During the SIM re registration exercise carried out across Ghana in 2022 and 2023, long queues became part of daily life. People waited for hours to link their numbers to the Ghana Card. The queues were sometimes long. So long that they stretched outside telecom offices, circled registration centres, and spilled into the roadside. The National SIM re registration exercise had begun, and had come with urgency. Link your number to your Ghana Card or risk losing service.
Alongside the demanding process came a quieter but persistent complaint. Now and then, someone would complain, almost in disbelief, that their identity details had already been used to register numbers they did not recognise. A strange number would appear when they dialled the short code to check. Sometimes more than one.
After the initial confusion and frustration, the usual advice followed, go to your network provider; visit the office or the registration centre and have it corrected. For many, that was where the matter ended.
What didn’t occur to many was that this wasn’t just a network error but a legal violation. It took one individual with uncommon resolve to push beyond the registration desk and into the courtroom. In a landmark decision, the Supreme Court has now confronted this reality, and given the issue a constitutional weight that will reshape data privacy in Ghana forever.
Background Story
Sometime in 2023, the appellant discovered that a Vodafone number had been registered in his name without his knowledge, consent, or authorization. More troubling, that number had also been linked to a Vodafone Cash account. About three weeks later, the number was even removed from his identity, again, without his involvement.
His personal data had been used within the system without his participation at any stage.
He commenced an action at the High Court, seeking a declaration that his right to privacy under article 18 of the 1992 Constitution had been breached. He further sought disclosure of all records relating to the number, including call logs and mobile money statements, and an award of damages.
Arguments of the Respondents
The telecommunications operator and the National Communications Authority explained that the SIM registration process involved two stages, both of which had to be completed for full registration.
They maintained that the initial stage could be undertaken by anyone with access to a Ghana Card. On that basis, they denied responsibility for the use of the appellant’s identity details.
They also indicated that the Vodafone Cash account had not been fully activated before the number was removed. In their view, the appellant had not suffered any harm, and the claim was just ‘meritless’.
Decisions of the High Court and the Court of Appeal
The High Court dismissed the action on the ground that it was premature. It held that the appellant ought to have relied on internal mechanisms designed to address such complaints.
On appeal, the Court of Appeal took a different position on that issue. It held that a person alleging a breach of a fundamental right is entitled to approach the High Court directly. Administrative processes do not stand in the way of constitutional relief.
On the merits, however, the Court of Appeal dismissed the case, holding that the appellant had not established a breach of his right to privacy.
The Supreme Court’s Ruling
The Supreme Court, by a 4-1 majority decision, ruled for the appellant.
The Court examined the structure of the registration system and the responsibilities placed on the operator and the regulator. It found that the absence of effective verification measures at the initial stage exposed personal data to misuse. This weakness enabled the registration of a SIM and the initiation of a mobile money account in the appellant’s name without his consent.
The Court treated this as a failure to meet statutory obligations relating to the protection of personal data.
It held that the use of the appellant’s identity in this manner amounted to an invasion of his privacy under Article 18. Personal data collected for identification purposes carries a duty of confidentiality, and its unauthorised use attracts constitutional protection.
The Court also considered the implications of SIM registration within the regulatory framework. Numbers linked to an individual may carry legal and financial consequences, particularly where they are used for unlawful activity. The presence of an unknown number tied to one’s identity is therefore not without risk.
Vodafone Ghana (now Telecel) was therefore ordered to pay the appellant GHS 10,000.00 as damages for the distress and exposure occasioned by the misuse of his identity.
Lessons from the Case
Privacy as a digital right: the right to privacy under article 18 now extends to your “digital home.” This means the handling of your personal data in systems like sim registration is a constitutional priority, not just an administrative issue.
Harm beyond the pocketbook: unauthorized use of your identity is a constitutional injury in itself. You can bring a claim for the breach of your digital dignity even if you haven’t suffered any direct financial loss.
The burden of the gatekeeper: institutions that collect data are now the legal guardians of that information. They bear the responsibility of ensuring their systems are secure enough to prevent misuse at the very point of entry.
Direct access to justice: when a fundamental right is at stake, the High Court’s doors are wide open. You are not required to exhaust administrative “complaint” processes before seeking a judicial remedy for a data breach.
Finally, the law now has teeth. The misuse of identity attracts real judicial protection, including the award of damages. This would serve a dual purpose: compensating the victim and acting as a deterrent. Institutions therefore warned that “gibberish” excuses for data breaches will come with a heavy legal price.
