Meta, DHL, Opay under probe for data breaches in Nigeria
The Nigeria Data Protection Commission (NDPC) has launched investigations into the data processing activities of Meta (formerly Facebook), DHL, and Opay, following complaints from Nigerians over the violation of their data privacy rights.
The companies could face hefty fines of up to two percent of their annual gross revenue if found guilty of data infractions.
The NDPC is the regulatory body responsible for enforcing the Nigeria Data Protection Act, 2023, which aims to protect the personal data of Nigerians and promote the growth of the digital economy.
The Act stipulates the rights and obligations of data subjects, data controllers, and data processors, as well as the penalties for non-compliance.
According to sources privy to the investigations, Meta is accused of engaging in behavioural advertising without obtaining the explicit consent of data subjects. This could affect about 40 million Facebook accounts in Nigeria and have significant implications for the country’s digital economy.
DHL, on the other hand, is alleged to have violated the lawful basis and principles of data protection by failing to ensure the confidentiality, integrity, and availability of personal data.
The Act requires data controllers and processors to use appropriate technical and organisational measures to safeguard personal data from unauthorised access, disclosure, or loss.
Opay, a popular online payment platform, is also under scrutiny for allegedly opening bank accounts for data subjects without their consent. This could amount to a grave violation of data privacy rights of affected data subjects. Opay claims to have about 40 million users in Nigeria.
The NDPC has served each of the data controllers with a Notice of Investigation, giving them an opportunity to defend themselves against the allegations. The Commission has also warned other data controllers and processors in the country to comply with the Act or face sanctions.
The National Commissioner of NDPC, Dr. Vincent Olatunji, said the Commission would not hesitate in “safeguarding the integrity of Nigeria’s data economy ecosystem.”
He added that the Chief Executive Officers of Ministries, Departments and Agencies of government would be held liable for any infractions by their organisations.