By 
The Nigeria Data Protection Commission (NDPC) is investigating data protection infractions by Meta (Facebook), other social media giants and financial actors including fintechs as the regulator pushes its intent to focus on enforcement in 2024.
RELATED: NDPC signals enforcement drive in 2024 with code of conduct for DPCOs
IT Edge Edge learnt that the privacy watchdog is investigating about 14 infractions by Meta including unlawful use of personal information without its users’ consent for purpose of marketing and advertisement in a way that exposes the users to privacy vulnerabilities.
Banks and gaming companies under scrutiny
The major banks that make up Nigeria’s big 5 and a host of fintechs including Opay and Moniepoint risk regulatory sanctions including hefty fines for privacy breaches “once investigations are concluded and it is proven that they have breached the law,” said a source in Abuja.
Adding: “Many of these companies are committing serious privacy violations as spelled out by the Nigeria Data Protection Act of 2023 and it’s the duty of the commission to ensure the law is respected.”
The NDPC is also investigating hacks and data thefts caused by “insubstantial security measures, preventable mistakes or cover-ups” all of which are “violations under the law particularly when these incidents are not officially reported to the commission,” said the source adding that many banks and online gaming companies including Bet9ja and 1XBet are already being scrutinized.
The online betting market is particularly of concern to the NDPC; over 65 million Nigerians are actively engaging in this sub-sector and are routinely exposed to “the worse possible data violations by betting operators.”
A report published last year by Orange Business Intelligence Technology (ORBIT) showed that Nigeria’s betting industry is the largest on the continent and has revenue in excess of $2 billion as at 2020.
Commission wants clearer compliance mechanism
The commission is insisting on a practicable and comprehensive compliance mechanism that limits privacy violations and eliminates exposure to prohibited contents or materials considered to influence unethical behaviour and could harm targeted users including those regarded as underage.
“TikTok and Facebook [Meta] are particularly guilty of this.”
The NDPC issued a Code of Conduct for Data Protection Compliance Organizations (DPCOs) in Nigeria last month. It expressed commitment to build a national privacy culture and strengthen privacy protections online while it stated that with the Data Protection Act now fully in place, the commission would make companies to be more accountable to the law through aggressive enforcement.
“Adherence to rules and regulations are important to sanity and growth of the industry,” the National Commissioner/CEO of the NDPC, Dr. Vincent Olatunji, told the DPCOs while urging them to see their role in the implementation of the Nigeria Data Protection Act (NDPA) 2023 as a public trust which must be guarded with utmost sense of responsibility.
Social media giants under more aggressive watch
Social media giants have continuously come under watch that is more aggressive by privacy regulators. Last year the European Union imposed a record $1.3 billion fine on Meta for wrongfully transferring user data from Europe to the United States.
Similarly, TikTok was fined EUR 345 million (about $367 million) by the Data Protection Commission (DPC), Ireland’s data watchdog, for failing to protect children’s privacy.
In Nigeria, authorities plan to engender a process allowing the public to express their complaints against privacy abuses so that the social media platforms could face sanctions including criminal penalties.
