FG has commenced the investigation of OPay, Meta, and DHL over data breach allegations.
NewsOnline reports that Fintech company, OPay, alongside social media giant, Meta, and courier company, DHL, are now under investigation by the Nigeria Data Protection Commission (NDPC) over allegations of data breach.
According to sources with knowledge of the probe, the three companies have been summoned by the Commission following the receipt of complaints against them alleging violations of data subjects’ rights.
READ ALSO: Supreme Court Announces Date to determine Nnamdi Kanu’s fate
Under the Nigeria Data Protection Act, the three companies are recognized as data controllers and are expected to observe certain precautions under the law while processing Nigerians’ data.
If found guilty, each of the company risks forfeiting 2% of their gross revenue to the Commission as a penalty as stipulated by the Data Protection Act.
According to one of the sources, who spoke with Nairametrics under the condition of anonymity because he was not authorised to speak to the media, each of the companies had different allegations against them, all bothering on the data breach.
- “Complaints against Meta touch on behavioural advertising without explicit consent of data subjects. Approximately 40 million Facebook accounts in Nigeria may have been affected by the data processing under investigation. This also has significant implications for the growth of Nigeria’s digital economy.
- “DHL on the other hand is facing investigation for allegedly violating the lawful basis and principles of data protection. According to a Civil Society Organization established to fight violations of citizens’ privacy rights, DHL’s data processing falls short of the confidentiality standard prescribed under the Nigeria Data Protection Act. According to section 24(2) of the Act (2) “A data controller and data processor shall use appropriate technical and organisational measures to ensure confidentiality, integrity, and availability of personal data.”
- “On its part, Opay may be called upon to answer for allegations that it opens bank accounts for data subjects without their consent. If this is true, it would amount to a grave violation of the data privacy rights of affected data subjects. A report attributed to Opay says it has about 40 million data subjects. Investigation shows that Nigeria Data Protection Commission has served each of the data controllers with Notice of Investigation,” the source said.
NewsOnline can recall that the National Commissioner, Dr. Vincent Olatunji, had, during the Commission’s presentation of the Nigeria Data Protection Act, 2023 reiterated the importance of safeguarding the integrity of Nigeria’s data economy ecosystem and also warned data controllers and processors against all forms of data processing which are not recognized under the Act. A violator of the Act is liable to pay as high as 2% of its gross revenue in the preceding year.
