The Central Bank of Nigeria’s (CBN) recent rule requiring banks to gather and verify clients’ social media handles has been criticized by the Nigerian Data Protection Commission (NDPC).
The Commission declared the directive to be unlawful and pointed out that it broke privacy rules.
As part of increased Customer Due Diligence (CDD) standards, the apex bank had instructed banks to get consumers’ social media usernames on June 26.
The action, according to the statement, was intended to improve bank customers’ adherence to anti-money laundering (AML) and counter-terrorism financing (CFT) regulations while adhering to global best practices.
“We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data,” he said.
“There is data minimisation, meaning you don’t collect data beyond the purpose for which it was intended, purpose limitation, what purpose it is for.”
“The purpose of this law is to safeguard the rights and interests of Nigerians who are data subjects.”
He highlighted key principles, such as data minimization, which mandates that data should only be collected for its intended purpose, and purpose limitation, which specifies the purpose for which data is collected.
Olatunji further argued that requesting social media handles from bank customers was unnecessary.
However, he acknowledged that if the collection of social media handles served a public interest, such as transaction monitoring, customers should be properly informed.