The probe, ordered by Dr. Vincent Olatunji, the national commissioner, comes amid growing global scrutiny of the platform’s aggressive data collection tactics.

With approximately 12.7 million Nigerian users already on the platform, the NDPC is moving to ensure that the ultra-low-cost shopping experience doesn’t come at the expense of national data sovereignty.

The Allegations: A ‘Red Flag’ on Surveillance

The investigation was triggered by a series of high-level concerns regarding how Temu handles the sensitive information of its Nigerian data subjects.

According to the NDPC, the probe will focus on several key pillars of the Nigeria Data Protection (NDP) Act:

• Online Surveillance: Concerns that personal data processing is being used for intrusive tracking.
• Data Minimization: Whether Temu is collecting more data than is strictly necessary for e-commerce transactions.
• Cross-Border Transfers: Investigating how and where the data of Nigerians is stored and shared internationally.
• Transparency & Accountability: Assessing if Temu is being clear with users about who has access to their information.

Temu has scaled rapidly in Nigeria, mirroring its global trajectory of reaching 70 million daily active users.

However, its business model, which relies heavily on gamified rewards and data-driven marketing, has often put it at odds with regulators.

For the NDPC, this is a “test case” for the enforcement of the NDP Act against global tech giants. The Commission is particularly interested in the Duty of Care, the legal obligation of the platform to protect users from data breaches or unauthorized access.

The Warning: Third-Party Processors in the Crosshairs

In a significant addition to the probe, the National Commissioner issued a stern warning to local and international data processors (logistics firms, payment gateways, and cloud providers) working with Temu.

Under the NDP Act, processors can be held liable if they engage in activities on behalf of a controller (like Temu) without verifying that the controller is fully compliant with Nigerian law.

“Processors who engage in processing activities on behalf of data controllers without verifying their compliance with the NDP Act may be liable,” the Commission warned.

The Scale of the Investigation

The investigation, led by Babatunde Bamigboye, head of Legal, Enforcement & Regulations, will likely involve a deep audit of Temu’s backend architecture and privacy policies.

If found in violation, Temu could face significant fines or even a temporary suspension of operations in Nigeria, similar to the regulatory hurdles faced by other global platforms that have previously clashed with Nigerian digital laws.

For now, the NDPC is signaling that the era of “unchecked” data harvesting by foreign e-commerce platforms is over.

Meanwhile, Temu has opted for constructive dialogue engagement with NDPC. See more here.

The post BREAKING: NDPC Probes Temu over Alleged Privacy Violations in Nigeria appeared first on Tech | Business | Economy.

The companies under investigation cut across some of Nigeria’s most sensitive industries. They include 795 financial institutions, 392 insurance brokers, 35 insurance companies, 10 pension firms, and 136 gaming operators. Each has been given 21 days to prove compliance or risk sanctions.

According to a statement signed by Babatunde Bamigboye, head of Legal, Enforcement and Regulations at the NDPC, the affected organisations must present evidence of their 2024 compliance audit returns, the appointment of a Data Protection Officer with full contact details, as well as technical and organisational safeguards they have put in place. 

They are also expected to confirm registration as a “data controller or processor of major importance.”

“These organisations are required to within 21 days of issuance provide evidence of filing NDP Act Compliance Audit Returns for 2024, evidence of designation or appointment of a Data Protection Officer, including name and contact details. 

“They are also to provide summary of technical and organisational measures for data protection within the organisation and evidence of registration as a data controller or processor of major importance,” the Commission stated.

The Commission argues that such enforcement is necessary to secure citizens’ rights under the 1999 Constitution and to strengthen trust in Nigeria’s digital economy. The NDPC says that failure to comply could trigger fines, enforcement orders, or even criminal prosecution as stipulated under the NDPA.

This latest development comes weeks after Multichoice Nigeria was fined ₦766.2 million for data protection violations, the biggest penalty imposed so far. 

The pay-TV operator was found guilty of intrusive data practices, unauthorised cross-border transfers, and processing subscriber and non-subscriber data without proper consent.

National Commissioner, Dr Vincent Olatunji, explained that the Commission operates a remediation-first approach to enforcement. He noted that businesses willing to correct violations are given an opportunity to do so before penalties are applied.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise? It’s only when an organisation is unwilling to comply with the law that we are forced to impose sanctions,” he said.

Experts believe the Commission’s growing assertiveness shows a turning point. For years, compliance was largely voluntary, but this change shows that regulators are no longer content with awareness campaigns. 

The NDPA, modelled after global standards such as the GDPR, is designed both to protect Nigerians’ personal data and also to give local firms credibility in regional and international markets.

The post NDPC Launches Probe into 1,369 Organisations Over Data Protection Breaches appeared first on Tech | Business | Economy.

NDPC said this is following investigations into [alleged] violations of Nigeria Data Protection Act, 2023 and the Nigeria Data Protection Regulation, 2019.

Babatunde Bamigboye, head of Legal, Enforcement and Regulations at NDPC, confirmed to Techeconomy, Fidelity Bank is expected to pay the fine within 14 days upon the receipt of the Notice.

He said the investigation into the data processing activities of Fidelity Bank PLC was triggered by a complaint from a data subject whose personal data was collected without lawful basis for the purposes of opening an account for the data subject.

“This complaint was lodged with the Commission in April 2023.

