Court upholds CBN’s regulation on the collection of customers’ social media handles.
A Central Bank of Nigeria (CBN) regulation requiring financial institutions to request and gather the social media handles of their customers as part of the usual Know-Your-Customer process has been upheld by the Federal High Court in Lagos as not violating the right to privacy.
A Lagos-based attorney named Chris Eke sued Justice Nnamdi Dimgba, requesting a ruling that the Central Bank of Nigeria (Customer Due Diligence) Regulations, 2023’s Section 6(a)(iv) is undemocratic, unconstitutional, and void because it contradicts Section 37 of the Federal Republic of Nigeria’s 1999 Constitution (as revised).
In addition, the applicant had requested a permanent injunction to stop CBN from implementing the rule mandating that banks seek for social media accounts of their clients as part of standard due diligence procedures.
In answer to the action, the CBN challenged its competence with a notice of preliminary objection. Furthermore disputing the argument that the aforementioned regulation interferes with the applicant’s private life was the apex bank.
Justice Dimgba tossed down the lawsuit after ruling that the preliminary objection notice had merit.
The judge said that giving a social media account is like giving a bank an email address, phone number, or other way to get in touch with a prospective client or do due investigation to see whether they are a good fit for the company. As so, the regulation does not infringe upon the right to privacy.
Justice Dimgba said it would be ludicrous to accuse the CBN of violating privacy when the purpose of having a social media account was to be publicly visible in terms of communication.
“First, the applicant claims that the requirements of the CBN Regulations for financial institutions to request and collect the social media handles of their customers as part of KYC infringe on his right to privacy.” the judge said.
“This claim is really far out and quite audacious. Regulations stated above are aimed at financial institutions. It does not cover private persons like the petitioner.
“This claim is speculative because the affidavit in support does not state that the Applicant operates an account with a financial institution or that the said institution has demanded his social media handle,” even if the Regulations themselves, as asserted, would certainly harm the Applicant. That this regulation might harm him is therefore a highly speculative claim.
Second, there is no evidence proving that any financial institution started putting this regulation into effect, which would have upset and inconvenienced the common people. In such case, it would be logical to classify the litigation as one of public interest.
Thirdly, the candidate, presuming he already had a bank account or was about to get one, might still decide not to do business with any bank that insisted on using his social media handle for KYC even if the banks had already begun enforcing these rules. They could investigate different possibilities instead.
Fourthly, and maybe most importantly, I fail to see how requesting a social media account of a banking customer or prospective client can ever be considered a privacy violation.
We value that the Federal Republic of Nigeria 1999 (as amended) guarantees and safeguards, among other things, the privacy of its citizens, their houses, letters, phone calls, and telegraphic communications.
“In my opinion, giving a social media handle belongs in the same category as giving a possible client of a bank an email address, phone number, and other contact information.
“Thus, it is evident from the face of the Regulations as described above that email addresses, phone numbers, and social media handles are all provided for under clause 6iv just to show that the aim was not to pry on anyone but rather to provide alternative ways by which a customer of the bank can be contacted, and or due diligence conducted on the person to determine if the person is a fit and proper person to extend banking services to.
Where this violates the right to privacy is beyond me. Even more so, I would argue that the main purpose of a social media account was to be communicated with openly. It seems therefore rather ironic, if sardonic, that one can argue that requesting information about a social media account that the person uses to expose and immerse themselves in the public can be a breach of privacy rights, which are all about keeping oneself hidden from the public eye.
I also know that occasionally, even when completing corporate applications, this kind of personal information is asked for, and most people comply. Why now, if it does not currently amount to a privacy violation?
“A social media handle is made public for everyone to view; people are free to see it whether or not they have given permission. Holding the respondent in breach of privacy for what other individuals have access to would be utterly illogical.
“It is obviously speculative in and of itself for the applicant to worry that his social activities are being watched, and it is also quite unbelievable that the financial institutions have the luxury of time to worry about such frivolities.
“Generally speaking, I would have dismissed the lawsuit for the reasons listed if I had not upheld the NPO. However, the claim is now dismissed because the NPO has been upheld.
I give no cost orders.