More
    HomeGovernance, Policy & Regulations ForumPolicy & Regulations ForumNigerian Fintechs: Your Cookies Are Next After NDPC’s Landmark Fine

    Nigerian Fintechs: Your Cookies Are Next After NDPC’s Landmark Fine

    Published on

    spot_img

    In a move that sends shockwaves through Nigeria’s financial technology sector, the Nigeria Data Protection Commission (NDPC) has levied a staggering ₦555.8 million ($353,000) fine against Fidelity Bank PLC. The penalty, representing 0.1% of the bank’s annual gross revenue, was imposed after an investigation uncovered serious violations of the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019.

    The case originated from a complaint lodged in April 2023 by an individual whose personal data was allegedly used without consent to open a bank account. The NDPC’s subsequent investigation revealed that Fidelity Bank had engaged in a pattern of processing personal data without obtaining proper consent from individuals. This included the use of data collection tools such as cookies and mobile banking applications, with the bank’s app having been downloaded over a million times.

    The NDPC also found that Fidelity Bank relied on third-party data processors who were not in compliance with data protection regulations. The law mandates that organizations ensure their vendors and partners are equally accountable for handling personal data.

    The NDPC’s decision to impose the fine was not taken lightly. The Commission’s initial ruling was issued in July 2023, followed by a directive to pay a remedial fee in December 2023. Over the course of a year, the NDPC engaged in extensive communication with Fidelity Bank, issuing repeated warnings and providing ample opportunities for the bank to demonstrate accountability. However, the bank failed to provide a satisfactory remedial plan, leading to the landmark fine.

    Fidelity Bank’s Response

    In a statement released after the news of the fine broke, Fidelity Bank affirmed its commitment to data protection and strong corporate governance. The bank emphasized that it has always conducted itself with the highest ethical standards and ensured full compliance with data protection laws.

    The bank also provided a detailed timeline of its interactions with the NDPC, outlining the steps it took to address the initial complaint and its belief that no data breach had occurred. According to Fidelity Bank, the account in question was never operational and was closed in accordance with its data protection policy.

    Implications for the Fintech Industry

    If this fine is upheld, Nigerian fintechs could face significant scrutiny, with the NDPC potentially intensifying efforts to identify non-compliant companies across the internet. Recently, Meta was fined $220 million for breaching Nigeria’s data protection laws. The message from the NDPC is unequivocal: organizations that neglect data protection will encounter severe penalties.

    For fintech companies, especially those newer to the industry, this is a crucial moment to reassess their data handling practices. With the data protection law only recently enacted in July of last year, many companies may still be adjusting to its requirements. It is essential for fintech firms to closely evaluate their third-party data processors and ensure compliance throughout their operations.

    As Nigeria’s digital economy expands and the government seeks to bolster revenue, the protection of personal data is likely to become even more critical. The NDPC’s significant fine against Fidelity Bank signals a new phase of regulatory enforcement.

    This could be a clear signal to Nigerian fintechs to proactively review their data protection policies and procedures. The NDPC’s next target might be the cookies on your website or the data gathered by your mobile app.

    Latest articles

    Binance Exec Denied Bail in Nigeria, Again After Nearly a Year

    Gambaryan’s lawyer argued that his client’s health was in a “perilous” state, requiring urgent surgery for a herniated disc as well as psychiatric care due to severe anxiety and depression.

    Ivorian Fintech Waribei Secures Pre-Seed Funding to Expand its Digital Platform

    Waribei was founded by Ladislas Pham and Frédéric Fameni. The startup’s platform addresses a long-standing issue in West Africa’s retail sector: the limited availability of credit to SMEs.

    Endeavor South Africa Raises $10.8M in First Close of Harvest Fund III, Targets African Tech Firms 

    Endeavor aims for similar outcomes with Harvest Fund III, targeting a return of 25%, or three to four times the invested capital.

    Transform Health Fund Closes at $111M, Targets More Health-Tech After Kenya’s Lapaire

    By backing businesses focused on local supply chains, innovative care delivery, and digital solutions, the fund seeks to strengthen Africa’s healthcare systems while offering risk-adjusted returns to investors.

    More like this

    Binance Exec Denied Bail in Nigeria, Again After Nearly a Year

    Gambaryan’s lawyer argued that his client’s health was in a “perilous” state, requiring urgent surgery for a herniated disc as well as psychiatric care due to severe anxiety and depression.

    Ivorian Fintech Waribei Secures Pre-Seed Funding to Expand its Digital Platform

    Waribei was founded by Ladislas Pham and Frédéric Fameni. The startup’s platform addresses a long-standing issue in West Africa’s retail sector: the limited availability of credit to SMEs.

    Endeavor South Africa Raises $10.8M in First Close of Harvest Fund III, Targets African Tech Firms 

    Endeavor aims for similar outcomes with Harvest Fund III, targeting a return of 25%, or three to four times the invested capital.