GTCO Hit With ₦250,000 Fine Over Unsolicited Marketing Messages

A Federal High Court in Abuja has delivered a landmark judgment ordering Guaranty Trust Holding Company Plc (GTCO) to pay ₦250,000 in damages and litigation costs to a man who received unwanted promotional messages despite never being a customer. The ruling, delivered on June 11 by Justice Obiora Atuegwu Egwuatu, represents a significant win for data privacy rights in Nigeria and sets a precedent for how financial institutions must handle personal information.

READ ALSO:Nigeria’s Broadband Subscribers Surge to 120 Million as Internet Penetration Hits 48%

The case centered on Abdulmalik Muhaimin Onimisi, who owns a phone number but holds no account with GTCO or any of its subsidiaries. On April 9, 2025, he received an unsolicited text message from Guaranty Trust Fund Managers advertising Fund 724 with promised returns of 17.5 percent. The message came with no mechanism for opting out or requesting that future messages stop. Alarmed that a bank he had never worked with possessed his personal data, Onimisi immediately emailed GTCO demanding three critical things: disclosure of how they obtained his phone number, explanation of the legal basis for processing his data, and immediate cessation of all marketing communications.

The bank’s customer experience team acknowledged his complaint within 24 hours, issued a reference number, and promised resolution by April 14. That promise proved empty. On April 23, Onimisi received an identical promotional message. GTCO had neither disclosed the data source nor stopped marketing to him despite his explicit objection and the bank’s own written acknowledgment.

Justice Egwuatu’s judgment methodically applied both constitutional law and the Nigeria Data Protection Act 2023 to reach his conclusion. The court found that GTCO clearly violated section 37 of the Constitution, which guarantees privacy rights, and simultaneously breached sections 24, 34, 35, and 36 of the NDPA. The judge emphasized that Onimisi, as a non-customer who never voluntarily submitted his information, could not have given consent, whether express, implied, or otherwise. None of the six lawful bases for data processing, the court held, applied to his situation.

What became particularly striking was the court’s treatment of GTCO’s objection procedures. The judge found that once Onimski objected to direct marketing through his April 10 email, GTCO was legally required to stop immediately. The fact that the bank sent another identical message thirteen days later constituted a specific breach of his right to object under the data protection framework. The court issued a cease-and-desist order prohibiting GTCO from sending further marketing messages concerning Fund 724.

However, the judgment stopped short of what Onimski sought. The court refused to compel GTCO to disclose how it obtained his phone number, leaving that crucial question unanswered. It also awarded only ₦200,000 in general damages, far below the ₦35 million requested, and ₦50,000 in litigation costs instead of the ₦1 million requested. The court rejected his plea for ₦5 million in exemplary damages.

Onimski’s legal team has indicated plans to appeal, particularly on the quantum of damages and the refusal to order data source disclosure. The case signals that financial institutions cannot freely acquire and market to phone numbers without consent and that data protection breaches carry real legal consequences in Nigeria.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

AI Startup Sues U.S. Government Over Unprecedented Foreign National Ban on Anthropic Models.

Next Post

Sub-Saharan Africa Football Podcasts Surge 160%: New Spotify Data Reveals Growing Audio Appetite

Related Posts