The Nigeria Data Protection Commission (NDPC) is currently investigating over 400 cases of privacy breaches involving digital lenders, popularly known as loan apps.
This is even as the data protection authority is seeking a ban or restriction on mobile numbers found to have been used by lenders to breach the privacy of their customers.
The Commission in its Annual Report 2023 released recently, noted that its ongoing investigations have revealed that “loan apps are overly intrusive”. This is, however, an already known fact considering the barrage of complaints by loan app users over the years.
- “They generally violate the principles of Data Protection and Privacy because they have access to contacts, pictures, messages, etc. of data subjects,” the Commission stated.
This indicated that despite an April 2023 policy introduced by Google banning loan apps from accessing photos and contacts of users, the practice has continued.
Systemic problem
Acknowledging that privacy breaches by loan apps are a systemic problem, the Commission said it is also adopting a systemic solution by working with other regulators and third-party platforms being used by the lenders.
- “Over 400 cases of privacy breaches involving shadowy loan sharks are being addressed at the systemic level.
- “The Commission has now drafted the Nigeria Data Protection Act-General Application and Implementation Directive (NDPA-GAID) which addresses the abetment of data breaches, the need for data ethics and privacy by design and by default among others.
- “Under abetment, the third-party platforms through which data privacy breaches take place will now be required to deny access to those who use their platforms for privacy breaches.
- “Organizations, particularly communication networks should be willing to restrict or ban telephone lines that are implicated in privacy violations,” it said.
The NDPC added that it is also collaborating with regulators under the Joint Enforcement and Regulatory Taskforce, to sanitize the digital lending space. It noted that the Federal Competition and Consumer Protection Commission (FCCPC) now requires lending companies to obtain data protection clearance from NDPC before operation.
More complaints
Earlier this year, Citizens’ Gavel, a consumer rights organization, has lodged a formal complaint with FCCPC, urging immediate action against 30 unlicensed digital money lenders operating in Nigeria.
The group’s investigation, sparked by over 600 consumer complaints, identified these lenders as employing “crude, unprofessional, and illegal means” to collect debts, including defamation, cyberbullying, and even death threats.
It implored the FCCPC to collaborate with stakeholders such as the Central Bank of Nigeria (CBN) and the National Information Technology Development Agency (NITDA) to thoroughly address alleged abuse and unethical practices of unregistered and unlicensed digital money lenders in the country.
- “Citizens’ Gavel has identified a disturbing trend where unlicensed digital money lenders employ crude, unprofessional and illegal means to coerce customers into settling outstanding debts.
- “With over 600 complaints received against these entities, our investigations have meticulously pinpointed 30 companies engaged in unethical practices.
- “We note the importance of the FCCPA 2018, the cornerstone legislation for regulating competition and safeguarding consumer rights in Nigeria.
- “Despite these regulations, loan apps continue to engage in unethical conduct, including defamation and unfair business practices.
- “Citizens’ Gavel implores the FCCPC to collaborate with stakeholders such as NITDA, CBN, and NDPC to comprehensively address the abuse and unethical practices of unregistered and unlicensed digital money lenders,” the organization said in a statement signed by its Communications Associate, Ms Rachael Adio.
The organization also said that it had compiled a comprehensive report, including evidence of defamation and Corporate Affairs Commission search reports, serving as annexures. It called for specific and more stringent laws to safeguard consumers from misleading advertisements, false claims, and deceptive practices.
FCCPC’s role
The FCCPC in its efforts to sanitize the digital lending space introduced the Limited Interim Regulatory/Registration Framework and Guidelines for Digital Lending, 2022.
However, while over 260 digital lenders have been registered as of the last count, cases of harassment and defamation of loan app customers have continued, although the FCCPC said it has reduced by 80% as of last year.
Interestingly, the Commission has most recently acknowledged that the problem is still raging. In response to that, the Acting Executive Vice Chairman/CEO of the FCCPC, Dr Adamu Abdullahi, said the Commission is coming up with a new regulation that would address the challenges around debt recovery by the loan apps.