Doxxing: A Cybercrime That Violates Data Privacy and Protection

DOXXING AS A CYBERCRIME IN NIGERIA:

A Legal Analysis in Light of the Cybercrimes (Amendment) Act 2024

By Dada, Olumide Olumuyiwa, LLB, ACIPM, HRPL, LLM Candidate

 

Abstract

The digital age has given rise to a particularly dangerous form of harassment known as doxxing — the deliberate, non-consensual online exposure of a person's private information with intent to harm. This article examines how Nigerian law addresses doxxing conduct, with particular focus on the changes introduced by the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024, signed into law by President Bola Ahmed Tinubu on 28 February 2024. The 2024 Amendment significantly reformed the most controversial provision, Section 24, stripping it of its previously vague and overbroad language in partial compliance with the ECOWAS Court of Justice judgment in Inc. Trustees of Laws and Rights Awareness Initiative v. Federal Republic of Nigeria (ECW/CCJ/JUD/16/20). The article analyses the amended provisions applicable to doxxing, situates them within Nigerian case law — including the landmark decisions in Okedara v. Attorney-General of the Federation and Eniola Badmus v. Okoye Blessing Nwakaego — and draws on comparative jurisprudence from the United States, United Kingdom, and Australia. While the 2024 Amendment represents meaningful progress, this article argues that it falls short of a comprehensive solution and that targeted anti-doxxing legislation remains necessary.

 

1. Introduction: Your Private Life, Made Public

Picture this: you wake up one morning to find your home address, phone number, workplace, and family photographs circulating freely on social media posted by someone who intends to humiliate you, silence you, or worse, send others to your door. This is doxxing. It is not a hypothetical threat. It is a growing reality for journalists, activists, public figures, and ordinary Nigerians who have attracted the attention of malicious actors in the digital space.

The word doxxing derives from the informal abbreviation of "dropping documents" — that is, publishing a dossier of personal information about a target. The International Encyclopedia of Gender, Media, and Communication defines it as the intentional revelation of a person's private information online without their consent, often with malicious intent, including the sharing of phone numbers, home addresses, identification numbers, personal photographs, and any other information that could expose the victim to harassment, humiliation, stalking, or real-life threats (Sen Nguyen, CNN, 2023).

Doxxing is a tool of intimidation. Its victims are disproportionately women, activists, journalists, and minority voices. When personal information is weaponised online, the consequences can be devastating from job loss and reputational damage to physical violence.

In Nigeria, this conduct is not without legal consequence. The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 ("the Principal Act") already contained provisions applicable to doxxing conduct. On 28 February 2024, President Bola Tinubu signed the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024 ("the 2024 Amendment" or "the Amended Act"), which amended twelve sections of the Principal Act and significantly transformed the most frequently debated provision — Section 24. This article analyses both the original framework and the changes introduced by the 2024 Amendment, and asks: how well-equipped is Nigeria's law to deal with doxxing today?

2. Understanding Doxxing: Definition, Forms, and Harms

Before turning to the law, it is important to understand what doxxing actually involves. Doxxing is not a single, uniform act. It manifests in a variety of forms, each with distinct motivations and consequences:

•         Targeted harassment doxxing: A person's private contact information is shared in online communities with an invitation explicit or implicit for others to harass them. This is the most common form.

•         Revenge doxxing: Private information, sometimes including intimate photographs or messages, is shared by a former partner as a form of retribution.

•         Vigilante doxxing: Information about a person accused of wrongdoing is published to expose them to public censure sometimes with tragic consequences, even where the accusation is false.

•         Politically motivated doxxing: Activists, journalists, or public officials are targeted in order to silence their views or deter their public participation.

The harms caused by doxxing are well-documented. They include severe psychological distress, damage to professional reputation, economic loss, physical danger including stalking and assault, and in extreme cases death. In the United States, the case of Anglin v. Gresh illustrates this vividly: a sustained doxxing campaign targeting Tanya Gersh, a Jewish real estate agent, resulted in her receiving hundreds of threatening and antisemitic messages. The perpetrator, Andrew Anglin, was ordered to pay USD $14 million in damages one of the largest doxxing-related civil judgments on record.

