Fintech firm OPay, in conjunction with social media giant Meta and courier company DHL, is currently facing an inquiry by the Nigeria Data Protection Commission (NDPC) regarding allegations of a data breach.
In accordance with insider information, the NDPC has summoned these three companies following the receipt of complaints alleging infringements on the rights of data subjects.
Data protection act
Under the Nigeria Data Protection Act, all three entities are categorized as data controllers and are thus obligated to adhere to specific data protection measures when handling the data of Nigerian citizens.
If found guilty, each of these companies could potentially face a penalty amounting to 2% of their gross revenue, as stipulated by the Data Protection Act.
According to an anonymous source who spoke to the media, each of these companies is facing distinct allegations related to data breaches.
Complaints against Meta pertain to behavioral advertising conducted without obtaining explicit consent from data subjects.
This investigation potentially affects around 40 million Facebook accounts in Nigeria and carries significant implications for the growth of the nation’s digital economy.
“DHL, on the other hand, is under investigation for purportedly violating the legal basis and principles of data protection.
A Civil Society Organization focused on safeguarding citizens’ privacy rights has raised concerns that DHL’s data processing does not meet the confidentiality standards outlined in the Nigeria Data Protection Act. Section 24(2) of the Act states that data controllers and data processors must employ appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.”
“OPay, meanwhile, may be called upon to address allegations that it opens bank accounts for data subjects without their explicit consent.
If substantiated, this would constitute a serious violation of the data privacy rights of those affected. OPay has reportedly stated it has approximately 40 million data subjects.
The Nigeria Data Protection Commission has reportedly issued a Notice of Investigation to each of these data controllers,” the source stated.