Fundamental Human Rights Enforcement: On Whether Sending Text Messages on Products and Services of a Bank Amounts to an Infringement of the Right to Privacy

On 15th May 2024, the Federal High Court, Lagos Division per Digmba J. delivered the judgment in Suit No: FHC/L/CS/2488/22 – Udegbe Chibuzo Ifeoma v. United Bank for Africa. This is an important judgment on the fundamental right to privacy and the extent to which the receipt of unsolicited text messages from another party amounts to a breach of privacy. It emphasizes key elements required to establish a breach of privacy including the distribution of personal data to a third party, and the absence of consent of the data subject.

​​

The decision also explores the concept of “processing” of personal data and the range of activities that qualify as such under the Nigeria Data Protection Regulations (NDPR) 2019. It clarifies that a Bank acting on information provided by its customer would not be regarded as processing another individual’s personal data, as to amount to a breach of that individual’s data privacy rights.

The Applicant claimed that the Respondent had breached her fundamental right to privacy, dignity of her person and data privacy rights guaranteed under Sections 37, 34, and 46 of the Constitution of the Federal Republic of Nigeria, 1999 (As Amended) and Articles 4 and 5 of the African Charter on Human and Peoples Rights (Ratification and Enforcement) Act, by sending unsolicited text messages regarding its products and services to her telephone number. The Applicant sought, amongst other reliefs, a declaration that the act of harvesting her personal data without lawful basis and sending her unsolicited messages is  a violation of her right to privacy, and for this, she asked that the Court perpetually injunct the Respondent and award general and exemplary damages against the Respondent.

The Respondent’s defence was that the phone number of the Applicant had been provided by the Applicant’s elder sister while opening an account with the Respondent, which had led the Respondent to send the messages to the said mobile number.

The court (per Dimgba J.) dismissed the Applicant’s entire claim for lack of merit.

A few key points from the judgment are as follows:

  • Considering the dicta in Emerging Markets Telecommunications Services Ltd v. Eneye (2018) LPELR-46193 (CA) and MTN Nigeria Communications Ltd v. Eneye (Appeal No: CA/A/689/2013 (Unreported), the mere sending and receiving of text messages without solicitation is not enough to ground an action for unconstitutional breach of privacy. A breach of the right to privacy must be predicated upon a prior unauthorised disclosure of the personal phone number of the subscriber to the third party (a product marketer in the cases cited) who begins to send unsolicited messages.
  • The Applicant’s phone number had been voluntarily given to the Respondent by the Applicant’s elder sister whose banking information and transactions were sent to the phone number. The right to complain inhered in the Applicant’s sister but was not exercisable due to the principle of volenti non fit injuria.
  • The Respondent acted timeously in resolving the Applicant’s formal complaint by promptly ceasing sending text messages to the Applicant’s phone number. The Respondent was, therefore, not liable for a breach of the Applicant’s right to privacy.
  • Considering the definition of “processing” in Regulation 1.3(xxi) of the Nigerian Data Protection Regulations (NDPR), the Respondent did not process the Applicant’s personal data as it only acted on information provided by one of its customers – the Applicant’s elder sister.

 

--

Read the original publication at ǼLEX