It is within this context of real and measurable harm that Nigerian law must be assessed.

3. The Legal Framework Before the 2024 Amendment

The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 was enacted as a unified legal framework for combating cybercrimes in Nigeria. When it came to doxxing, three provisions were especially relevant: Section 24 (cyberstalking and offensive electronic communications), Section 22 (identity theft and impersonation), and Section 13 (computer-related forgery).

However, Section 24 quickly became notorious not merely for what it criminalised, but for how it was misused. The original Section 24(1)(b) criminalised messages sent "for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, ill will, or needless anxiety." These sweeping, ill-defined terms gave law enforcement near-unlimited discretion to criminalise online expression, and that discretion was repeatedly abused.

Inc. Trustees of Laws and Rights Awareness Initiative v. Federal Republic of Nigeria (ECOWAS Court of Justice, ECW/CCJ/JUD/16/20, 2020): In this landmark case, the ECOWAS Court of Justice declared Section 24 of the 2015 Act vague, arbitrary, and repressive. The court held that the provision violated Article 9 of the African Charter on Human and Peoples' Rights and Article 19 of the International Covenant on Civil and Political Rights (ICCPR) international instruments to which Nigeria is a party and ordered Nigeria to repeal or amend Section 24 accordingly. The Federal Government ignored this judgment for four years, continuing to deploy Section 24 against journalists and critics, before finally acting in 2024.

Okedara v. Attorney-General of the Federation (Court of Appeal, Lagos, 2020): Simultaneously, Solomon Okedara, a Lagos-based digital rights lawyer, challenged Section 24 in the Nigerian courts on the ground that it violated Section 39 of the 1999 Constitution (freedom of expression). The Federal High Court per Buba J. dismissed the application, holding that Section 24(1) was not unconstitutionally vague. The Court of Appeal affirmed this, finding that the restriction on free expression was a permissible limitation under Section 45 of the Constitution. Notably, however, Okedara himself later commented after the 2024 Amendment that the reformed provision "could have been more specific in wording" acknowledging that even the amended version leaves room for misuse.

The documented use of Section 24 against journalists is extensive. Journalist Jones Abiri was charged under the Cybercrimes and Terrorism Acts in 2019 for his reporting. In 2023, journalist Saint Mienpamo Onitsha was arrested, flown to Abuja, and charged under Section 24 for his reporting on tensions in Nigeria's Niger Delta. These cases illustrated precisely the danger of vague statutory language in a legal environment with limited judicial oversight of prosecutorial conduct.

4. The Cybercrimes (Amendment) Act 2024: What Changed?

Overview: Signed into law on 28 February 2024, the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024 amended twelve sections of the Principal Act. It was sponsored by Senator Shehu Buba (APC, Bauchi South) and represented the Federal Government's long-overdue response to the 2020 ECOWAS Court judgment. The key changes relevant to doxxing are examined below.

4.1 The Amended Section 24: A Narrower, More Targeted Provision

The most significant change for doxxing purposes is the wholesale reformulation of Section 24(1). The old provision — with its sweeping references to "annoyance," "ill will," "needless anxiety," and "grossly offensive" messages — has been replaced with a considerably narrower formulation. The amended Section 24(1) now reads:

"Any person who knowingly or intentionally sends a message or other matter by means of computer systems or network that (a) [is] pornographic; or (b) he knows to be false, for the purpose of causing a breakdown of law and order, posing a threat to life, or causing such messages to be sent commits an offence under this Act and shall be liable on conviction to a fine of not more than N7,000,000.00 or imprisonment for a term of not more than 3 years or to both such fine and imprisonment."

The penalty remains unchanged: a fine of not more than N7,000,000 or imprisonment for up to three years, or both.

The implications for doxxing law are significant and must be understood in both their positive and limiting dimensions.

