The Nigeria Data Protection Commission (NDPC) is probing over 400 incidents of privacy violations linked to digital lenders, commonly referred to as loan apps, the agency has said.
The data protection agency is advocating for a prohibition or limitation on mobile numbers used by digital lenders to infringe upon the privacy of their clients.
These are some of the highlights of the NDPC Annual Report 2023 released recently by the data protection agency which reported that its ongoing investigations have revealed that “loan apps are overly intrusive.”
“They generally violate the principles of Data Protection and Privacy because they have access to contacts, pictures, messages, etc. of data subjects,” NDPC noted about the loan apps that have come under a barrage of public complaints in the last few years over privacy violations and other infractions.
NDPC to tighten rules for loan apps
“They generally violate the principles of Data Protection and Privacy because they have access to contacts, pictures, messages, etc. of data subjects,” NDPC noted about the loan apps that have come under a barrage of public complaints in the last few years over privacy violations and other infractions.
This indicated that despite an April 2023 policy introduced by Google banning loan apps from accessing photos and contacts of users, the practice has continued.
Acknowledging that privacy breaches by loan apps are a systemic problem, the Nigerian data protection agency said it is also adopting a systemic solution by working with other regulators and third-party platforms being used by the digital lenders.
NDPC explained that “over 400 cases of privacy breaches involving shadowy loan sharks are being addressed at the systemic level.”
To further address the privacy breaches, NDPC said it ““The Commission “has now drafted the Nigeria Data Protection Act-General Application and Implementation Directive (NDPA-GAID) which addresses the abetment of data breaches, the need for data ethics and privacy by design and by default among others.”
According to the data protection agency, “under abetment, the third-party platforms through which data privacy breaches take place will now be required to deny access to those who use their platforms for privacy breaches.”
NDPC also explained that “organisations, particularly communication networks should be willing to restrict or ban telephone lines that are implicated in privacy violations.”
The Nigerian data protection agency said it is also collaborating with regulators under the Joint Enforcement and Regulatory Task Force, to sanitise the digital lending space. Under this plan, the Federal Competition and Consumer Protection Commission (FCCPC) now requires lending companies to obtain data protection clearance from NDPC before operation, the data protection agency said.
