By Camillus Eboh
ABUJA (Reuters) – Nigeria’s data privacy agency has fined Fidelity Bank 0.1% of its 2023 revenue, or $358,580, for violating data laws in opening a customer account, the Nigeria Data Protection Commission (NDPC) said on Thursday.
This is the biggest fine the NDPC has imposed on an entity for data breaches, though Fidelity is challenging the decision.
The NDPC told Fidelity Bank, Nigeria’s mid-tier lender, to pay the equivalent of 555,800,000 naira ($358,580.65) within fourteen days for illegally collecting personal data to open an account for a customer following an investigation which started in April 2023.
Fidelity Bank in a statement on Thursday said it did not violate any law because there was no data breach, and that it did not complete the account opening process for the unnamed customer, whose complaint triggered NDPC’s investigation.
“As a bank, we remain in discussions with the NDPC over an amicable resolution to this matter,” the Fidelity statement read.
The NDPC said it reviewed Fidelity’s data processing platforms and found that “in certain critical cases, the bank processes personal data without informed consent of data subjects.”
It added that Fidelity deployed tools such as cookies and banking apps in violation of the law among other offenses.
($1 = 1,550.00 naira)
(Reporting by Camillus Eboh; Writing by Chijioke Ohuocha; Editing by Josie Kao)