling individuals to understand how their data is used without legal or technical expertise.
Accountability can also be strengthened through governance frameworks, such as appointing Data Protection Officers and maintaining records of processing activities. These measures ensure that transparency obligations are embedded in organizational processes.
Furthermore, there should be clear regulatory guidelines, proportionate sanctions, and consistent enforcement encourage organizations to take transparency obligations seriously.
Again, regular audits, algorithmic impact assessments, and third-party reviews help ensure that organizations act transparently and responsibly, even where direct disclosure is limited.
In addition, the data security practices of third-party vendors should be thoroughly assessed before sharing data, and clear data sharing agreements should be established with third-party vendors that specify what data is shared, the purpose of sharing, and the security measures they must implement.
5.0 CONCLUSION
Ethical transparency and accountability are vital for responsible data protection but are often challenged by complex technologies, commercial interests, and weak enforcement. By promoting clear communication, strong governance, and effective regulation, organizations and regulators can ensure that personal data is processed fairly, responsibly, and with respect for individual rights.
BIBLIOGRAPHY
LEGISLATIONS
General Data Protection Regulation (EU) 2016/679
Nigeria Data Protection Act 2023
Organization for Economic Co-operation and Development Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data 1980
WEBSITES
Christian Fernandez, ‘The Importance of Transparency in Data Privacy Policies’ (LinkedIn, October 14th, 2024) https://www.linkedin.com/pulse/importance-transparency-data-privacy-policies-fernandez-arambatzis-oxjjf accessed 2nd February 2026
Data Protection Commission < https://www.dataprotection.ie/en/organisations/know-your-obligations/accountability-obligation> accessed 1st February 2026
Joseph Alhadeff, Brendan Van Alsenoy, and Jos Dumortier ‘The Accountability Principle in Data Protection Regulation: Origin, Development and Future Directions’ (Springer Nature, 23 September 1980) <https://link.springer.com/chapter/10.1057/9781137032225_4#citeas> accessed 1st February 2026
Olumide Osundorile, ‘Openness or Transparency in Data Processing (Banwo and Ighodalo, May 26th, 2021) < https://www.banwo-ighodalo.com/grey-matter/openness-or-transparency-in-data-processing/> accessed 31st January, 2026
Robbie Araiza, ‘What is AI Data Governance and how does it Impact Businesses’ (Fortra, June 16th, 2025) < https://www.fortra.com/blog/ai-data-governance-challenges-and-best-practices-busine> accessed 2nd February 2026
Vlere Hyseni, ‘Data Protection Challenges’ (PECB, 30th April, 2024) < https://pecb.com/en/article/data-protectionchallenges#n> accessed 2nd February
