Your Data, Your Consent; The Role of Consent Financial Data Sharing
INTRODUCTION
The right to privacy is a fundamental right guaranteed and enshrined in the Nigeria Constitution which protects the privacy of Citizens, their homes, correspondence, telephone conversations and telegraphic communications. It is pursuant to this constitutional provision that the law on data privacy and protection derives it legitimacy. It becomes imperative to critically assess the role of consent in data collecting, processing and protection of data subject, from unlawful and illegal use of data voluntarily obtained by commercial institutions like banks under the Nigeria Data Protection Act 2023 and the General Application and Implementation Directive (GAID).
UNDERSTANDING CONSENT AND ITS IMPORTANT IN DATA PROTECTION
The fundamental rule in data privacy as it relates to data collection and processing, is that the data subject must consent to the giving and the use of such personal details like, your passport, date of birth, your finger prints and other financial information for whatever purposes.
It becomes necessary to understand consent. Accordingly, consent is a voluntary yielding to what another proposes or desires; agreement, approval, or permission regarding some act or purpose, especially given by a competent person; legally effective. Under the Regulation, consent is described as any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. In essence, the grant of consent involves a contractual, voluntary agreement between the data processor and the data subject.
By virtue of relevant provision of the Nigeria data protection Act and GAID data processing is considered lawful if the consent of the data subjects is sought and obtained. Hence, consent is the permission given by the data subject to the data controller to collect, process and store the personal information of the data subject for the purposes such consent was granted and nothing further. consent isn’t just a checkbox on a website. It must be clear, informed, and easy to take back. If someone asks for your data, they must explain why, how long they’ll keep it, and who else might see it. You should be able to say “yes” or “no” without pressure. And if you change your mind later, you can say “stop,” and they must respect that.
THE ROLE OF CONSENT IN FINANCIAL DATA SHARING
The growth in Information, Communication, Technology, E-commerce and Social Media in recent times, has resulted in an extraordinary demand for the personal data of data subjects across various institutions including banks and other financial institutions. From an economic standpoint, it has been submitted that personal data has become the new oil, based on its rapidly increasing value in the global digital economy. Multi-national organizations require this data to analyze consumer behaviours and patterns to make informed decisions before making their products or providing services, and since this data are not readily available for use, they can purchase it from third parties. Banks in Nigeria and other financial institutions have been in constant breach of data privacy provision, hence the risk of individual customer personal data being abused and their right to privacy under the constitution will be violated. The Nigeria data protection commission in June 2023 reported to have fined four Banks and three companies in Nigeria for breach of Nigerian personal information, which might as well end up in the hands of scammers and fraudstars.
Now imagine if your bank decides to share your personal information with another bank or give it out for research purposes to a third party? Under the regulations it is mandatory for a data controller or data processor to ensure that personal data is processed in a fair, lawful and transparent manner that the data collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes. Hence, the bank sharing your data with other banks and third parties without your consent is in breach of the above provisions. However, there instances under the Act that a data controller (banks) can share your data without your consent but this peculiar situations are heavily regulated, these instances includes:
Where the data subject has given and not withdrawn consent for the specific purpose or purposes for which personal data is to be processed.
For compliance with a legal obligation to which the data controller or data processor is subject, to protect the vital interest of the data subject or another person and for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or data processor.
Where the data is used for other purposes connected with the purpose that information was volunteered for.
It is noteworthy that under the above instances personal data processing shall not be legitimate where they override the fundamental rights, freedoms and the interests of the data subject and are incompatible with other lawful basis of processing under subsection.
CONCLUSION
Our discussion so far has covered the need to protect the constitutional right to privacy and the need for data controllers (banks) to seek and obtain the consent of data subjects before processing and sharing their personal and financial information. With the nation’s data ecosystem is now worth over N10 billion it is imperative to ensure that citizens’ data are safe, secure and protected in line with global best standards and practices.
To get more publications or get updated on our iLAWPD offers and oppurtuinities, join our membership waitlist.
