More
    HomeGovernance, Policy & Regulations ForumPolicy & Regulations ForumNigerian Fintechs: Your Cookies Are Next After NDPC’s Landmark Fine

    Nigerian Fintechs: Your Cookies Are Next After NDPC’s Landmark Fine

    Published on

    spot_img

    In a move that sends shockwaves through Nigeria’s financial technology sector, the Nigeria Data Protection Commission (NDPC) has levied a staggering ₦555.8 million ($353,000) fine against Fidelity Bank PLC. The penalty, representing 0.1% of the bank’s annual gross revenue, was imposed after an investigation uncovered serious violations of the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019.

    The case originated from a complaint lodged in April 2023 by an individual whose personal data was allegedly used without consent to open a bank account. The NDPC’s subsequent investigation revealed that Fidelity Bank had engaged in a pattern of processing personal data without obtaining proper consent from individuals. This included the use of data collection tools such as cookies and mobile banking applications, with the bank’s app having been downloaded over a million times.

    The NDPC also found that Fidelity Bank relied on third-party data processors who were not in compliance with data protection regulations. The law mandates that organizations ensure their vendors and partners are equally accountable for handling personal data.

    The NDPC’s decision to impose the fine was not taken lightly. The Commission’s initial ruling was issued in July 2023, followed by a directive to pay a remedial fee in December 2023. Over the course of a year, the NDPC engaged in extensive communication with Fidelity Bank, issuing repeated warnings and providing ample opportunities for the bank to demonstrate accountability. However, the bank failed to provide a satisfactory remedial plan, leading to the landmark fine.

    Fidelity Bank’s Response

    In a statement released after the news of the fine broke, Fidelity Bank affirmed its commitment to data protection and strong corporate governance. The bank emphasized that it has always conducted itself with the highest ethical standards and ensured full compliance with data protection laws.

    The bank also provided a detailed timeline of its interactions with the NDPC, outlining the steps it took to address the initial complaint and its belief that no data breach had occurred. According to Fidelity Bank, the account in question was never operational and was closed in accordance with its data protection policy.

    Implications for the Fintech Industry

    If this fine is upheld, Nigerian fintechs could face significant scrutiny, with the NDPC potentially intensifying efforts to identify non-compliant companies across the internet. Recently, Meta was fined $220 million for breaching Nigeria’s data protection laws. The message from the NDPC is unequivocal: organizations that neglect data protection will encounter severe penalties.

    For fintech companies, especially those newer to the industry, this is a crucial moment to reassess their data handling practices. With the data protection law only recently enacted in July of last year, many companies may still be adjusting to its requirements. It is essential for fintech firms to closely evaluate their third-party data processors and ensure compliance throughout their operations.

    As Nigeria’s digital economy expands and the government seeks to bolster revenue, the protection of personal data is likely to become even more critical. The NDPC’s significant fine against Fidelity Bank signals a new phase of regulatory enforcement.

    This could be a clear signal to Nigerian fintechs to proactively review their data protection policies and procedures. The NDPC’s next target might be the cookies on your website or the data gathered by your mobile app.

    Latest articles

    Moniepoint Closes $200M Round to Push Merchant Banking Beyond Nigeria

    The raise, which includes Visa and Google, defies a broader African tech funding downturn and will fuel the $1bn-plus-valued company’s continental expansion.

    South Africa’s $1.5B Digital Bank TymeBank Rebrands Ahead of Dual NYSE-JSE Listing

    The digital bank has outlined plans for a dual public listing, with a primary listing on the New York Stock Exchange (NYSE).

    Nigerian VC Ingressive Capital Leads $1.1M Seed Round for Egypt’s SehaTech

    The investment will be used to expand SehaTech’s team, enhance its AI-powered platform, and scale its operations in Egypt and the wider region.

    CDC-CI Capital Doubles Down on Ivorian Tech with $1.4M Investment in Julaya

    This investment is the latest in a series of operations carried out by the public fund, which is actively deploying capital to support Ivorian tech companies.

    More like this

    Moniepoint Closes $200M Round to Push Merchant Banking Beyond Nigeria

    The raise, which includes Visa and Google, defies a broader African tech funding downturn and will fuel the $1bn-plus-valued company’s continental expansion.

    South Africa’s $1.5B Digital Bank TymeBank Rebrands Ahead of Dual NYSE-JSE Listing

    The digital bank has outlined plans for a dual public listing, with a primary listing on the New York Stock Exchange (NYSE).

    Nigerian VC Ingressive Capital Leads $1.1M Seed Round for Egypt’s SehaTech

    The investment will be used to expand SehaTech’s team, enhance its AI-powered platform, and scale its operations in Egypt and the wider region.