The Central Bank of Nigeria (CBN) serves as the apex regulatory body for the financial services industry in Nigeria, wielding the authority to combat money laundering, terrorism financing, and proliferation financing of weapons of mass destruction. Empowered by the Banks and Other Financial Institutions Act 2020, the CBN Governor issued the Central Bank of Nigeria (Customer Due Diligence) Regulations, 2023 on June 20, 2023.
This regulation aims to enhance Anti-Money Laundering (AML), Combatting the Financing of Terrorism (CFT), and Countering Proliferation Financing (CPF) standards and compliance among financial institutions. Notably, it introduces a controversial provision mandating the submission of customers’ social media handles as part of the Know Your Customer (KYC) requirements.
The inclusion of this new Customer Due Diligence (CDD) requirement has sparked considerable debate, drawing criticism from key stakeholders, including the National Assembly and the Nigeria Data Protection Commission (NDPC). Critics argue that the regulation is unnecessary, arbitrarily restricts freedom of expression and privacy, and potentially violates the constitutional right to privacy as guaranteed under Section 37 of the Constitution of the Federal Republic of Nigeria, 1999.
Furthermore, concerns have been raised about the regulation’s compatibility with the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019. Critics contend that the regulation may contradict the principle of minimal data collection (Data Minimization) embedded in existing data protection laws in Nigeria.
This article aims to scrutinize the constitutional and statutory right to privacy in Nigeria, exploring the legal foundation for data processing by controllers in the financial services sector, specifically regarding social media-related personal data. Additionally, it will assess global practices in similar jurisdictions. The ultimate goal is to form a comprehensive position on the legality of the CBN’s new regulation within the framework of Nigeria’s privacy regime.
Constitutionally, Section 37 guarantees the right to privacy, emphasizing its significance and restricting derogation except under specific conditions outlined in Section 45 of the Constitution. The Nigeria Data Protection Act, enacted in June 2023, builds on its predecessor, the Nigeria Data Protection Regulation 2019, reinforcing privacy rights and introducing the concept of a legal basis for processing data.
Under the legal basis framework, data controllers or processors must establish grounds for collecting and processing data. These can include obtaining consent, fulfilling contractual obligations, complying with legal requirements, protecting vital interests, performing tasks in the public interest, or pursuing legitimate interests.
In conclusion, the Central Bank of Nigeria’s (CBN) issuance of the Central Bank of Nigeria (Customer Due Diligence) Regulations, 2023 has ignited a contentious debate surrounding the mandatory submission of customers’ social media handles as part of Know Your Customer (KYC) requirements. Positioned as a measure to fortify Anti-Money Laundering (AML), Combatting the Financing of Terrorism (CFT), and Countering Proliferation Financing (CPF) standards, the regulation has faced notable resistance from key stakeholders, including the National Assembly and the Nigeria Data Protection Commission (NDPC).
Critics argue that the regulation, by delving into individuals’ social media information, encroaches upon privacy rights and freedom of expression, potentially infringing upon the constitutional right to privacy as outlined in Section 37 of the Constitution of the Federal Republic of Nigeria, 1999. Moreover, concerns have been raised about the regulation’s alignment with the recently enacted Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019, with critics suggesting a possible contradiction with the principle of minimal data collection embedded in existing data protection laws in Nigeria.
To comprehensively assess the legality of the CBN’s regulation, this article undertakes a meticulous scrutiny of both constitutional and statutory provisions governing privacy in Nigeria. The exploration of global practices in jurisdictions facing similar challenges provides valuable context. Emphasizing the significance of Section 37 and the nuanced legal basis for processing data, the analysis will shed light on the implications of the CBN’s regulatory move within Nigeria’s evolving privacy landscape.
In the evolving digital age, where the intersection of financial regulations and individual privacy is increasingly complex, this examination strives to provide a balanced and informed perspective on the legitimacy of the CBN’s regulatory measures. The dynamic nature of privacy laws and the evolving global discourse on data protection underscore the importance of ongoing scrutiny and adaptability in navigating the delicate balance between regulatory imperatives and individual rights within the Nigerian financial landscape.
For professional advice on Accountancy, Transfer Pricing, Tax, Assurance, Outsourcing, online accounting support, Company Registration, and CAC matters, please contact Inner Konsult Ltd at www.innerkonsult.com at Lagos, Ogun state Nigeria offices, www.sunmoladavid.com. You can also reach us via WhatsApp at +2348038460036.