Spam Emails Constitute an Invasion of Privacy: Court Awards N500, 000 Damages Against Zenith Bank


By Olumide Babalola

In 2020, I was invited to a round table conversation on the Canada’s Anti-Spam Legislation (CASL) which specifically protects consumers from spams and other digital threats to privacy. At the event, I argued that while Nigeria does not have a dedicated anti-spam legislation, section 37 of the Nigerian 1999 Constitution is wide enough to take care of such business malpractice and misuse of digital platforms for direct marketing purposes. Needless to say that, at the time of my speech, we had no Nigerian case law on the issue but thankfully, this has changed.

Unlike for spam emails, the Nigerian courts have had the opportunity of ruling on sending unsolicited SMS text messages as a violation of fundamental right to privacy in the decision in Emerging Market Telecommunications Services Ltd v Eneye (2018) LPELR – 46193(CA) among other decisions.

Interestingly, on the 16th day of March 2022, in a pro bono matter our Law Firm handled for a victim of unsolicited emails from a bank with which she did not maintain an account, the High Court of Ogun sitting in Ota ruled that sending of spam (unsolicited) emails constitutes violation of right to privacy guaranteed by section 37 of the Constitution of the Federal Republic of Nigeria, 1999.

In the case with suit number HCT/605/2021 between Omotola Quadri and Zenith Bank, the bank was sued for spamming our client with another customer’s transaction notifications for more than six months non-stop. When our Law Firm was briefed, we activated our client’s data protection right of Data Subject Access Request (DSAR) to which the bank responded that, our client’s email address was supplied by their customer during the account opening process, albeit without cogent proof.

ALSO READ   Supreme Court: A Tale of Two Rulings

When the unsolicited emails continued unabated, we approached the High Court seeking declaratory and compensatory reliefs that such mails interfered with the Applicant’s right to privacy and we argued inter alia that Zenith bank as a controller had a duty to ensure it periodically updates its customers’ personal information in compliance with the data protection principle of accuracy.

On the whole, the court agreed with us and ruled that the unsolicited emails from the bank violated our client’s right to privacy which interference entitled our client to damages assessed at N500, 000 (Five hundred thousand Naira)

Conclusively, even though the damages awarded is comparatively paltry, this decision has taken our privacy jurisprudence further by recognising and penalising the impropriety of sending spam or unsolicited emails as done in other jurisdictions.


Please enter your comment!
Please enter your name here