What the Amendment achieves: By removing the words "annoyance," "insult," "ill will," "needless anxiety," and "grossly offensive" from Section 24, the 2024 Amendment substantially reduces the risk of the provision being used as a weapon against legitimate journalism, political criticism, and ordinary online expression. The new provision is narrower and more focused: it targets content that is pornographic, or that is knowingly false and designed to threaten life or cause a breakdown of public order. This construction aligns more closely with the democratic principle that criminal law should target harmful conduct, not mere offensiveness.

What the Amendment does not fully achieve implications for doxxing: Here lies the critical limitation for doxxing victims. The original Section 24(1)(b), for all its flaws, could conceivably capture a range of doxxing conduct the deliberate publication of private information to cause "enmity," "criminal intimidation," or harassment of a target. The amended Section 24 criminalises only two categories: pornographic content, and knowingly false content sent to cause breakdown of law and order or a threat to life. Doxxing, however, frequently involves the disclosure of information that is true a person's real home address, real phone number, real employer. Such true-but-harmful doxxing conduct does not fit neatly within the amended Section 24(1)(b), which requires the content to be false.

Furthermore, as civil society organisations including Paradigm Initiative and SERAP have observed, the phrase "causing a breakdown of law and order" remains undefined. As the Centre for Journalism Innovation and Development (CJID) has noted, this undefined phrase could still be weaponised by law enforcement: a publication can be characterised as capable of causing a "breakdown of law and order" with considerable latitude, depending on who is doing the characterising.

The application of the amended Section 24 to doxxing was tested in the important decision of Eniola Badmus v. Okoye Blessing Nwakaego (Suit No. FHC/L/CS/2023, Federal High Court, Lagos, decided 2 August 2023 pre-amendment, but decided under the Principal Act). In that case, TikToker Okoye Blessing Nwakaego was charged under Sections 24(1)(b), 24(2)(a)(c) and 27 of the Cybercrimes Act for spreading false and defamatory content about Nollywood actress Eniola Badmus across TikTok, Gossipmill TV, and Remedy Blog. The false video which falsely alleged that Badmus was a pimp was viewed by over three million people. Justice Nicholas Oweibo convicted Nwakaego on a guilty plea and sentenced her to three years' imprisonment, with an option of a fine of N150,000. Under the 2024 Amendment, the conduct in Eniola Badmus the deliberate spread of knowingly false content about a named individual would still fall within Section 24(1)(b) of the amended Act, since it involved false information. What changes is that cases involving true disclosures (classic doxxing) are now harder to prosecute under Section 24 alone.

4.2 Amended Section 22: Expanded Identity Theft Provisions

The 2024 Amendment also significantly expanded the scope of Section 22, which deals with identity theft and impersonation. Under the original 2015 Act, Section 22 liability for identity theft was limited primarily to employees of financial institutions. The amended Sections 22 and 27 now extend this liability to employees in all sectors. Any person regardless of their industry who misuses their access to personal data to fraudulently impersonate another or to obtain property under false pretences may now be held criminally liable.

Under the 2024 Amendment, the penalty for identity theft under Section 22 was also updated: upon conviction, an offender may be liable to imprisonment for a term of not more than five years, or a fine of not more than N7,000,000, respectively.

For doxxing cases where the perpetrator goes beyond merely revealing information and proceeds to use that information to impersonate the victim online or commit fraud in the victim's name the expanded Section 22 provides a more powerful prosecutorial tool than the 2015 Act afforded.

This position finds international support in the US Supreme Court decision in Elonis v. United States 575 U.S. 723 (2015), where the court held that criminal liability for harmful online conduct requires proof of the defendant's mental state. The "fraudulent or dishonest" intent requirement in the amended Section 22 mirrors this approach, ensuring that liability attaches only where there is genuine malicious intent.

