We are engaging CBN on customers’ social media handles archiving – DPC
Olatunji said that before the establishment of the Nigerian Data Protection Act (NDPA), on June 12, indiscriminate collection of citizens’ data by Data Controller Organisations was not taken seriously.
The Nigeria Data Protection Commission (NDPC) says it is engaging the Central Bank of Nigeria (CBN) on its new directives to commercial banks to collect their customers’ social media handles.
The National Commissioner of the NDPC, Dr. Vincent Olatunji, said this in a statement issued by Mr. Itunu Dosekun, Head of Media, on Thursday in Abuja.
Supreme News recalls that the CBN on June 26 directed banks to obtain the social media handles of customers as part of enhanced Customer Due Diligence (CDD) regulations.
Olatunji said that before the establishment of the Nigerian Data Protection Act (NDPA), on June 12, indiscriminate collection of citizens’ data by Data Controller Organisations was not taken seriously.
He explained that there were prerequisite steps any Data Controller must take prior to the collection of data from data subjects.
He also said that any organisation that defaulted was going against the law and causing a data breach, as well as would attract fine.
“There are provisions in the law to go against any data controller, be it a private or government office, NGOs, or hotels, because we are pro-citizens.
“The whole idea of this law is to protect the rights and interests of Nigerians who are data subjects.
“We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data.
“There is data minimization, meaning you don’t collect data beyond the purpose for which it was intended; purpose limitation, what purpose is it for? he explained.
According to him, asking for social media handles is not necessary.
He, however, said that if the collection of the social media handles happened in the public interest, which could include monitoring some transactions, there should be proper awareness among the customers.
Olatunji added that they would be inquiring about why the CDD regulation came up and how best to resolve it in line with global best practices.
On the issue of the government tapping into some citizens’ mobile communications, perhaps for national security, among other reasons, Olatunji said that there were guidelines to follow.
He said the commission would be engaging with a lot of government institutions and data controllers to sensitize them on the requirements of the NDPA and data collection prerequisites.