The Nigeria Data Protection Commission (NDPC) on Thursday, said the Central Bank of Nigeria (CBN)’s directives to commercial banks to collect customers’ social media handles is illegal.
As part of the Know Your Customer (KYC) procedures, the central bank had last week instructed the nation’s commercial banks to get the social media handles of their clients.
It stated that the instruction was inline with the Customer Due Diligence (CDD) 2023 rules designed to stop financial crimes and terrorism financing through the banking sector.
However, in a statement issued by NDPC’s Head of Media, Itunu Dosekun, the National Commissioner, Vincent Olatunji, said the CBN’s request was illegal and against the Nigerian Data Protection Act (NDPA) signed by President Bola Tinubu on June 12.
He also said that private or government data controllers or organisations obtaining individuals’ data are guided by laws, adding that anyone that goes against the law would attract fine.
Olatunji said: “There are provisions in the law to go against any data controller be it private or government office, NGOs, hotels, because we are pro-citizens.
“The whole idea of this law is to protect the rights, the interests of Nigerians who are data subjects.
“We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data.
“There is data minimisation, meaning you don’t collect data beyond the purpose for which it was intended, purpose limitation, what purpose is it for.”