Regulation to obtain bank customers’ social media handles illegal — Data Protection Commission

By Ibiyemi Mathew

The Nigeria Data Protection Commission (NDPC) has declared the regulation to obtain bank customers’ social media handles illegal.

Recall that the Central Bank of Nigeria (CBN) last week issued new regulations mandating financial institutions to gather additional customer information, including social media handles, email addresses, telephone numbers and residential addresses.

The CBN stated that the goal of the regulation is to ensure compliance with the provisions of the Money Laundering (Prevention and Prohibition) Act (MLPPA), 2022, Terrorism (Prevention and Prohibition) Act (TPPA), 2022, Central Bank of Nigeria (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction in Financial Institutions) Regulations, 2022 (CBN AML, CFT, and CPF Regulations), and international best practices.

However, reacting to this regulation in a press statement, the National Commissioner of NDPC, Dr Vincent Olatunji, explained that there were prerequisite steps any Data Controller must take prior to the collection of data from data subjects.

He noted that “there are provisions in the law to go against any data controller, be it private or government office, NGOs, hotels, because we are pro-citizens.

“The whole idea of this law is to protect the rights, the interests of Nigerians who are data subjects. Any organisation that defaults is going against the law and causing a data breach, as well as would attract fine,” e affirmed.

According to him, asking for social media handles is not necessary.

He, however, said that if the collection of the social media handles happened under public interest, which could include to monitor some transactions, there should be proper awareness to the customers.

Olatunji said there were guidelines to follow for government agencies to tap into citizens’ mobile communications for national security.

“There is data minimisation, meaning you don’t collect data beyond the purpose for which it was intended, purpose limitation, what purpose is it for,” he explained.

He added that the commission will engage with the CBN to let them know that what they have done is against the law and also engaging with other government institutions, data controllers, to sensitise them on the requirements of the NDPA and data collection prerequisites.

NewsDirect
NewsDirect
Articles: 49843