4.3 Section 13: Computer-Related Forgery (Unchanged)

Section 13 of the Cybercrimes Act, which criminalises computer-related forgery including the fabrication and dissemination of false electronic documents containing personal information was not substantively amended by the 2024 Act. It remains available in doxxing cases where the perpetrator manufactures fake screenshots, forged messages, or fabricated records to accompany the exposure of a victim's personal details. The penalty is a fine not exceeding N7,000,000 or imprisonment for up to seven years, or both.

4.4 Other Relevant 2024 Amendments

Data retention and service provider obligations (amended Section 38): The 2024 Amendment imposes enhanced data retention obligations on service providers, who must now keep and protect traffic data and subscriber information for two years. While this raises legitimate concerns about mass surveillance, it also strengthens the investigative toolkit available to law enforcement in doxxing cases: digital footprints that might previously have been lost can now be preserved for prosecution.

72-hour cyber threat reporting (amended Section 21): The timeline for reporting cyber threats was shortened from seven days to 72 hours. While this provision primarily targets institutional cyber threats rather than individual doxxing incidents, it reflects a broader effort to build a more responsive cyber incident management ecosystem.

Cybersecurity levy (Section 44): The 2024 Amendment introduced an electronic transaction levy of 0.5% on transactions by specified businesses to fund the National Cybersecurity Fund. Though unrelated to doxxing directly, this levy is intended to resource Nigeria's cybersecurity infrastructure, including institutions that support cybercrime enforcement.

5. The Nigeria Data Protection Act 2023: A Complementary Shield

Beyond the Cybercrimes Act as amended, the Nigeria Data Protection Act 2023 (NDPA) Nigeria's most comprehensive data protection statute provides an important complementary layer of protection for doxxing victims. The NDPA, which replaced the Nigeria Data Protection Regulation 2019, governs the collection, storage, processing, and disclosure of personal data. The non-consensual disclosure of a person's personal data precisely what doxxing involves constitutes a violation of the NDPA, and the Nigeria Data Protection Commission (NDPC) established under the Act has the power to investigate complaints and impose administrative sanctions.

Notably, the 2024 Amendment to the Cybercrimes Act explicitly requires service providers to comply with the NDPA (amended Section 38), creating a formal link between the two legal regimes. This means that a doxxing victim may pursue remedies on two simultaneous tracks: a criminal prosecution under the Cybercrimes Act (Amended) and a regulatory complaint to the NDPC under the NDPA. This dual-track approach represents a meaningful improvement in the legal landscape for privacy protection in Nigeria.

6. International Comparative Analysis

A brief comparative survey of how other jurisdictions approach doxxing is instructive both as a guide to best practice and as a measure of where Nigerian law currently stands, post-amendment.

6.1 United States

The United States does not have a single federal anti-doxxing statute. However, the Interstate Communications Act (18 U.S.C. § 875), the federal Stalking statute (18 U.S.C. § 2261A), and the Computer Fraud and Abuse Act can be applied in appropriate cases. California Penal Code Section 653.2 makes it unlawful to use an electronic device to intentionally cause another person to fear for their safety or to make their personal information available for malicious purposes.

On the free speech tension, in Bartnicki v. Vopper 532 U.S. 514 (2001), the Supreme Court confirmed that the First Amendment protects the publication of truthful information. This is the core challenge for anti-doxxing legislation: much doxxing involves the publication of information that is true. The Nigerian approach, post-amendment, now faces the same conceptual challenge the amended Section 24(1)(b) requires content to be false, meaning true-but-harmful doxxing is not clearly captured. By contrast, in Virginia v. Black 538 U.S. 343 (2003), the Supreme Court confirmed that "true threats" communications designed to make the recipient fear for their safety are unprotected by the First Amendment, providing an opening for anti-doxxing measures where the disclosure is accompanied by incitement.

6.2 United Kingdom

In the United Kingdom, the Online Safety Act 2023 which came into force in October 2023  represents a significant development in online harm regulation and specifically requires major platforms to address harassment and doxxing conduct. The existing Malicious Communications Act 1988 and Protection from Harassment Act 1997 continue to provide both criminal and civil remedies. The UK model of platform regulation, placing proactive obligations on social media companies to remove harmful content including doxxing material, is increasingly seen as the future direction of effective regulation globally.

