The National Information Technology Development Agency (NITDA) has warned Nigerians against the potential breach of their privacy rights by the Truecaller Service based on the provisions of its terms of servic
It however assured Nigerians that it will continue to monitor the activities of digital service providers with a view to ensuring that the rights of Nigerians are not unduly breached while also improving the operational environment to support ethical players in their bid to get maximum benefit from Nigeria.
This was disclosed in a statement released by the Agency on September 23, 2019 and signed by Kashifu Abdullahi Inuwa, Director General/CEO of NITDA. It revealed that its finding shows that there are over seven million Nigerian active users of the Service, hence the need to enlighten the public on some of the areas of non-compliance as well as guide those affected.
NITDA cited Article 1.1 of the Truecaller policy which states that “Truecaller may supplement the information provided by You with information from third parties and add it to the information provided by You.”
This Article, NITDA said, contravenes Article 2.1(b) of the NDPR which requires data collection and processing to be accurate and Article 1.3(iii) which requires that valid consent must be specific. It noted that by supplementing the personal information of Nigerians without specific consent and accuracy, they are susceptible to serious invasion of their privacy, adding this has encouraged unscrupulous persons to continue using Nigerian identities to perpetuate fraud.
The range of information Truecaller will collect include geo-location; Your IP address; device ID or unique identifier; device manufacturer and type; device and hardware settings; SIM card usage; applications installed on your device; ID for advertising; ad data, operating system; web browser; operator; IMSI; connection information; screen resolution; usage statistics; default communication applications; access to device address book; device log and event information; logs, keywords and meta data of incoming and outgoing calls and messages; version of the Services You use and other information based on Your interaction with our Services such as how the Services are being accessed (via another service, web site or a search engine); the pages You visit and features you use on the Services; the services and websites You engage with from the Services; content viewed by You, content You have commented on or sent to us and information about the ads You see and/ or engage with; the search terms You use; order information and other usage activity and data logged by Truecaller’s servers from time to time’.
These range of information that Truecaller says it will collect, according to NITDA “is clearly excessive and invasive of the privacy of its users.”
The Agency noted that Article 2.3(2)d of the NDPR provides that “when assessing whether consent is freely given, utmost account shall be taken of whether the performance of a contract, including the provision of a service, is conditional on consent to the processing of Personal Data that is not necessary (or excessive) for the performance of that contract.”
It warned that contrary to the expectation of many users, the Truecaller service collects far more information than it needs to provide its primary service.
It pointed out again that it is global best practice for users to be informed of the possible third-party processors their information may be shared with and for what purpose, saying Truecaller Policy flaunts this rule which is also enunciated in the NDPR.
The National Information Technology Development Agency (NITDA) is a Federal Government Agency under the supervision of the Federal Ministry of Communications established in April 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country.