The Federal Government of Nigeria has initiated investigations into the activities of Meta (formerly Facebook), DHL, and OPay over alleged data breaches, with potential consequences that could see the companies forfeiting two percent of their annual gross revenue to the government.
Numerous complaints have been lodged against these companies by Nigerian citizens regarding the violation of data subjects’ rights, prompting the government to take action. The Nigeria Data Protection Commission (NDPC) is currently conducting investigations into the data processing practices of these entities.
This marks the second time that the NDPC has launched probes into the activities of companies, banks, and universities within Nigeria over alleged data infractions. Dr. Vincent Olatunji, the National Commissioner of the NDPC, previously warned during the public presentation of the Nigeria Data Protection Act, 2023, that violations would lead to penalties in accordance with the law.
Olatunji emphasized the commission’s commitment to “safeguarding the integrity of Nigeria’s data economy ecosystem” and warned data controllers and processors against any form of data processing that does not align with the Act. He also stressed that Chief Executive Officers of Ministries, Departments, and Agencies of the government would be held accountable for any infractions.
Complaints against Meta primarily center on behavioral advertising conducted without the explicit consent of data subjects. This investigation potentially impacts approximately 40 million Facebook accounts in Nigeria, with significant implications for the country’s digital economy.
DHL, on the other hand, is facing scrutiny for allegedly violating the lawful basis and principles of data protection. Sources close to the investigations have revealed that DHL’s data processing practices may fall short of the confidentiality standards prescribed under the Nigeria Data Protection Act. The Act emphasizes the use of appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.
OPay, the online payment platform, could be called upon to address allegations that it has been opening bank accounts for data subjects without their consent, a serious violation of data privacy rights. Reports suggest that OPay’s platform may have approximately 40 million data subjects.
The Nigeria Data Protection Commission has served each of these data controllers with a Notice of Investigation, affording the companies the opportunity to defend themselves within the framework of the country’s legal system. The investigations will be closely watched as they unfold, as they could have far-reaching implications for data protection and privacy standards in Nigeria.