Commission Probes 400 Cases of Privacy Breach in Online Loan Apps

The Nigeria Data Protection Commission has said it is investigating over 400 cases of privacy breaches involving online loan apps.

Cases of data privacy breaches have become prevalent in recent times due to proliferation of digital lending platforms.

The commission made this known in its 2023 Annual Report made available to The PUNCH on Thursday.

It noted that its on-going investigations had revealed that “loan apps are overly intrusive.”

NDPC is also seeking a ban or restriction on mobile numbers found to have been used by lenders to breach the privacy of their customers.

“They generally violate the principles of Data Protection and Privacy because they have access to contacts, pictures, messages, etc. of data subjects,” the commission stated.

This indicated that despite an April 2023 policy introduced by Google banning loan apps from accessing photos and contacts of users, the practice has continued.

Acknowledging that privacy breaches by loan apps are a systemic problem, the commission said it was also adopting a systemic solution by working with other regulators and third-party platforms being used by the lenders.

A user of a loan app, Haruna Michael, who spoke to our correspondent on Thursday, said that one of the digital lenders used his photos and tagged him as a fleeing criminal because he defaulted in paying the loan he received within the stipulated time.

He said his contacts were reached and he was reported as a fraudster.

“Over 400 cases of privacy breaches involving shadowy loan sharks are being addressed at the systemic level.

“The commission has now drafted the Nigeria Data Protection Act-General Application and Implementation Directive which addresses the abetment of data breaches, the need for data ethics and privacy by design and by default among others.
“Under abetment, the third-party platforms through which data privacy breaches take place will now be required to deny access to those who use their platforms for privacy breaches.

“Organisations, particularly communication networks should be willing to restrict or ban telephone lines that are implicated in privacy violations,” the commission said.

The NDPC added that it was also collaborating with regulators under the Joint Enforcement and Regulatory Taskforce to sanitise the digital lending space.

It noted that the Federal Competition and Consumer Protection Commission now required lending companies to obtain data protection clearance from NDPC before operation.