Technology

FG moves against Truecaller over alleged breach of privacy in Nigeria

FG moves against Truecaller over alleged breach of privacy in Nigeria


The Federal Government through the National Information Technology Development Agency (NITDA) is looking into a potential breach of privacy rights of Nigerians by the social media platform, Truecaller.
  
The Agency, in accordance with Section 6(f) of the NITDA Act 2007, which empowers it to render advisory services in all information technology matters to the public and private sectors, said it has  commenced investigation of the potential breach.
  
According to NITDA, initial findings revealed that the Truecaller Privacy Policy is not in compliance with global laws on data protection and the Nigeria Data Protection Regulation (NDPR) in particular.
  
NITDA findings also revealed that there are over seven million Nigerians, who are active users of the service, hence the need to enlighten the public on some of the areas of non-compliance as well as guide those affected.
 
“Truecaller is made of two sets of privacy policy– one for those in the European Economic Area (EEA) and the other for those outside the EEA. Nigeria falls under the second category. Furthermore, every Nigerian user is contracting with Truecaller India. There are marked differences between both policies. Critical assessment of the policy revealed non-compliance with the NDPR,” the IT agency stated.

NITDA also pointed out that the provision of the Truecaller Privacy Policy is clearly excessive and invasive of the privacy of its users. According to NITDA, Article 2.3(2)d of the NDPR revealed that when assessing whether consent is freely given, utmost account shall be taken of whether the performance of a contract, including the provision of a service, is conditional on consent to the processing of Personal Data that is not necessary (or excessive) for the performance of that contract.

NITDA’s Director-General, Kashifu Inuwa, said contrary to the expectation of many users, the Truecaller service collects far more information than it needs to provide its primary service, noting that it is global best practice for users to be informed of the possible third-party processors’ information, which may be shared with and for what purpose, insisting that this policy flaunts this rule which is also enunciated in the NDPR.

“The provisions of the policy can be exploited to put many Nigerians in unsavoury conditions. In view of this, we urge all Nigerians to take advantage of Article 4 of the Truecaller Privacy Policy, which provides, “If any persons do not wish to have their names and phone numbers made available through the Enhanced Search or Name Search functionalities, they can exclude themselves from further queries by notifying Truecaller via its website. Members of the public may also decide to delist themselves from the Truecaller Service completely.’’
  
The IT regulator assured Nigerians that it will continue to monitor the activities of digital service providers with a view to ensuring that the rights of Nigerians are not unduly breached, while also improving the operational environment to support ethical players in their bid to get the maximum benefit from Nigeria.