Nigeria’s ICT agency is going after Truecaller over 'breaches of privacy,' but the Sweden-based firm says users’ privacy is of utmost importance

Truecaller App
  • The National Information Technology Agency (NITDA) has commenced an investigation into an alleged breach of privacy rights of Nigerians by the Truecaller Service.
  • The Sweden-based tech company tells Business Insider SSA that users’ privacy in Nigeria and globally is of utmost importance to it.
  • Nigeria has no single data protection law in place

The National Information Technology Agency (NITDA) has commenced an investigation into an alleged breach of privacy rights of Nigerians by the Truecaller Service.

The agency, in a statement issued on Monday, September 23rd, said the violation is in accordance with section 6(f) of the NITDA Act 2017, which empowers it to render advisory services in all information technology matters to the public and private sectors.

"Initial findings revealed that the Truecaller Privacy Policy is not in compliance with global laws on data protection and the Nigerian Protection Regulation (NDPR)

The findings also revealed that there are over 7 million Nigerians who are active users of the Service, hence the need to enlighten the public on some of the areas of non-compliance as well as guide those affected," Abdullahi Inuwa, DG/CEO of the agency said on Monday.

NITDA lists Article 1.1, 1.2, and 3 of the Truecaller's privacy policy as a violation of data privacy of Nigerian citizens.

Checks by Business Insider SSA show the first part of the policy is for Non-EU users of Truecaller. 

The policy reads:

When you create a user profile in the service and confirm being the holder of a certain number, Truecaller will collect the information provided by you. In order to create a user profile, you must register your first name, last name, and phone number. Additional information that may be provided at your option includes, but is not limited to, photo, gender, street address and zip code, country of residence, email address, professional website, Facebook page, Twitter address and a short status message.

“Truecaller may supplement the information provided by you with information from third parties and add it to the information provided by you e.g. demographic information and additional contact information that is publicly available.”

However, article 4 of the same policy states that individuals “can limit or opt-out of the collection and use of your information for ad targeting by third parties via your device settings.”

This is quite different from the policy statement carefully crafted for the European Union users.

Adegoke Adeboye, a Digital Rights Advocate/Public Policy Analyst, told Business Insider SSA in a telephone conversation on Tuesday, September 24th, that the issue with Truecaller infringement still has to do with absent of data protection policy in the country.

This is a good approach to data protection and privacy in Nigeria, but NITDA is not going about it in the right way."

He said the country needs to formulate a data protection policy to be able to address the issue. "Nigeria has no regulations to check data breaches and violations and the same organisations fighting for this cause were part of those that sabotage the passage of the Data Protection Bill,” Adeboye said.

Truecaller clarifies users' privacy policy, says it is committed to the global standard

When Business Insider SSA reached out to Truecaller, the Sweden-based tech company said users’ privacy in Nigeria and globally is of utmost importance to it.

It stated further that for users to continue using the app for free, “we work with advertising partners such as Google and provide trusted partners with caller ID services.”

The world of communication is getting more complex, but we make your communication more safe and efficient. We make sure users understand what permissions are needed to make Truecaller work how they want.

We are in the process of reviewing the comments made by NITDA and will give more information on it very soon,” the company said in a statement exclusively obtained by Business Insider SSA.

Data rights organisation, Paradigm Initiative, had called on the Nigerian government to enact a data protection law for its citizens.

Some of the data protection Bills formulated by the group and others include Data Protection Bill (HB02), Protection of Personal Information Bill (SB 310), and the Digital Rights and Freedom Bill (HB 490) in line with internationally recognised principles of data protection.

One of the bills, Digital Rights and Freedom Bill, was refused denied signatory by President Muhammadu Buhari in March 2019.

Nigerians like other African countries are still vulnerable and exposed by the absence of data protection law. If data breaches occur, there is no legally stipulated process, redress or resort for the aggrieved, no laws detailing data protection responsibilities on the data holders, no real laws to guide the judiciary.


Eyewitness? Submit your stories now via social or: