Latest Headlines
CBN AND SOCIAL MEDIA HANDLES
The regulation breaches the fundamental right to privacy
Apparently to fight money laundering and associated crimes, the Central Bank of Nigeria (CBN) recently directed banks and other financial institutions to obtain and verify customers’ social media handles for the purpose of identification. According to the apex bank, the new regulation would enhance customer due diligence (CDD). But the directive has outraged many Nigerians who argue the regulation could be used to arbitrarily abridge the rights of citizens. Many view the initiative as incompatible with the Nigerian Data Protection Act (NPDA) 2023, signed only last month by President Bola Tinubu. Besides, there is nowhere in the world where social media handles are mandatory for owning or operating a bank account.
Like its predecessor, the Nigerian Data Protection Regulation 2019, the NPDA guarantees and protects the right to privacy in Nigeria. The National Commissioner of Nigerian Data Protection Act (NDPC), Vincent Olatunji noted last week that what the apex bank is asking for offends the principle of minimal data collection enshrined in the data protection laws, adding: “We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data.”
We concede that the CBN, as the primary regulator for the financial services industry, has powers to regulate the financial institutions to strengthen and enhance existing standards and controls through subsidiary legislation. Indeed, the Banks and Other Financial Institutions Act 2020 empowers the Governor of the CBN to issue such guidelines. But many are viscerally opposed to inclusion of information on customers’ social media handles or addresses of customers because it is intrusive and does not serve any legitimate interest. It is not only in contravention of the fundamental human right to privacy as guaranteed in the 1999 Constitution [as amended], but it also breaches the African Charter on Human and Peoples’ Rights. The Nigerian Constitution guarantees in Section 39 the right to freedom of expression and in Section 37, the right to privacy.
Already, there are plenty means of identification for CBN, the commercial banks and other financial institutions to rely on to meet the requirement of Know Your Customer (KYC). There are the National Identity Card, National Driver’s Licence, International Passport, Bank Verification Number (BVN), Tax Identification Number (TIN), and many others which banks and other financial institutions require their customers to provide.
Despite the foregoing, the federal government has lately been hiding under the current insecurity to undertake multiple data collection and privacy infringement initiatives. From the National Population Commission (NPC) to the Nigeria Immigration Service (NIS), Federal Road Safety Corps (FRSC), Independent National Electoral Commission (INEC), and several other federal agencies, Nigerians are being asked for their biometric data for almost every service. With hardly any interrogation, the immediate past Minister of Communications and Digital Economy, Isa Pantami introduced a torrent of data mining and harvesting initiatives.
Pertinent questions that arise from all these are: Where do we draw the line between the responsibility for national security and the right of individual citizens to the privacy of their personal data and communications? In what remote locations are the backup servers of these data being stored and to what end?
It ought to concern the authorities that the more we introduce these intrusive data collection initiatives, the more we witness increase in criminal and illicit enterprises like cybercrimes. In some of the officially related financial crimes, the culprits are persons whose identity is not hidden and does not require complex data searching to be found. It is even more confounding that the CBN that is being headed by an interim Governor with no constitutional mandate is coming up with such a ridiculous proposition.
Quote
Where do we draw the line between the responsibility for national security and the right of individual citizens to the privacy of their personal data and communications?