Court Orders GTCO to Stop Sending Messages to Non-customer

The Federal High Court in Abuja has ordered Guaranty Trust Holding Company Plc (GTCO) to cease and desist from sending direct marketing messages introducing “Fund 724” by Guaranty Trust Fund Managers to a non-customer, pursuant to Section 36 of the Nigeria Data Protection Act, 2023.

The Federal High Court in Abuja has ordered Guaranty Trust Holding Company Plc (GTCO) to cease and desist from sending direct marketing messages introducing “Fund 724” by Guaranty Trust Fund Managers to a non-customer, pursuant to Section 36 of the Nigeria Data Protection Act, 2023.

Justice Obiora Egwuatu made the declaration in a judgment delivered on June 11, 2026, according to the Certified True Copy seen by Nairametrics.

The judge also directed the bank to disclose the source from which it obtained the applicant, Mr. Abdulmalik Muhaimin Onimisi’s, personal data, including any third parties or data brokers involved.

Onimisi had sued Guaranty Trust Holding Company Plc over an alleged data privacy breach.

What they are saying

According to the applicant’s lawyer, Barrister Oladipupo Ige, his client’s case is that he is not an account holder in any of GTCO’s subsidiaries.

On April 9, 2025, he said his client received an unsolicited promotional text message advertising “Fund 724” by Guaranty Trust Fund Managers, a subsidiary of the respondent.

• “The Applicant never provided his personal information to the bank and was alarmed by the apparent possession and use of his personal data,” the lawyer argued.

Consequently, on April 10, 2025, he sent an email to the bank requesting disclosure of the source of his personal data, disclosure of the legal basis for processing his data, immediate cessation of all marketing communications, and deletion of his personal data from the bank’s databases.

The lawyer urged the court to hold that the bank’s refusal to disclose the source of his client’s data raises concerns about the unlawful acquisition, sharing, and commercialization of personal information, and that the continued processing of his data has caused psychological distress, apprehension, loss of business opportunities, as well as time and financial costs.

• In its response, the bank’s counsel, G.O. Ejem, argued that the bank was wrongly served with the originating process because the actual respondent named in the suit is Guaranty Trust Holding Company Plc (GTCO Plc), which is a separate legal entity from Guaranty Trust Bank Ltd (GTBank), the entity that was served with the process.
• The lawyer stated that GTBank, upon receiving the originating processes, searched its records and discovered that the applicant is not a customer of GTBank and has no account or personal information with the bank.
• He added that GTBank has never sent any message to the applicant.

The lawyer further argued that GTBank never violated the applicant’s rights or any other fundamental right, as it does not possess or retain any personal data belonging to the applicant and therefore could not comply with the applicant’s demands relating to data processing.

• “Further, the Applicant has failed to prove any psychological trauma, business loss, or damage allegedly suffered as a result of the unsolicited messages.
• “The Applicant has unnecessarily dragged GTBank into litigation despite the bank not being responsible for the acts complained of,” the lawyer argued, urging the court to dismiss the suit against it.

More Insights

Delivering judgment in the case, Justice Egwuatu held that the bank, in the ordinary course of its business, retains, processes, and maintains banking information for its customers and is also the holding company for Guaranty Trust Fund Managers, on whose behalf it sent direct marketing messages to the applicant.

He held that the evidence showed that the applicant is not a customer of the respondent and had never voluntarily provided or submitted any personal information to the respondent.

• “Thus, the Applicant could not have and did not provide consent for the processing of his personal data, particularly for direct marketing purposes, whether expressly, impliedly, or through any pre-existing relationship,” the judge held.

The judge further held that the applicant had established his case that the bank breached his right to privacy as guaranteed under Section 37 of the Constitution.

• Consequently, the court declared that the processing of the applicant’s personal data by the bank for advertising and direct marketing purposes was unlawful, illegitimate, null, and void.
• The judge also declared GTCO’s unsolicited advertisement text message to a non-customer unlawful.

The court held that the bank breached the applicant’s fundamental rights arising from the actions and inactions of the bank.

What you should know

Central to the trial court’s judgment is the Nigeria Data Protection Act, 2023.

The Act guarantees data privacy and protection rights.

Its objective is to safeguard the fundamental rights, freedoms, and interests of data subjects as guaranteed under the 1999 Constitution.

The Act also ensures that data controllers and data processors fulfil their obligations to data subjects.