Skip to main content

Lawyer Sues Soko Loans Over Alleged Breach Of Data Privacy, Unsolicited Messages, Demands N100 Million Compensation

February 1, 2022

Babalola filed the suit at the Lagos State High Court, Lagos, accusing the loan company of sending him unsolicited messages and defamation.

A lawyer, Olumide Babalola has sued Soko Lending Company Limited, also known as Soko Loans, over alleged invasion of privacy, among other reasons.

 

Babalola filed the suit at the Lagos State High Court, Lagos, accusing the loan company of sending him unsolicited messages and defamation.

Image

He is also demanding an award of N100 million in damages for breach of his privacy.

 

In the suit filed at the Registry of the Court, the lawyer is asking for a declaration “that by virtue of article 2.2 of the Nigeria Data Protection Regulation 2019, the Respondent lacks lawful basis to process (collect, store and/or use) the Applicant’s personal data (especially his name and telephone number) to send the Applicant unsolicited and offensive WhatsApp messages and thereby interfered with the Applicant’s right to privacy guaranteed under section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (As amended)

 

“A declaration that the Respondent’s privacy policy (notice) published on its website http://www.sokoloan.com/#/privacy as of 1st day of February 2022 contravenes the provision of article 2.5 of the Nigeria Data Protection Regulation 2019 and thereby interfered with the Applicant’s right to privacy guaranteed by section 37 of the section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (As amended).

 

“Perpetual injunction restraining the Respondent from further processing (storing and using) the Applicant’s name and telephone number without a lawful basis. Damages in the sum of N100, 000, 000 (One Hundred Million Naira).”

 

He is also asking the court to determine “whether or not by the interpretation of article 2.2 of the Nigeria Data Protection Regulation 2019, the Respondent’s processing (i.e collection, use and storage) of the Applicant’s personal data (especially his name and telephone number) to send him unsolicited and offensive messages without any of the lawful bases interfered with the Applicant’s right to privacy guaranteed under section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (As amended)?

 

“Whether or not the Respondent’s privacy policy (notice) published on its website <http://www.sokoloan.com/#/privacy> as of the 1st day of February 2022 contravenes the provision of article 2.5 of the Nigeria Data Protection Regulation 2019 and thereby interfered with the Applicant’s right to privacy guaranteed by section 37 of the section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (As amended)?

 

“Whether or not in the event that this court finds the Respondent to have interfered with the Applicant’s right to privacy, the Applicant is entitled to damages without necessarily proving pecuniary losses.”

 

The suit, sighted by SaharaReporters, read further, “I do not maintain an account with the Respondent and I have never conducted any business with the Respondent entitling them to harvest, store or use my name or telephone number for any business or sundry purpose(s). I have never consented to the use of my personal information by the Respondent under any guise.

 

“In December 2021, the Respondent sent me a random WhatsApp message on my telephone line 08183645995 informing me of someone’s indebtedness and that I should prevail on the person to repay. I thought it was an error and I ignored the message since I did not even know the person.

 

“On the 31st day of January 2022, the Respondent’s employee named ‘Jide’ with telephone number 07035005483 sent me another WhatsApp message on my telephone number 08183645995 informing me that another person is owing them and that she has been acting like a criminal and that I should help them advise the person to be responsible. Attached and marked Exhibit 2 are the screenshots of the messages.

 

“I asked the Respondent’s employee – Jide – for the identity of the company owed and he answered ‘Soko Lending RichLoan’ and he provided the account details for repayment. Attached and marked Exhibit 3 is the screenshot of the confirmation. Again, I asked Jide how and where his company – the Respondent got my personal information from but he refused to disclose.

 

“Since I never had any business relationship with the Respondent, I became uncomfortable and disturbed that the Respondent’s employee (Jide) could invade my private space and hound me with text messages in their debt recovery bid, which is totally unrelated to me. Neither did I apply for a loan on behalf of a third party from the Respondent nor guarantee any loan obtained from them.

 

“At 6.49am on Tuesday, 1st day of February 2022, I visited the Respondent’s website’s privacy policy(notice) at <http://www.sokoloan.com/#/privacy> and found the following about the Respondent’s privacy and data protection practices: The Respondent’s privacy policy (policy) is not transparent on the technical methods used to store and collect personal information.

 

“The Respondent’s policy does not provide information on the third parties they share people’s personal data with. The policy does not state remedies in the event of privacy violation. Contrary to the clause of confidentiality in the policy, in their text message to me, the Respondent disclosed the identity of the debt and her guarantor as well as the amount owed. The policy does not provide clear information on the profiling it carries out.

 

“The Respondent’s policy does not state how its customers’ contact consented to the use of the personal information (especially their telephone numbers) harvested from their customers’ devices. The Respondent’s policy only states that in the event of default, they will reach out to the customers’ disclosed ‘contact’ but not to all the telephone numbers stored on the customers’ devices. There is no information on the Respondent’s Data Protection Officer (DPO) who is meant to answer questions relating to data protection.

 

“I found the Respondent’s unsolicited message an invasion of my privacy and breach of the extant data protection laws in Nigeria. From the preceding particulars, I strongly believe that: My right to privacy was breached by the Respondent when my personal data harvested from their customers’ device was used to send me unsolicited and offensive messages.

 

“I find it discomforting and traumatizing every time I recall that my telephone number is stored by the Respondent and used for their business purposes. I have suffered huge mental, psychological discomfort and inconvenience by the Respondent’s act. The thoughts of my personal sensitive information in the hands of a third party have put me in a constant state of psychological and mental stress for the fear of the unknown.

 

“I have suffered psychological and mental loss and trauma as I constantly feel a sense of irritation that a third party with whom I have had no business can send me unsolicited messages just for their own business gains. From all the particulars provided in the preceding paragraphs in this affidavit, I believe the following facts: The Respondent does not have in place verifiable organization policies that help them to respect privacy and ensure proper data protection practices as required by the Nigeria Data Protection Regulation 2019. The Respondent is put to the strictest proof of this. If the Respondent had organizational policy for securing and protecting personal data, they would not have sent such unsolicited message to me.”