6.3 Australia — A Model for Reform

Australia has recently enacted what is arguably the world's most direct legislative response to doxxing. Following a 2024 incident in which the personal details of over 600 Australian Jewish academics and creatives were leaked from a private WhatsApp group, leading to death threats and harassment campaigns, the Australian government enacted the Privacy and Other Legislation Amendment Act 2024, in force from 10 December 2024. This legislation inserted specific doxxing offences into the federal Criminal Code Act 1995, with serious penalties including imprisonment.

Australia's approach is notable for three reasons. First, it defines doxxing precisely and distinctly, removing the interpretive uncertainty that plagues general cybercrime provisions. Second, it recognises both the targeted individual and the community affected by coordinated doxxing. Third, its serious penalties signal genuine legislative commitment to deterrence. Nigeria would do well to study this model carefully.

7. Doxxing, the 2024 Amendment, and the Freedom of Expression

The 2024 Amendment was, in significant part, motivated by free expression concerns specifically, the ECOWAS Court's finding that the original Section 24 was incompatible with the African Charter and the ICCPR. The amendment therefore consciously sought to narrow the law's reach, reducing the risk that it would be weaponised against journalists and critics.

Paradoxically, this narrowing creates a gap for doxxing victims. The more precisely the law is focused on false speech and threats to public order, the less it captures the core doxxing scenario the malicious disclosure of true private information. This tension between protecting free expression and protecting individual privacy is one of the central challenges in digital rights law, and the 2024 Amendment, to its credit, does not ignore it but it also does not fully resolve it.

As SERAP and the Nigeria Guild of Editors have jointly observed, Section 24 of the Cybercrimes Act as amended still attracts criticism for residual vagueness. The phrase "causing a breakdown of law and order" is undefined, and the penalty up to three years' imprisonment and/or N7,000,000 remains severe. Six civil society organisations, in a joint statement issued in March 2024, called on the Federal Government to go further: to introduce judicial oversight requirements, to define key terms explicitly, and to create clear safe harbours for journalism and political commentary.

Notwithstanding these concerns, the Court of Appeal's reasoning in Okedara v. Attorney-General of the Federation (2020) remains relevant: the right to free expression guaranteed by Section 39 of the Constitution is not absolute, and a proportionate, precisely worded restriction aimed at protecting individuals' privacy and physical safety from online attack is constitutionally justifiable under Section 45. The 2024 Amendment moves Section 24 closer to that justifiable standard but further work remains to be done.

8. Remaining Legislative Gaps and the Case for Further Reform

Despite the positive changes introduced by the 2024 Amendment, significant gaps remain in Nigeria's legal treatment of doxxing. These weaknesses limit the ability of victims to obtain effective redress and reduce the deterrent effect of the law.

First — No specific anti-doxxing offence: The 2024 Amendment, for all its improvements, did not introduce a dedicated doxxing offence. Doxxing that does not involve false content — which is to say, most doxxing  remains outside the clear reach of the amended Section 24. As the Fountain University Law Journal (2025) has observed, the Cybercrimes Act as amended still fails to directly criminalise doxxing, trolling, and the non-consensual sharing of location and identity data.

Second — Under-protection of technology-facilitated gender-based violence: As noted by LIRAD Nigeria (2025), the removal of "obscene or indecent" content from the amended Section 24 means that certain non-threatening but deeply harassing behaviours — such as unsolicited obscene images and persistent online sexual harassment — may no longer clearly fall within the provision. The threshold for illegality is now higher, potentially leaving some victims without recourse.

Third — Continued misuse post-amendment: The Al Jazeera reporting of April 2024 documented that journalists continued to be arrested under Section 24 even after the February 2024 Amendment, with law enforcement agencies citing the 2015 Act as authority. This reflects not only a failure of training and compliance within law enforcement but also the persistent ambiguity introduced by the phrase "breakdown of law and order." The SSRN paper by Prince Ederagobor (2025) concludes that the amendment "remains insufficient in shielding Nigerian citizens from arbitrary criminalisation of online expression."