“The Commission reviewed the data processing platforms of Fidelity Bank and found that in certain critical cases, the Bank processes personal data without informed consent of data subjects.

“Data processing tools such as cookies and banking apps were deployed in violation of the NDP Act. Its banking App at the material time had been downloaded over one million times.

Apart from internal non-compliance, the Bank relies on some non-compliant third-party data processors.

“The law not only enjoins an organization to be compliant, it also mandates its relevant vendors, agents or contractors, among others to be accountable when handling personal data of individuals.

“It is to be noted that the initial decision of the Commission was issued since July 2023 and a directive to pay a remedial fee was issued in December 2023 Over ten correspondences were exchanged.

“The Commission issued repeated warnings to no avail. The Commission gave several opportunities for full accountability for over one year – taking into account the need to encourage compliance as a culture.

“However, Fidelity Bank did not provide requisite, satisfactory remedial plan.

Dr. Vincent Olatunji, the national commissioner and CEO of the Nigeria Data Protection Commission, had enjoined Data Controllers and Data Processors to eschew acts that may undermine trust and confidence in Nigeria’s capacity to protect data driven decisions and transactions.

Dr. Olatunji notes that without demonstrable assurance of accountability in the exchange of goods and services, economic growth would be gravely hampered.

“However, through compliance with laws that protect freedoms of individuals, their lives and livelihoods, Nigeria will witness more and more momentum for sustainable development” he said.

Meanwhile, Fidelity Bank has yet to issue statement regarding the developing story, as at the time of filing this report.

Bank denied any wrong doing that could have warranted the fine – Continue Reading HERE.

The post FG Slams N555,800,000 Fine on Fidelity Bank appeared first on Tech | Business | Economy.

Nigeria will on Saturday 28th of January 2023 join the international community to observe Global Data Privacy Day 2023.

“It is a Day that has been set aside to create awareness of fundamental rights and freedoms relating to the privacy of citizens in the data processing ecosystem”, a statement signed by Babatunde Bamigboye, the Head, Legal Enforcement and Regulations, at NDPB, reads.

“In line with the overarching global objective of awareness on data privacy, the Nigeria Data Protection Bureau (NDPB), will be organizing a National Privacy Week, which is a week of intensive focus on awareness creation in the area of data subjects’ rights, capacity building on data governance, data breach remediation among others.

“The Hon. Minister of Communications and Digital Economy, Prof. Isa Ali Ibrahim Pantami, will flag-off the National Privacy Week with a press conference on the Global Data Privacy Day. The National Privacy Week also coincides with the one year anniversary of the establishment of the Bureau.

“The NDPB under the leadership of Dr. Vincent Olatunji as its National Commission and CEO will set-up an Accelerated Data Breach Remediation unit to resolve petitions from data subjects within the National Privacy Week”.

The post Nigeria Ready for Global Privacy Day 2023 – NDPB appeared first on Tech | Business | Economy.

Mr. Babatunde Bamigboye, the Legal, Enforcement & Regulations Lead at NDPB confirmed the development in a statement made available to TechEconomy.ng.

According to Bamigboye, the complaint against Phillips Consulting is in connection with the activities of online lending platforms who (allegedly) willfully breach the privacy of citizens whilst the investigation of UBA PLC., pertains to allegations of infringement on the governing principles of data protection.

“It will be recalled that the NDPR mandates organizations to carry out due diligence before engaging in any data processing. This is to ensure that parties are accountable for any infringement on fundamental rights and freedoms of data subjects.

“The Bureau warns all data controllers and processors to eschew all forms of data processing that are detrimental to citizens as well as the economy and security of the country”, the statement added.

The post NDPB Investigating Phillips Consulting, UBA for Alleged Violation of NDPR appeared first on Tech | Business | Economy.

Wema Bank is on NDPB’s radar after allegations that the bank and its agents have been opening unauthorised accounts for customers with information sourced from their Bank Verification Number (BVN) details.

On the other hand, the Nigerian betting platform Bet9ja suffered a ransomware attack perpetrated by the BlackCat ransomware group on April 6, which the company confirmed two days after the attack.

BlackCat group is regarded as the successor to BlackMatter and REvil gangs that target corporate environments with customisable ransomware. READ MORE.

Mr. Babatunde Bamigboye, the Legal, Enforcement & Regulations Lead at NDPB confirmed the development.

He said that Wema Bank and Bet9ja are under investigation in line with Sectio​​n 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation (NDPR) 2019  – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR. 

“It will be recalled that sometime in May 2022, some customers of Wema Bank PLC complained of breach of their rights to data privacy and protection by the Bank.  This data processing, according to the complaints against the Bank, involves using their personal data to open accounts.

“The Bureau is also investigating report of breach of data privacy at KC Gaming Networks. The breach in this case involved alleged external attack on the KC Gaming Networks. 

“At this stage, the objectives of these investigations as directed by the National Commissioner/CEO of the Bureau, Dr. Vincent Olatunji, are to determine the impact of the breaches on the affected data subjects and the remedial actions taken by the concerned data controllers. The Bureau assures members of the general public that it will ensure proper accountability of the data controllers in the ongoing investigations”, Bamigboye said.

The post Wema Bank, Bet9ja under investigation for Data Privacy Breach – NDPB appeared first on Tech | Business | Economy.