The Federal Government has launched investigations into popular global digital platforms, including TikTok and Truecaller, over concerns related to the misuse of Nigerians’ personal data. This was revealed by the Nigeria Data Protection Commission (NDPC) during a high-level meeting aimed at enhancing data security, particularly in the healthcare sector.
Dr. Vincent Olatunji, the National Commissioner of the NDPC, made this known during a working visit to the Coordinating Minister of Health and Social Welfare, Professor Ali Pate, in Abuja. Both parties met to discuss strategies for improving data protection in Nigeria’s health system, which collects and manages large volumes of sensitive information.
“If you reside in Nigeria and process Nigerian data, you are within scope. Even if you are outside Nigeria, once you process the data of Nigerians, you are within scope,” Dr. Olatunji stated. “That’s why we are currently investigating global platforms like Truecaller and TikTok.”
The announcement comes as Nigeria continues to adapt to the digital age, where concerns about data privacy, security breaches, and unauthorized use of personal information are becoming more pressing.
In June 2023, President Bola Tinubu signed the Nigeria Data Protection Act (NDPA) into law. This law gives the NDPC the legal authority to regulate how personal data is collected, stored, and used by both local and international organizations operating in Nigeria or processing data of Nigerian citizens.
The law also addresses cross-border data transfers, requiring any company that sends Nigerian data abroad to ensure that the receiving country offers adequate levels of data protection. Companies that fail to comply face fines, penalties, or even bans.
TikTok, a short video-sharing app owned by Chinese tech firm ByteDance, and Truecaller, a Swedish-based caller ID and spam blocking app, are widely used by millions of Nigerians. These platforms collect large amounts of user information such as names, phone numbers, contact lists, locations, and even usage behaviour.
While both companies claim to follow global data protection standards, Nigerian regulators now want to know how that data is being used, stored, and possibly shared with third parties.
Dr. Olatunji stressed that any digital company — foreign or local — that processes Nigerian citizens’ personal data is legally bound by the NDPA, regardless of where the company is based.
“We are applying the law to anyone who processes Nigerian data. These are sensitive matters that must be treated with utmost seriousness,” he said.
Another focus of the NDPC’s visit was to strengthen the protection of health data, which is considered one of the most sensitive categories of personal information.
Dr. Olatunji warned that improper handling of medical records could lead to discrimination, misdiagnosis, and even loss of life.
“This sector is generally sensitive. The kind of information collected includes medical records which, if misused, can have serious consequences. We must ensure the confidentiality and security of every citizen’s health data,” he explained.
As Nigeria’s healthcare system continues to digitize its operations, he said, it is important for hospitals, Health Maintenance Organizations (HMOs), and related institutions to comply with the data protection law.
He also noted that every action taken online creates a “digital footprint,” making it easier for cybercriminals to exploit data if proper protection measures are not in place.
In response, Professor Ali Pate, the Coordinating Minister of Health and Social Welfare, acknowledged the NDPC’s efforts and pledged to support full compliance across the country’s health institutions.
“The health sector is a unique sector. We collect extensive data — from personal health details to demographic statistics — across all our facilities. We understand the importance of securing this information,” the Minister said.
He added that Nigeria’s health ministry is ready to work closely with the NDPC to ensure that all 107 associated health institutions operate in full compliance with the law.
The partnership between the NDPC and the health ministry is part of a broader initiative to build public trust in Nigeria’s digital systems. Citizens are increasingly concerned about who controls their data, how it’s used, and what safeguards exist to prevent abuse.
NDPC spokesperson Itunu Dosekun said the Commission is also exploring ways to train public health workers and IT professionals in data protection standards to improve the country’s overall cybersecurity posture.
“This collaboration is aligned with President Tinubu’s priority areas, including digital transformation, job creation, and responsible innovation,” Dosekun said.
As the NDPC continues its probe into TikTok, Truecaller, and other digital platforms, experts say this could lead to a stronger regulatory framework and possibly new data-sharing agreements with foreign governments and tech firms.
While the Commission has not given a timeline for the completion of its investigations, it confirmed that several compliance reviews and audits are already underway.
The move has been widely welcomed by digital rights groups and cybersecurity experts who say Nigeria needs to catch up with global standards in data governance.
If the probe uncovers any violations, companies could face sanctions, legal action, or restrictions on how they operate within Nigeria.
As digital platforms continue to grow in popularity, so do the risks they pose. With this new step, Nigeria is sending a clear message: user data must be protected, and those who mishandle it will be held accountable.