Fourth — Inadequate penalties for the scale of harm: In the Eniola Badmus case, involving content viewed by over three million people, the court granted the option of a fine of a mere N150,000  a sum widely criticised as inadequate. While the statutory maximum fine of N7,000,000 is available, the exercise of sentencing discretion in this case failed to reflect the gravity of harm at scale.

The reform agenda is clear. Nigeria should:

•         Enact a dedicated anti-doxxing provision that expressly criminalises the non-consensual online disclosure of personal information with intent to harm, regardless of whether the information disclosed is true or false.

•         Define "breakdown of law and order" in Section 24, as recommended by the ECOWAS Court and civil society organisations, to eliminate residual ambiguity.

•         Introduce explicit judicial oversight requirements before law enforcement agencies can use the Cybercrimes Act to arrest individuals for online expression.

•         Study and adapt Australia's Privacy and Other Legislation Amendment Act 2024 as a targeted legislative model.

•         Align sentencing practice with the gravity of harm, particularly where online harmful content is amplified to millions of viewers.

9. Conclusion

Nigeria's legal response to doxxing has improved significantly with the passage of the Cybercrimes (Amendment) Act 2024. The reformed Section 24 is narrower, less susceptible to misuse against journalists and critics, and more aligned with Nigeria's obligations under the African Charter and the ICCPR. The expanded identity theft provisions in Section 22 extend protection to victims across all sectors, not just the financial industry. And the explicit link to the Nigeria Data Protection Act 2023 creates a dual-track framework through which doxxing victims may seek both criminal redress and regulatory relief.

Yet the current framework is incomplete. The absence of a specific doxxing offence, the gap in addressing true-but-harmful disclosures of private information, and the persistence of enforcement abuses all represent serious weaknesses. The experience of the Eniola Badmus case — a striking conviction for the deliberate spread of false personal content — shows that Nigerian courts can and will act. What is needed is a legal architecture that gives them the right tools for the full range of doxxing conduct.

The digital world is not a lawless space. The 2024 Amendment brought Nigeria meaningfully closer to a protective framework that is fit for the twenty-first century. The next step — specific, clear, proportionate anti-doxxing legislation — is one the National Assembly should take without further delay.

 

Key Cases Cited

¹ Inc. Trustees of Laws and Rights Awareness Initiative v. Federal Republic of Nigeria, ECW/CCJ/JUD/16/20 (ECOWAS Court of Justice, 2020) — Section 24 of the 2015 Act declared vague, arbitrary and repressive; Nigeria ordered to amend.

² Okedara v. Attorney-General of the Federation (Court of Appeal, Lagos, 2020) — Section 24 upheld as constitutionally valid; freedom of expression restrictions permissible under Section 45 of the 1999 Constitution.

³ Eniola Badmus v. Okoye Blessing Nwakaego, Suit No. FHC/L/CS/2023 (Federal High Court, Lagos, 2 August 2023) — TikToker convicted and sentenced to 3 years' imprisonment (option N150,000 fine) for spreading false defamatory content viewed by over three million people.

⁴ Elonis v. United States, 575 U.S. 723 (2015) — subjective intent required for criminal liability for online threatening communications.

⁵ Bartnicki v. Vopper, 532 U.S. 514 (2001) — First Amendment protects publication of lawfully obtained truthful information; central tension with anti-doxxing law.

⁶ Virginia v. Black, 538 U.S. 343 (2003) — 'true threats' are unprotected by the First Amendment; basis for anti-doxxing prosecutions where disclosure is accompanied by incitement.

⁷ Anglin v. Gresh (U.S. District Court, Montana) — USD $14 million civil damages for doxxing-related antisemitic harassment campaign.

 

References

Cybercrimes (Prohibition, Prevention, etc.) Act, 2015 (Nigeria), as amended by the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act, 2024.

Nigeria Data Protection Act, 2023.

Constitution of the Federal Republic of Nigeria, 1999 (as amended).

California Penal Code, § 653.2 (USA).

Online Safety Act 2023 (United Kingdom).

Protection from Harassment Act 1997 (United Kingdom).

Malicious Communications Act 1988 (United Kingdom).

Privacy and Other Legislation Amendment Act 2024 (Australia).

European Union General Data Protection Regulation (GDPR), Regulation 2016/679.

African Charter on Human and Peoples' Rights.

International Covenant on Civil and Political Rights (ICCPR), Article 19.

UN Human Rights Committee, General Comment No. 34 on Article 19 ICCPR (2011).

Sen Nguyen, 'What is Doxxing?' CNN (7 February 2023) <https://amp.cnn.com/cnn/2023/02/07/world/what-is-doxxing-explainer> accessed 10 January 2025.

Templars Law, 'The Cybercrimes (Prohibition, Prevention, Etc.) (Amendment) Act 2024' (August 2024) <https://www.templars-law.com/app/uploads/2024/08/Cybercrimes.pdf> accessed 15 January 2025.

Hamu Legal, 'Highlights of Cybercrimes (Prohibition, Prevention, Etc.) (Amendment) Act 2024' (May 2024) <https://hamulegal.com> accessed 15 January 2025.

The Nigerian Lawyer / LawPavilion, 'Amendment of Section 24 of the Cybercrimes Act 2015: A Fruit of Strategic Litigation' (April 2024) <https://lawpavilion.com/blog> accessed 15 January 2025.

Centre for Journalism Innovation and Development (CJID), 'Understanding Nigeria's Cybercrimes Act and its Implementation Mechanism' <https://thecjid.org> accessed 15 January 2025.

Jonathan Rozen, 'Nigeria's Cybercrime Reforms Leave Journalists at Risk' Al Jazeera (20 April 2024) <https://www.aljazeera.com/opinions/2024/4/20/nigerias-cybercrime-reforms-leave-journalists-at-risk> accessed 15 January 2025.

Paradigm Initiative, 'Press Release: Coalition Lauds Cybercrimes Act Amendment' (19 March 2024) <https://paradigmhq.org> accessed 15 January 2025.

SERAP and Nigeria Guild of Editors, 'End Use of Cybercrime Act Against Journalists' (4 May 2025) <https://serap-nigeria.org> accessed 15 January 2025.

LIRAD Nigeria, 'Analysis of Nigeria's Cybercrime (Amendment) Act 2024 and Technology-Facilitated Gender-Based Violence' (2025) <https://liradnigeria.org> accessed 15 January 2025.

Prince Ederagobor, 'Digital Speech on Trial: Section 24 of Nigeria's Cybercrime Act and its Impact on Civil Liberties' (July 2025) SSRN <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5315568> accessed 15 January 2025.

TechHive Advisory, 'Nigeria Cybercrimes Act Amendment: Charting Future Direction' <https://www.techhiveadvisory.africa> accessed 15 January 2025.

Tamarix Law, 'Cybercrimes Act 2025: Nigeria's Cybercrime Law Explained' <https://tamarix.law/cybercrimes-act-2025> accessed 15 January 2025.

Oxford Academic — International Data Privacy Law, 'Personal Data and Personal Safety: Re-examining the Limits of Public Data in the Context of Doxing' (2023) 13(3) 182.

Fountain University Law Journal, Vol. 2 No. 4 (2025) — Cyberbullying in Nigeria: Legal Challenges and Reform.

NALTF, 'Nigeria's Cybercrime Reform' <https://naltf.gov.ng/nigerias-cybercrime-reform/> accessed 15 January 2025.

FIRE (Foundation for Individual Rights and Expression), 'Is Doxxing Illegal? Doxxing, Free Speech, and the First Amendment' <https://www.fire.org> accessed 10 January 2025.