Breaking News

UBA fined N8m for violation of customer’s data privacy

 




THE United Bank of Africa (UBA) Plc has received a fine of N8 million for grossly violating a customer’s right to data privacy.

The matter was funded by Paradigm Initiative (PIN) through its digital rights reporting platform, Ripoti.

In a statement issued on Tuesday, June 11, by the social rights advocacy group, UBA was found liable for unilaterally opening a domiciliary account for one Folashade Molehin without her consent, breaching her right to data privacy.

According to PIN, the Lagos Judicial Division judge, A. O. Faji said the bank failed to comply with the requirements of the tier one domiciliary account which to all intents and purposes, is a limited account that for its continued operation requires know-your-customer (KYC) compliance, and which has not been done.

“Indeed the customer does not want to continue operating the account and has asked for it to be closed but the bank is still holding onto it. These facts show an unfortunate and unexplainable insistence by this bank to prolong the applicant’s agony and to continue to ride roughshod on the applicant’s rights even in the face of a decision by the applicant to close the account…I cannot imagine what the bank hopes to gain from this,” PIN quoted the Judge to have observed.

The PIN said further that Molehin had sought a court declaration that the UBA’s unilateral opening of the domiciliary account without her consent or prior knowledge was a gross violation of her right to data privacy as enshrined in Section 37 of the 1999 Constitution of the Federal Republic of Nigeria.

It is also a gross breach of the Nigeria Data Protection Regulation, 2019, it noted.

The PIN narrated that Molehin had told the court she submitted her bank details to her employer for purposes of payment of her monthly salary.

It said her employer transferred her salary to her Savings Account and she waited in vain for the bank to confirm that $300 had been lodged in her savings account.

Molehin later received a text message from UBA informing her a domiciliary account had been created for her without her consent and the said amount deposited into the account.

On visiting the bank’s Ojodu branch she was informed the account had indeed been opened in her name, and the amount was deposited in the said new account.

The PIN noted that the bank pleaded that the case be struck out for lack of jurisdiction which the court ruled otherwise.

The PIN also noted that UBA contended there was no processing of the customer’s data in opening the account, but the Judge, while referring to the expression processing in the Nigeria Data Protection Regulation (NDPR) clause 1.3 (xxi) ruled that the data was adapted to create the tier-one domiciliary account for the customer.

No comments