A Federal High Court in Abuja has barred Guaranty Trust Holding Company Plc (GTCO) from sending direct marketing messages to individuals who are not its customers, in a ruling that strengthens data privacy protections for Nigerians.
Justice Obiora Egwuatu delivered the judgment on June 11, 2026, declaring that GTCO's processing of the applicant's personal data for advertising and direct marketing was unlawful, illegitimate, and void. The court cited Section 36 of the Nigeria Data Protection Act, 2023.
The case was brought by Mr. Abdulmalik Muhaimin Onimisi, who received an unsolicited promotional text message on April 9, 2025, advertising "Fund 724" by Guaranty Trust Fund Managers, a subsidiary of GTCO. Onimisi is not a customer of GTCO or any of its subsidiaries.
His lawyer, Barrister Oladipupo Ige, told the court that his client never provided personal information to the bank and was alarmed by the bank's apparent possession and use of his data. On April 10, 2025, Onimisi sent an email to GTCO demanding disclosure of the source of his personal data, the legal basis for processing it, immediate cessation of all marketing communications, and deletion of his data from the bank's databases.
The bank's counsel, G.O. Ejem, argued that the originating process was served on Guaranty Trust Bank Ltd, a separate legal entity from the named respondent, GTCO Plc. He stated that GTBank searched its records and found that the applicant is not a customer and has no account with the bank. He added that GTBank never sent any message to the applicant and urged the court to dismiss the suit.
Justice Egwuatu rejected that argument, holding that GTCO, in the ordinary course of its business, retains and processes banking information and is the holding company for Guaranty Trust Fund Managers, on whose behalf it sent the direct marketing messages. He noted that the applicant had never voluntarily provided any personal data to the respondent and could not have given consent for processing.
"Thus, the Applicant could not have and did not provide consent for the processing of his personal data, particularly for direct marketing purposes, whether expressly, impliedly, or through any pre-existing relationship," the judge held.
The court further directed GTCO to disclose the source from which it obtained Onimisi's personal data, including any third parties or data brokers involved.
The ruling also declared that GTCO breached the applicant's right to privacy as guaranteed under Section 37 of the 1999 Constitution. The judge declared the bank's unsolicited advertisement text message to a non-customer unlawful.
The Nigeria Data Protection Act, 2023, which formed the basis of the judgment, safeguards the fundamental rights, freedoms, and interests of data subjects and ensures that data controllers and processors fulfil their obligations. The ruling serves as a warning to financial institutions and other data controllers about the legal consequences of processing personal data without consent.

