It started with a pizza.
In March 2023, Chukwunweike Araka placed an order on Jumia Foods, delivered from Domino’s Pizza. The food came quickly. So did messages he did not solicit.
Days later, Araka’s phone lit up with promotional texts from Domino’s — and they kept coming. Araka reached out to Jumia Foods, hoping to quickly resolve the matter. But the texts continued.
In a judgment handed down on February 2, 2025, Justice Emeka Nwite of the Federal High Court in Abuja found Domino’s Pizza — through its Nigerian master franchisee, Eat N’ Go Ltd — to have unlawfully used Araka’s personal data for marketing. The court ordered the company to erase his data and pay ₦3 million in damages.
The case, filed in July 2024, spotlighted two of Nigeria’s most recognizable brands — Domino’s Pizza and Jumia Foods (now defunct) — and their handling of customer data under the Nigeria Data Protection Act, 2023.
Araka, a lawyer, sued Ecart Internet Services (operators of Jumia) and Eat N’ Go Ltd, arguing that the former improperly shared his data and the latter misused it by bombarding him with unsolicited marketing messages — even after he asked them to stop.
He demanded ₦20 million in exemplary damages, ₦100 million in general damages, and ₦5 million for litigation costs. While the court declined most of the monetary requests, it held Domino’s liable for violating Araka’s privacy rights and awarded ₦3 million in general damages.
According to court documents seen by Pluboard, Jumia did not deny that its business model involves sharing customer data — such as phone numbers and delivery addresses — with partner restaurants for the sole purpose of fulfilling food orders.
But Araka insisted that his agreement was with Jumia, not Domino’s — and certainly not for Domino’s to use his contact details for direct marketing.
In January 2024, after the unrequested messages started coming in, Araka emailed Jumia to ask how his data had been shared. Jumia responded, explaining the data transfer was necessary to fulfill his order and denying any responsibility for the promotional messages.
Araka then formally asked Domino’s to stop using his personal information for marketing. Still, the messages kept coming. Even after Jumia contacted Domino’s to stop, the spam continued.
Domino’s, for its part, argued that it only sent bulk promotional messages to clients — with an opt-out option — and claimed Araka had not shown how his rights were infringed or that he suffered any harm. It also said it had acted once Jumia flagged the complaint. The messages, it said, only resumed after Araka placed another order through Glovo.
But Justice Nwite disagreed.
“The very act of sending direct marketing messages to the Applicant is clearly outside the lawful purpose, neither was it for the purpose of performing the contract for which it was entered,” the judge ruled. “It is unlawful by the provisions of the NDPA Act to use the data for other purposes.”
The court cleared Jumia of wrongdoing, stating it had acted properly by forwarding Araka’s complaint to Domino’s. Justice Nwite cited a key email from Araka in which he said he would “hold Domino’s solely responsible” for the continued breach.
“It is shocking to me to say the least that the Applicant, having absolved the 1st Respondent of any liability, would seek reliefs or remedies from the same party,” the judge added.
The court also rejected Domino’s claim that a customer’s repeat orders revalidated its right to market to them.
“The question that must be asked is, was there a time the Applicant at any point consented to the use of his personal data for direct marketing messages? The answer is clearly No!”
Besides the ₦3 million payout, the court ordered Domino’s to permanently delete Araka’s data and to “cease and desist” from sending him any further messages.
Privacy advocates hailed the ruling as a major win for data protection in Nigeria.
“The Nigeria Data Protection Act, 2023, has simplified the process of taking legal action against organizations that violate your data privacy rights,” said David Odes, a cybersecurity and privacy specialist and founder of Web Security Lab, in a post on X.
“I anticipate that this trend of damage payouts will continue for the next few years until companies fully adopt compliance practices.”
The ruling comes just months after a similar case in which Polaris Bank was ordered to pay ₦1 million to a customer for sending unsolicited marketing messages and refusing to stop — a sign, experts say, that a cultural shift around data rights may be underway.
Discover more from Pluboard
Subscribe to get the latest posts sent to your email.