Meta, DHL, and OPay Under Investigation for Alleged Data Breach

The federal government has commenced an investigation into the activities of alleged data breaches at Meta, DHL, and Opay. 

If any of these companies are found guilty of data breaches, they will forfeit 2% of their annual gross revenue to the government.

This development comes after a series of complaints were submitted against these firms by Nigerians over violations of data subject’s rights.

The Nigeria Data Protection Commission (NDPC) opened the investigations after complaints of data breaches surged.

According to the NDPC, this is going to be the second time the commission will be investigating the activities of some firms, banks, and universities over the issues of alleged data infractions.

During the presentation of the Nigerian Data Protection Act, 2023, the National Commissioner of the NDPC, Dr. Vincent Olatunji, warned the general public that data infractions will attract penalties that are by the law.

He said the commission will not hesitate to "safeguard the integrity of Nigeria's data economy ecosystem."

He warned data controllers and processors against violating the Data Act—he insisted that CEOs of ministries, departments, and agencies of government would be held accountable for data infractions.

The report shows that the complaints dropped against Meta were about behavioural advertising without the explicit consent of data subjects. At the moment, 40 million Facebook accounts in Nigeria might have been affected by data processing. However, this is still under investigation, and the result will be known when the NDPC is done probing.

DHL, on the other hand, is facing a probe for violating the lawful basis and principles of data protection.

Sources privy to the investigations said DHL’s data processing falls short of the confidentiality standard prescribed under the Nigeria Data Protection Act. The Act in Section 24(2)(2) notes that “A data controller and data processor shall use appropriate technical and organizational measures to ensure confidentiality, integrity, and availability of personal data.” The Nation reported.

Also, Opay is said to face questioning about opening bank accounts for data subjects without their consent. A report shows that Opay has about 40 million data subjects.

The Nigeria Data Protection Commission has given the data controllers a notice of investigation.