Meta, DHL, Opay accused of data breaches, face sanctions

The Federal Government says it suspected that Meta, formerly known as Facebook, a haulage company, DHL, and online payment platform OPay are engaged in alleged data breaches.

As investigations continues into the activities of the companies, they would forfeit two per cent of their annual gross revenue to the government if found culpable.

Findings by The Nation revealed that there have been a barrage of complaints against the companies by Nigerians over the violation of data subjects’ rights.

It was learnt that the Nigeria Data Protection Commission has opened investigations into the data processing activities of the affected data controllers.

This is the second time the NDPC would open probes into the activities of some companies, banks and universities in the country over alleged data infractions.

Recall that the National Commissioner of NDPC, Dr Vincent Olatunji, had warned during the Commission’s presentation of the Nigeria Data Protection Act, 2023 to the public that infractions would attract penalties in accordance with the letter and spirit of law.

It was learnt that complaints against Meta touch on behavioural advertising without explicit consent of data subjects. Approximately 40 million Facebook accounts in Nigeria might have been affected by the data processing under investigation. This also has significant implication for the growth of Nigeria’s digital economy.

DHL on the other hand is facing investigation for allegedly violating the lawful basis and principles of data protection, it was discovered.

Sources privy to the investigations said DHL’s data processing falls short of the confidentiality standard prescribed under the Nigeria Data Protection Act. The Act in section 24(2) (2) notes that “A data controller and data processor shall use appropriate technical and organisational measures to ensure confidentiality, integrity, and availability of personal data.”

On its part, Opay might be called upon to answer for allegations that it opens bank accounts for data subjects without their consent. If this is true, it would amount to a grave violation of data privacy rights of affected data subjects.

A report attributed to Opay says the platform has about 40 million data subjects.

Finding shows that Nigeria Data Protection Commission has served each of the data controllers with Notice of Investigation.