Following investigations into violations of Nigeria Data Protection Act, 2023 and the Nigeria Data Protection Regulation, 2019, Nigeria Data Protection Commission (NDPC) has fined Fidelity Bank Plc for data privacy violation.
The NDPC revealed that the lender was ordered to pay a sum of N555,800,000, representing 0.1% of the its annual gross revenue in 2023. NDPC revealed this on Wednesday, adding that the fine was to be paid within 14 days upon the receipt of the Notice.
The investigation into the data processing activities of Fidelity Bank PLC was triggered by a complaint from a data subject whose personal data was collected without lawful basis for the purposes of opening an account for the data subject.
NDPC revealed that the complaint was lodged with by the data subject in April 2023.
The Commission said it reviewed the data processing platforms of Fidelity Bank and found that in certain critical cases, the Bank processes personal data without informed consent of data subjects.
Specifically, the investigation revealed that data processing tools such as cookies and banking apps were deployed in violation of the NDP Act. Findings also showed that Fidelity’s banking App at the material time had been downloaded over one million times.
NDPC said: “Apart from internal non-compliance, the Bank relies on some non-compliant third-party data processors. The law not only enjoins an organization to be compliant, it also mandates its relevant vendors, agents or contractors, among others to be accountable when handling personal data of individuals.
It is to be noted that the initial decision of the Commission was issued since July 2023 and a directive to pay a remedial fee was issued in December 2023. Over ten correspondences were exchanged. The Commission issued repeated warnings to no avail.
“The Commission gave several opportunities for full accountability for over one year – taking into account the need to encourage compliance as a culture. However, Fidelity Bank did not provide requisite, satisfactory remedial plan.
Caveats
The National Commissioner and CEO of the Nigeria Data Protection Commission, Dr. Vincent Olatunji, enjoins Data Controllers and Data Processors to eschew acts that may undermine trust and confidence in Nigeria’s capacity to protect data driven decisions and transactions.
Dr. Olatunji notes that without demonstrable assurance of accountability in the exchange of goods and services, economic growth would be gravely hampered.
“However, through compliance with laws that protect freedoms of individuals, their lives and livelihoods, Nigeria will witness more and more momentum for sustainable development,” he said.
