NDPC investigates TikTok, Truecaller over alleged data privacy violations

The Nigeria Data Protection Commission (NDPC) has launched an investigation into global tech giants TikTok and Truecaller over alleged breaches of data privacy regulations. This move aligns with the commission’s commitment to enforcing the Nigeria Data Protection Act (NDPA) and ensuring that multinational companies comply with data protection laws.

The National Commissioner and Chief Executive Officer of the NDPC, Dr. Vincent Olatunji, made the disclosure at a press conference in Abuja on Thursday.

He confirmed that the commission is actively scrutinizing the data privacy practices of these companies to assess their compliance with Nigerian regulations.

“As we speak, we have even gone to the extent of investigating multinationals. We are currently investigating TikTok and Truecaller in the area of data privacy,” Olatunji stated.

He emphasized that the commission follows a structured remediation process, allowing companies to rectify lapses before facing potential sanctions. If the companies under investigation take appropriate corrective actions, the NDPC is open to working with them to ensure compliance.

Olatunji noted that when the NDPC initially began monitoring data protection compliance, only four per cent of organizations adhered to the regulations. However, due to intensified enforcement efforts and increased engagement with stakeholders, compliance levels have now risen to over 55 per cent.

Unlike punitive regulatory bodies, the NDPC does not impose immediate sanctions on organizations found to be in breach of data protection laws. Instead, the commission evaluates breaches based on their severity, the number of individuals affected, and the potential economic impact.

READ ALSO: Trump demands U.S. ownership of TikTok as national security debate intensifies

Companies found in violation are provided with specific corrective measures and must maintain detailed records of their data processing activities while implementing necessary rectifications. The NDPC then monitors these organizations for a period ranging from six months to a year to ensure full compliance.

While the NDPC prioritizes remediation, Olatunji warned that the commission would not hesitate to take stronger enforcement actions if necessary.

In a significant step toward strengthening Nigeria’s data protection framework, the NDPC also unveiled the Nigeria Data Protection Act – General Application and Implementation Directive (NDP Act-GAID). This directive provides comprehensive guidelines to assist data controllers and processors in complying with the NDPA.

Describing the directive as a major milestone, Olatunji highlighted the increasing role of emerging technologies in reshaping digital interactions.

Advertisement

Following President Bola Tinubu’s assent to the Nigeria Data Protection Bill on June 12, 2023, the NDPC has been working on a framework to ensure its full implementation.

To further enhance data protection enforcement, the NDPC introduced the Standard Notice to Address Grievance (SNAG). This mechanism allows individuals to demand remedial action directly from data controllers and processors without first involving the commission.

Olatunji stated that this tool empowers over 230 million Nigerians to actively safeguard their personal data rights.

The full implementation of the directive is scheduled for September 2025, with a six-month transition period for organizations. Provisions related to fees will take effect from January 2026.

Reaffirming its commitment to promoting a culture of data privacy in Nigeria, the NDPC assured that it would continue issuing guidance notices and advisories to clarify legal requirements.

Additionally, the commission plans to roll out capacity-building programs aimed at reinforcing data protection awareness and compliance across various sectors.