The Nigeria Data Protection Commission (NDPC) has declared illegal the Central Bank of Nigeria’s (CBN) directives to commercial banks to collect their customers’ social media handles.
It stated that it was currently discussing the matter with the CBN.
Dr Vincent Olatunji, National Commissioner of the NDPC, stated this in a statement issued by Mr Itunu Dosekun, Head of Media, on Thursday in Abuja.
As part of enhanced Customer Due Diligence (CDD) regulations, the CBN directed banks on June 26 to obtain customers’ social media handles.
However, Olatunji stated that prior to the passage of the Nigerian Data Protection Act (NDPA) on June 12, indiscriminate data collection by Data Controller Organisations was not taken seriously.
He explained that any Data Controller must take certain steps before collecting data from data subjects.
He also stated that any organisation that failed to comply was breaking the law and causing a data breach, and that they would be fined.
There are provisions in the law to go against any data controller be it private or government office, NGOs, hotels, because we are pro-citizens.
The whole idea of this law is to protect the rights, the interests of Nigerians who are data subjects.
We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data.
There is data minimisation, meaning you don’t collect data beyond the purpose for which it was intended, purpose limitation, what purpose is it for, he explained.
He believes that asking for social media handles is unnecessary.
He did, however, state that if the collection of social media handles occurred in the public interest, which could include monitoring some transactions, customers should be made aware.
Olatunji added that they would investigate why the CDD regulation was brought up and how best to resolve it in accordance with global best practises.