The Federal High Court in Abuja has delivered a pointed reminder to Nigeria’s financial giants about the limits of data-driven marketing, ordering Guaranty Trust Holding Company Plc (GTCO) to stop sending unsolicited promotional messages to individuals who are not its customers.
In a judgment delivered on June 11, 2026, Justice Obiora Egwuatu ruled that GTCO’s actions violated the privacy rights of Mr. Abdulmalik Muhaimin Onimisi, who received a direct marketing text promoting “Fund 724” from Guaranty Trust Fund Managers, a subsidiary under the GTCO umbrella. The court grounded its decision in Section 36 of the Nigeria Data Protection Act 2023 and Section 37 of the 1999 Constitution.
Onimisi, who has never held an account with GTCO or its subsidiaries, argued that the bank obtained and used his personal data without consent. After receiving the April 9, 2025 message, he promptly demanded disclosure of the data source, the legal basis for processing, cessation of communications, and deletion of his information. When those requests went unheeded, he took the matter to court.
The ruling requires GTCO to cease and desist from such marketing to Onimisi and to disclose how it acquired his personal data, including any involvement of third-party data brokers. Justice Egwuatu declared the processing of Onimisi’s data for advertising purposes unlawful, illegitimate, null, and void, affirming a breach of fundamental rights.
GTCO’s defense centered on technicalities. Its counsel contended that the holding company was improperly served, that GTBank (a subsidiary) had no record of Onimisi as a customer, and that no messages originated from the bank itself. The bank maintained it possessed no personal data on the applicant and thus could not have violated his rights. The court was unpersuaded.
This case arrives amid heightened scrutiny of how Nigerian banks and fintechs handle personal data. The Nigeria Data Protection Act 2023 has given citizens clearer tools to challenge unauthorized processing, particularly for direct marketing. Similar disputes have surfaced against other institutions, with courts increasingly willing to award damages and injunctions for unsolicited communications.
For consumers, the frustration is familiar: promotional texts and calls that arrive uninvited, often at inconvenient times, eroding trust in institutions that already hold sensitive financial information. For banks, aggressive customer acquisition tactics especially cross-selling investment products like Fund 724 have become standard as they compete for deposits and assets under management in a challenging macroeconomic environment.
Yet the judgment underscores a key principle: consent is not optional, and a lack of prior relationship makes unsolicited outreach particularly vulnerable to challenge. The court emphasized that Onimisi could not have provided consent, expressly or impliedly, absent any relationship with the institution.
GTCO, one of Nigeria’s most prominent financial services groups, has built a reputation for innovation and customer-centric digital banking. This episode, while involving a single non-customer, highlights operational risks in data sourcing and group-wide marketing coordination. Holding companies and their subsidiaries must ensure compliance flows consistently across entities, especially when promoting products like mutual funds or share offerings.
The decision does not appear to impose massive financial penalties in the public reporting the focus remains on the injunction, declarations, and disclosure order. But its symbolic weight is significant. It reinforces the Nigeria Data Protection Commission’s mandate and signals to data controllers that courts will enforce individual rights even where no customer relationship exists.
Banks and telcos have faced parallel complaints for years, with varying success in litigation. What sets this apart is the explicit application to a non-customer and the demand for transparency on data provenance a potential opening for deeper inquiries into data brokerage practices in Nigeria.
As digital advertising scales, the tension between growth ambitions and privacy obligations is sharpening. Institutions may need to tighten vendor due diligence, audit data acquisition channels, and refine opt-in mechanisms that actually withstand judicial review. For consumers, the ruling offers a practical precedent: documented complaints and legal action can force behavioral change.
Nigeria’s digital economy is expanding rapidly, but sustainable growth depends on trust. Cases like this, though narrow, contribute to a maturing regulatory culture where convenience for the sender does not automatically trump the recipient’s right to be left alone. GTCO and its peers will likely study the judgment closely as they calibrate future outreach strategies. For now, one non-customer has successfully drawn a line and the industry is on notice.
English 
简体中文 
Čeština 
Deutsch (Sie) 
Français 
