The attention of the National Information Technology Agency (NITDA) has been drawn to the potential breach of privacy rights of Nigerians by the Truecaller Service. The Agency, in accordance with Section 6(f) of the NITDA Act 2007, which empowers the it to render advisory services in all information technology matters to the public and private sectors, wish to inform the public that it commences investigation of the potential breach.
- Article 1.1 states that ‘Truecaller may supplement the information provided by You with information from third parties and add it to the information provided by You.’
- This provision contravenes Article 2.1(b) of the NDPR which requires data collection and processing to be accurate and Article 1.3(iii) which requires that valid consent must be specific. By supplementing the personal information of Nigerians without specific consent and accuracy, they are susceptible to serious invasion of their privacy. This has encouraged unscrupulous persons to continue using Nigerian identities to perpetuate fraud.
2. Article 1.2 states that ‘When You install and use the Services, Truecaller will collect personal information from You and any devices You may use in Your interaction with our Services. This information may include e.g.: geo-location; Your IP address; device ID or unique identifier; device manufacturer and type; device and hardware settings; SIM card usage; applications installed on your device; ID for advertising; ad data, operating system; web browser; operator; IMSI; connection information; screen resolution; usage statistics; default communication applications; access to device address book; device log and event information; logs, keywords and meta data of incoming and outgoing calls and messages; version of the Services You use and other information based on Your interaction with our Services such as how the Services are being accessed (via another service, web site or a search engine); the pages You visit and features you use on the Services; the services and websites You engage with from the Services; content viewed by You, content You have commented on or sent to us and information about the ads You see and/or engage with; the search terms You use; order information and other usage activity and data logged by Truecaller’s servers from time to time’.
Contrary to the expectation of many users, the Truecaller service collects far more information than it needs to provide its primary service.
3. Article 3 states that ‘Truecaller may also share personal information with third party advertisers, agencies and networks. Such third parties may use this information for analytical and marketing purposes.’
It is global best practice for Users to be informed of the possible third-party processors’ information may be shared with and for what purpose. This Policy flaunts this rule which is also enunciated in the NDPR.
NITDA would like to assure Nigerians that it will continue to monitor the activities of digital service providers with a view to ensuring that the rights of Nigerians are not unduly breached while also improving the operational environment to support ethical players in their bid to get maximum benefit from Nigeria.
The National Information Technology Development Agency (NITDA) is a Federal Government Agency under the supervision of the Federal Ministry of Communications. NITDA is established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country. Specifically, Section 6(a, b, c, f & m) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; provide guidelines to facilitate the establishment and maintenance of appropriate infrastructure for information technology and systems application and development in Nigeria for public and private sectors, urban-rural development, the economy and the government; render advisory services in all information technology matters to the public and private sectors and accelerate internet and intranet penetration in Nigeria and promote sound internet Governance by giving effect to the Second Schedule of the Act.
Kashifu Abdullahi Inuwa, CCIE
Chief Information Technology Officer of Nigeria
NITDA Corporate Headquarters, Garki, Abuja
23rd September, 2019