UBA’s N8,000,Penalty: A Wake-Up Call for Data Privacy Compliance
The United Bank of Africa (UBA) PLC in Nigeria has been instructed to compensate its customer N8,000,000 for a severe infringement of her data privacy rights and data privacy compliance in a case supported by Paradigm Initiative (PIN) through its digital rights reporting platform Ripoti.
The bank was held accountable for opening a domiciliary account for Miss Folashade Molehin without her consent, violating her data privacy rights.
Court Ruling on UBA’s Breach of Data Privacy Compliance
Justice A O Faji of the Lagos Judicial Division ruled that the bank did not adhere to the regulations of the tier one domiciliary account, which essentially is a restricted account requiring Know Your Customer (KYC) compliance for its operation, a requirement that was not met.
The Judge noted, “The customer has expressed her desire to close the account, yet the bank is refusing to do so. This demonstrates an unjustifiable insistence by the bank to prolong the customer’s suffering and disregard her rights, despite her decision to close the account…I fail to comprehend the bank’s motives in this matter.”
Represented by lawyer Festus Ogun, the customer sought to determine whether the bank’s unilateral opening of the domiciliary account without her consent violated her data privacy rights.
She requested a court declaration that the bank’s actions constituted a serious breach of her data privacy rights as outlined in Section 37 of the 1999 Constitution of the Federal Republic of Nigeria and a significant violation of the Nigeria Data Protection Regulation, 2019.
She informed the court that she provided her bank details to her employer for the purpose of receiving her monthly salary. Her employer transferred the salary to her Savings Account, but she never received confirmation from the bank that $300 had been deposited into her account. Later, she received a text message from UBA Bank stating that a domiciliary account had been created for her without her consent and the said amount had been deposited into it. She visited the bank’s Ojodu branch and was informed that the account had indeed been opened in her name and the money had been deposited into it.
The bank, on the other hand, requested the court to dismiss the case due to lack of jurisdiction. However, the court ruled differently and maintained that it has jurisdiction over Folashade’s claim.
Furthermore, the court noted that there was no valid reason for the bank to act so quickly as if there was an urgent need for the transaction. The customer could have easily been contacted by phone since the bank had already notified her of the credit through a text message after opening the account. Justice Faji added, “The same method of communication could have been used with potentially the same outcome.”
The bank did not respond to the customer’s letter requesting the closure of the account.
The judge stated that the bank could have responded to the customer’s letter, providing an explanation and demonstrating good faith on the bank’s part. However, this was not done. Eventually, the customer had no choice but to withdraw the money from the account since the bank neither closed the account nor explained how it was created and why it remained open despite the customer’s instructions to close it.
The judge also mentioned that even if the bank is not obligated to respond to such letters, they could have shown and justified their good faith by responding to Folashade’s letter.
The bank had argued that there was no processing of the customer’s data during the account opening process. However, the Judge, citing clause 1.3 (xxi) of the Nigeria Data Protection Regulation (NDPR), determined that the data was indeed utilized to establish the tier-one domiciliary account for the customer.
In response to the ruling, lawyer Ogun stated, “I firmly believe that this significant judgement represents more than just a triumph over the arbitrary misuse of Miss Folashade Molehin’s data privacy rights. It also serves as a clear indication that Nigerian courts are now prepared to expand the scope of our data privacy jurisprudence.”
Discussing the case strategy, Khadijah El-Usman, the Programmes Officer for Anglophone West Africa at Paradigm Initiative, mentioned, “We collaborated closely with F.O.Legal from the beginning of the case until the judgement to ensure that Folashade’s interests were always prioritized.” She added, “Paradigm Initiative is committed to upholding digital rights across the continent, which is why we will continue to address issues of rights violations through our Ripoti platform in order to offer comprehensive support to those in need. We are also enthusiastic about contributing to the establishment of legal precedents in the digital realm.”