The Nigeria Data Protection Commission (NDPC) has launched an investigation into over 400 privacy breach cases linked to loan apps.
The commission made this known via its recently released 2023 annual report while noting that its ongoing investigations have revealed that these loan apps are overly intrusive.
“They generally violate the principles of Data Protection and privacy because they have access to contacts, pictures, messages, etc, of data subjects”, the commission stated.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The NDPC is therefore seeking a ban on mobile numbers found to have been used by lenders to breach the privacy of their customers.
Acknowledging that privacy breaches by loan apps are a systemic problem, the commission said it is also adopting a systemic solution by working with other regulators and third-party platforms being used by lenders.
It said,
“Over 400 cases of privacy breaches involving shadowy loan sharks are being addressed at the systemic level. The Commission has now drafted the Nigeria Data Protection Act-General Application and Implementation Directive (NDPA-GAID) which addresses the abetment of data breaches, the need for data ethics and privacy by design and by default among others.
“Under abetment, the third-party platforms through which data privacy breaches take place will now be required to deny access to those who use their platforms for privacy breaches. Organizations, particularly communication networks should be willing to restrict or ban telephone lines that are implicated in privacy violations”.
The NDPC added that it is also collaborating with regulators under the Joint Enforcement and Regulatory Taskforce to sanitize the digital lending space, calling for more stringent laws to safeguard consumers from such unethical practices.
It further noted that the Federal Competition and Consumer Protection Commission (FCCPC) now requires lending companies to obtain data protection clearance from NDPC before operation.
It is worth noting that the issue of digital lenders otherwise known as loan apps, unlawfully obtaining the private data of consumers over defaultment of loans, has continued to be an issue of concern, due to the incessant rate at which it has continued to occur.
In recent times, these platforms have resorted to unprofessional measures of harassment, cyberbullying, and breach of data privacy of their customers who may have defaulted in their loan(s) repayment.’ In light of these events, personal data protection and privacy have become issues of great concern for a number of stakeholders.
The Federal Competition & Consumer Protection Commission of Nigeria (FCCPC) in a bid to sanitize the lending space has on several occasions delisted digital money lenders (DMLs) for violating customer privacy.
Despite the Nigeria Data Protection Bill 2023 which was signed into law on the 14th of June 2023 by President Bola Ahmed Tinubu, such unethical practices have continued to take place, as some stakeholders and commissions have swung into action to come up with new regulations that would address the challenges around breach of private data by loan apps.