The Nigeria Data Protection Commission (NDPC) says it is engaging the Central Bank of Nigeria (CBN) on its new directives to commercial banks to collect their customersโ social media handles.
NDPC national commissioner Vincent Olatunji disclosed this in a statement by its spokesperson Itunu Dosekun on Thursday.
โWe are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizensโ data,โ stated the NDPC chief.
On June 26, the CBN directed banks to obtain customersโ social media handles as part of enhanced Customer Due Diligence (CDD) regulations.
Mr Olatunji said before the establishment of the Nigerian Data Protection Act (NDPA) on June 12, indiscriminate collection of citizensโ data by data controller organisations was not taken seriously.
He explained that there were prerequisite steps any data controller must take before collecting data from data subjects, stressing that any organisation that defaulted was going against the law and causing a data breach and would attract a fine.
โThere are provisions in the law to go against any data controller, be it private or government office, NGOs, hotels, because we are pro-citizens. The whole idea of this law is to protect the rights, the interests of Nigerians who are data subjects,โ Mr Olatunji explained.
He noted that there โis data minimisation, meaning you donโt collect data beyond the purpose for which it was intended, purpose limitation, what purpose is it for.โ
According to the NDPC boss, asking for social media handles is unnecessary. However, he said if the collection of the social media handles happened under public interest, which could include monitoring some transactions, there should be proper awareness among the customers.
Mr Olatunji added that NDPC would inquire why the CDD regulation came up and how best to resolve that in line with global best practices.
(NAN)