Rights groups Access Now and the Center for Advancement of Rights and Democracy (CARD) called for the Commercial Bank of Ethiopia (CBE) to halt its public shaming campaign in an open letter on Wednesday.

The campaign involved CBE publicizing the personal information of customers who allegedly did not return the money they withdrew during the bank’s technical glitch on public platforms, such as its website. The glitch, which occurred on March 15, allowed customers to withdraw or transfer more money than their CBE account balances permitted.

Access Now and CARD stated that CBE violated the right to privacy under Article 26 of Ethiopia’s Constitution of 1994 and international human rights under Article 17 of the International Covenant on Civil and Political Rights (ICCPR). Ethiopia is a signatory to the ICCPR. Access Now and CARD also said that CBE did not conform to international data protection standards of informed consent under the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and the African Union Convention on Cyber Security and Personal Data Protection. The groups also emphasized that the publicly shamed customers must be presumed innocent and are entitled to their constitutional rights of privacy and a fair hearing since they have not been convicted.

Access Now and CARD called on CBE to remove the personal information of customers on public platforms immediately. The groups wrote:

[W]e call upon the CBE to initiate a transparent review of its policies and procedures regarding customer data protection, publicly commit to upholding privacy rights [] and outline steps it will take to prevent similar incidents from occurring in the future.