By Tracy Yekaghe
The Nigeria Data Protection Commission (NDPC) said it was already in talks with the Central Bank of Nigeria (CBN) on its new mandatory provisions mandating banks and other financial institutions to gather additional customer information, including social media handles, email addresses, telephone numbers, and residential addresses.
RELATED: What you should know about the new Data Protection Act
The privacy ombudsman said it has already written the CBN seeking clarifications even it stated that the provision was unnecessary and could only be allowed by law if it serves public interest and in line with specific guidelines as provided for by the Nigeria Data Protection Act of 2023.
The National Commissioner of the NDPC, Dr. Vincent Olatunji, told IT Edge News in Abuja that the commission priority is to ensure that corporate entities whether government or private comply with the provisions of the law and do not abuse or undermine the privacy rights of data subjects as it may concern banks and customers’ social media handles.
Issues can be addressed within the law – NDPC
“We expect to get further clarifications from the CBN and believe the issues can be addressed within the provisions of the law,” Olatunji said in Abuja.
In a circular dated 20 June 2023 with the number FPR/DIR/PUB/CIR/007/076, and published on its website as ‘Central Bank of Nigeria (Customer Due Diligence) Regulations, 2023’ the apex bank ordered banks and financial institutions to implement and comply with the unlawful mandatory provisions on customers’ social media handles.
According to the CBN, the objective of the regulations includes, “To provide additional customer due diligence measures for financial institutions under the regulatory purview of the Central Bank of Nigeria to further their compliance with relevant provisions of the Money Laundering (Prevention and Prohibition) Act (MLPPA), 2022, Terrorism (Prevention and Prohibition) Act (TPPA), 2022, Central Bank of Nigeria (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction in Financial Institutions) Regulations, 2022 (CBN AML, CFT and CPF Regulations) and international best practices.
But the decision has elicited mixed reactions.
The Socio-Economic Rights and Accountability Project (SERAP) has said it will initiate legal actions against the Central Bank of Nigeria (CBN) over the new regulations which it described the order as “patently unlawful provisions.”
A Lagos based licensed data protection compliance organisation (DPCO) said the order negates the spirit of the data protection act and such a mandate on the banks by the CBN can only be carried with the consent of the owners of the social media handles.
Provision is using technology to fortify anti-financial crime measures – CBN
However, some others see it as a proactive adoption of innovative technology to fortify anti-financial crime measures.
When banks collect and verify customers’ social media handles as part of the Know Your Customer (KYC) process, they are better positioned to know and understand their customers, said one expert in Jos, Plateau State, central Nigeria..
The consensual thinking is that by incorporating social media handles into the KYC process, financial institutions can tap into the vast pool of information available on social platforms to reinforce their due diligence efforts.
By law, the NDPC is the final arbiter on issues that border on data privacy and protection. The privacy watchdog plans to make an officical statement on the matter after a “thorough examination of the matter.”