The Central Bank of Nigeria (CBN) has faced criticism from the Nigeria Data Protection Commission (NDPC) regarding its directive to financial institutions in the country. The NDPC deems it inappropriate for these institutions to collect personal customer data through their social media handles.
Dr. Vincent Olatunji, the National Commissioner/Chief Executive Officer of the Nigeria Data Protection Commission, expressed these concerns during an interactive program on Voice of Nigeria, held in Abuja.
According to Dr. Olatunji, the collection of such customer data amounts to a violation of citizens’ rights. He emphasized that the NDPC has the legal authority to safeguard and responsibly manage the personal data of Nigerians. The transformation of the former Nigeria Data Protection Bureau (NDPB) into a commission was made possible by an Act signed into law by President Bola Ahmed Tinubu.
With this newly acquired mandate, the commission is empowered to impose fines, enforce compliance, and even prosecute those who violate the law, whether they are individuals or organizations in the public or private sectors.
Dr. Olatunji confirmed that plans are underway to officially communicate the commission’s position on this matter to the CBN. He stated that there are established procedures and guidelines, especially when it comes to matters of public interest, rather than imposing such customer data requirements on customers without due process.
“We will formally write to CBN on that if this has to be done, there are procedures to follow especially in the case of public interest, there are guidelines to that rather than just to impose it on customers, it is not right,” Dr. Olatunji emphasized.
NDPC Advocates for Customer Data Protection Principles and Guidelines
The National Commissioner and CEO of the Nigeria Data Protection Commission (NDPC) emphasized the importance of adhering to fundamental principles when dealing with customer data protection and privacy, particularly in data processing.
In cases where the Central Bank of Nigeria (CBN) requires the use of such customer data for monitoring financial transactions as a regulatory measure, he stated that specific guidelines must be followed. These guidelines should include informing customers about the purpose of data collection.
However, the NDPC Commissioner expressed that ideally, the collection of such customer data should not be necessary. Existing identification measures like the National Identity Number (NIN), Bank Verification Number (BVN), and International Passport are already in place and sufficiently recognize individuals as Nigerian citizens. Therefore, requesting customers’ social media handles is completely unnecessary.
The Commissioner affirmed that unnecessary customer data should not be collected, as it goes against the principle of data minimization. The NDPC is committed to engaging with the CBN on this matter and finding the best possible solution.
Previously, the CBN had mandated financial institutions to obtain various customer data, including social media handles, email addresses, telephone numbers, and residential addresses.
The NDPC boss concluded that to raise awareness about customer data safety and privacy rights, the NDPC is actively engaging with relevant stakeholders and partners. The commission is organizing stakeholder engagements, programs, and projects, and working towards grassroots enlightenment campaigns to ensure inclusiveness.
