A LAGOS State High Court has ordered Guaranty Trust Bank (GTB) to pay N5million in damages to a customer, Rebecca Temitope Bonje, for altering and deleting entries in her bank statements, a violation of her privacy rights and the Nigeria Data Protection Act (NDPA) 2023.
Justice Oluwakunle A. Oresanya of Court 58, Lagos Judicial Division, who delivered the judgment on September 18, 2025, in suit number LD/18590MFHR/2024, granted all reliefs sought by Bonje, marking a significant enforcement of digital privacy laws, amid rising public concern about how Nigerian banks handle customer data.
Bonje had sued the bank under Sections 37, 31(1)(c), and 40 of the 1999 Constitution (as amended), alongside the Fundamental Rights (Enforcement Procedure) Rules 2009, accusing GTB of issuing two conflicting account statements that misrepresented her transactions, discrepancies she said cost her a N6million property investment and caused severe emotional distress.
According to court filings, Bonje transferred N5.6million via GTB’s mobile app on May 26 and 28, 2023, to Haven Global Resources Limited for a property purchase.
However, subsequent statements she received, first automatically, then manually, omitted key entries linked to the transaction.
She argued that this violated Section 24(1)(e) of the NDPA, which forbids inaccurate or misleading processing of personal data, and breached her constitutional right to privacy under Section 37.
Despite multiple complaints, GTB allegedly refused to correct the discrepancies, contravening Section 34(1)(c) of the NDPA, which guarantees the right to rectification.
Her lawyers, Olumide Babalola and A. I. Offiong, described the bank’s actions as “unfair and non-transparent,” saying the altered records exposed her to financial and reputational damage.
However, GTB, through a 25-paragraph counter-affidavit filed by an account officer, Sodiq Jimoh, denied the claims.
The bank insisted that Bonje lacked sufficient funds for the disputed transfers and alleged that the transaction only occurred later, on November 10, 2023.
It, therefore, urged the court to dismiss the case as an abuse of process and challenged the court’s jurisdiction.
Justice Oresanya dismissed the objection, ruling that data protection rights fall within the constitutional right to privacy.
He stressed that bank statements constitute part of a customer’s protected economic identity and that any alteration amounts to a data breach.
Citing precedent from Medical and Dental Practitioners Disciplinary Tribunal v. Dr. John Okonkwo (2001), the Judge reaffirmed the sanctity of personal privacy unless overridden by a compelling state interest.
Finding GTB’s defence unsupported by evidence, the court declared the bank’s actions misleading, unfair and in breach of multiple sections of the NDPA and awarded N5million in general damages to Bonje for financial loss and emotional distress.
Justice Oresanya stressed that banks, as data controllers, must ensure fairness, transparency and integrity in handling customer data, in line with Central Bank of Nigeria (CBN) consumer protection guidelines.
Published:
Related articles
Recent articles
