UBA Nigeria ordered to pay ₦8m for violating customer’s data privacy

-

A Nigerian court has ruled that the United Bank of Africa (UBA) must pay a customer, Folashade Molehin, the sum of ₦8,000,000 for violating her right to data privacy.

The bank opened a domiciliary account in her name without her consent, which constitutes a breach of her privacy rights.

Justice A O Faji of the Lagos Judicial Division held that the bank failed to meet the necessary requirements for opening a tier one domiciliary account, including Know Your Customer (KYC) compliance, and therefore liable for the violation.

The case was supported by Paradigm Initiative’s digital rights reporting platform, Ripoti.

The judge noted in the ruling that the customer has explicitly requested account closure, yet the bank refused to comply, inexplicably prolonging the customer’s distress and blatantly disregarding her rights, despite her clear decision to terminate the account.

“I cannot imagine what the bank hopes to gain from this,” the Judge observed.

Customer Sues Bank for Unilateral Account Opening, Data Privacy Breach

The customer, represented by Festus Ogun, took legal action to determine whether the bank’s unilateral opening of a domiciliary account without her consent constituted a violation of her right to data privacy.

She sought a court declaration that the bank’s actions were a clear breach of her constitutional rights under Section 37 of the 1999 Constitution and the Nigeria Data Protection Regulation, 2019, as they opened the account without her knowledge or consent.

The customer testified in court that she had provided her bank information to her employer for salary payments, which were typically deposited into her Savings Account.

However, instead of receiving confirmation of a $300 deposit into her Savings Account, she received a text message from UBA Bank stating that a domiciliary account had been opened in her name without her consent and the funds were deposited there.

When she visited the bank’s Ojodu branch, she was informed that indeed a new account had been opened in her name and the funds were deposited into it, without her knowledge or consent.

Court rejects UBA’s bid to dismiss data privacy case

The bank argued that the court dismisses the case for lack of jurisdiction. However, the court disagreed, ruling that it did indeed have the jurisdiction to preside over Folashade’s claims and allow the case to proceed.

The court observed that the bank’s hasty actions were unjustified, as they could have easily contacted the customer by phone or text message, like they did to notify her of the credit, instead of unilaterally opening a new account.

The judge noted that the bank failed to respond to the customer’s request to close the account, and despite having the opportunity to explain themselves, they chose not to, leaving the customer with no choice but to withdraw the funds from the account. The bank’s lack of response and explanation demonstrated a lack of good faith, the judge added.

Judge questions UBA’s ‘good faith’ claim

The judge questioned the bank’s claim of good faith in opening the account, stating that responding to the customer’s inquiries, even if not required, would have demonstrated their sincerity.

The bank argued that there was no processing of the customer’s data during the account opening process. However, the Judge, citing clause 1.3 (xxi) of the Nigeria Data Protection Regulation (NDPR), determined that the data was indeed used to create the tier-one domiciliary account for the customer.

In response to the ruling, counsel for the customer, Ogun believed that the ruling not only marks a triumph over the arbitrary violation of Miss Folashade Molehin’s data privacy rights but also demonstrates the Nigerian courts’ readiness to expand the scope of our data privacy legal framework.

“I sincerely believe that this landmark judgement is not just victory over arbitrary abuse of Miss Folashade Molehin’s data privacy rights. It is equally a clear testament that the Nigerian courts are now willing to enrich the scope of our data privacy jurisprudence.”

The Programmes Officer for Anglophone West Africa at Paradigm Initiative, Khadijah El-Usman, stated, they collaborated closely with F.O. Legal from the beginning of the case until the judgment to ensure that Folashade’s interests were consistently prioritized.

“Paradigm Initiative remains dedicated to ensuring digital rights are respected all over the continent and that is why we will not relent in taking up issues of rights violations through our Ripoti platform in a bid to provide a wide array of support to those who need it. We are also pleased to join efforts to create legal precedent around digital issues,” she said.