The Nigeria Data Protection Commission (NDPC), on Thursday declared the Central Bank of Nigeria’s (CBN) new directive to banks on social media as illegal.
The apex bank, last week, directed commercial banks to obtain the social media handles of their customers as part of Know-Your-Customer (KYC) requirements.
It added that the directive was in line with the Customer Due Diligence (CDD) 2023 regulations meant to prevent financial crimes and terrorism financing through the banking system.
However, the Head of Media, Itunu Dosekun, announced through a statement that NDPC’s national commissioner Vincent Olatunji, said the CBN’s request is illegal and against the Nigerian Data Protection Act (NDPA), which President Bola Tinubu signed on June 12, 2023.
He added that private or government data controllers or organisations obtaining individuals’ data are guided by laws.
The laws, according to him, are to protect the interests of Nigerians and prevent the misuse of their data.
Olatunji said: “There are provisions in the law to go against any data controller be it private or government office, NGOs, hotels, because we are pro-citizens.
“The whole idea of this law is to protect the rights, the interests of Nigerians who are data subjects.
“We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data.
“There is data minimisation, meaning you don’t collect data beyond the purpose for which it was intended, purpose limitation, what purpose is it for.”