LEGAL experts and data privacy advocates under the auspices of the Incorporated Trustees of the Data Privacy Lawyers Association (DPLA) and Etisang Solomon have filed a fundamental rights enforcement suit at the Federal High Court, Kaduna Judicial Division, against the Central Bank of Nigeria (CBN).
The suit, officially stamped by the court on April 8, 2026, seeks to nullify a CBN circular that restricts bank customers to a single lifetime amendment of phone numbers linked to their Bank Verification Numbers (BVN).
The circular titled “Addendum to the Revised Regulatory Framework for Bank Verification Number (BVN) Operations and Watchlist for the Nigerian Banking Industry,” was issued by the apex bank on March 12, 2026.
According to the provisions of clause (c) in that document, any amendment to phone numbers linked to a BVN shall be allowed only once, with the new provisions set to take effect from May 1, 2026.
Reacting to the CBN directive, legal experts and data privacy advocates argue that this timeline and the restriction itself violate multiple provisions of the 1999 constitution and the Nigeria Data Protection Act (NDPA).
They are seeking nine reliefs from the court, including declarations that the circular violates section 37 of the constitution regarding the right to privacy, Section 24(1)(e) and 34(1)(c) of the NDPA, along with orders nullifying the impugned clause, a perpetual injunction restraining the CBN from enforcing it, and a mandamus directing the CBN to review and amend the circular.
In an affidavit sworn on behalf of the applicants, Christopher Yange highlighted the practical dangers of the policy, noting that telecommunications providers frequently recycle, deactivate, or reassign numbers that have been lost or stolen.
He cited a report from the Foundation for Investigative Journalism (FIJ) to demonstrate that phone numbers are not static assets.
Furthermore, the legal experts and data privacy advocates also contend that if a customer’s number is compromised after their single permitted update, they would be permanently barred from correcting their financial records, leaving sensitive data such as transaction alerts and One-Time Passwords (OTPs) vulnerable to interception by third parties.
The applicants’ counsel, Olumide Babalola, Emmanuel Okpara, and Frank Ijege of Olumide Babalola LP, in a detailed written address spanning over 12 pages, framed the case around three core legal issues.
(ICIR)
