By Modupe Gbadeyanka
A recent survey conducted by WorldWideWorx and commissioned by a global technology company, Zoho, has revealed that 70 per cent of Nigerian businesses are unaware of privacy laws governing their marketing activities.
This is despite the Nigeria Data Protection Regulation (NDPR) being in effect since 2019. The survey also revealed that even though businesses are concerned about the privacy of customer’s data in the hands of third-party vendors, they are reliant on them for revenue generation and gathering customer insights. This makes it harder for them to move away.
The CEO of WorldWideWorx, Mr Arthur Goldstuck, said the lack of awareness about the law is largely because these regulations are not part of business-critical activities like taxation and licensing.
However, he noted that 78 per cent of the businesses indicated that they have well-documented policies for customer data protection.
“This is likely following fear of NDPR violation, which has made headlines in Nigeria, even so, only 60 per cent are strictly applying them,” said Mr Goldstuck.
Third-Party Trackers and Ad Platforms
Of the 319 businesses surveyed across various industries and sizes, 45 per cent said they allow third-party trackers on their website, mostly for sharing content on social media (62 per cent) and gathering analytics on their website visitors (35 per cent).
There is also heavy dependence on digital ad platforms. The respondents believe that keyword search ads (59 per cent) and social media ads (52 per cent) are quite effective for customer conversion.
In fact, 78 per cent of businesses said the third-party ad platforms either help them meet or are a primary factor in achieving their sales goals.
Given this reliance on third-party vendors, it is no wonder then that, even though 85 per cent of businesses express concern over the use of their customer’s data, they are largely either ‘comfortable’ or ‘neither comfortable nor uncomfortable’ with the platforms.
Even the 18 per cent who are ‘uncomfortable’, state that they cannot move away from the platforms as they are crucial to their business or that it is too complex to move away.
Interestingly, 24 per cent of businesses reported that they do not completely understand how third-party trackers and ad platforms utilise the collected customer information.
“When businesses choose to use a free tracker, they are paying for it with their consumer’s data,” said Andrew Bourne, Regional Manager for Africa, Zoho. “At Zoho, we refer to this practice of third-party trackers collecting data without user knowledge as adjunct surveillance. Presently, Nigerian businesses turn a blind eye to this passive data collection by trackers, most likely, because they are dependent on them for revenue.
“However, consumers will eventually trust companies with transparent privacy policies that protect their personal information. Businesses hoping to stay relevant in the long term will need to either rethink their reliance on third-party platforms or demand greater transparency and accountability from them.”
Zoho had removed third-party trackers from its website in 2020 and has never sold customer data to anyone or shown ads, even in their free products.
Zoho also owns its data centres and the entire technology stack of its solutions. It can, therefore, assure its users of the highest standards of privacy and security.
On NDPR
Nigerian businesses believe that NDPR has had either no effect (39 per cent) or a positive effect (42 per cent). Their biggest concerns with the law are increased complexity (36 per cent) and the increased cost of governance (34 per cent). As per Mr Goldstuck, the cost of governance will be a major concern for SMEs.
For context, all businesses in Nigeria (regardless of size) need to appoint a privacy/information officer to oversee the protection of customer information.
Larger businesses can appoint their CIOs or IT leads in this new role, while smaller businesses may have to appoint their managing directors or business owners in the same role.
For smaller businesses, in particular, this can be a daunting task as the person in charge can be held personally liable for data leaks or breaches as per the law.