On May 15, 2021, I received a message from a lending company informing me that Mrs X, someone I met in 2020 during my National Youth Service Corps (NYSC), had not repaid a loan they took. I had been supposedly listed as an emergency contact.
Among other things, I was told not to believe this person if they say they have paid back, and also warn them that "unfriendly measures" involving the police and the Economic and Financial Crimes Commission (EFCC) were about to be taken against them.
The message ends with an ominous, "You can as well tell the debtor to remove you if you do not know about this LOAN as you will be affected as well…"
Fast forward to June 1, 2021, and I received a similar message from the same company but about a different person. This time, while I was not subtly threatened, the exact amount the person was to pay was included in the message with account numbers into which to deposit the outstanding sum.
Again, this was someone I didn't have much contact with and had met during my NYSC.
In August 2021, the National Information Technology Development Agency (NITDA) hit Nigeria-based microloan platform, Soko Loan Company Limited with a ₦10 million fine for data privacy abuse.
According to Ripples Nigeria, in October 2021, though the company has paid the fine, it seems to be on the verge of a shutdown. However, there’s no official statement from the company addressing this.
This appeared to be a step in the right direction and a potential deterrent to others.
This is not a new occurrence. Many Nigerians receive unsolicited and embarrassing text and WhatsApp messages from money lending companies about close friends and family, and sometimes, like in my case, barely known acquaintances.
In Kenya, the story is the same, with many people reporting the same thing. These Kenyan lending companies, like their Nigerian counterparts, give high-interest loans with clauses essentially asking users to compromise their personal data and that of others.
On Wednesday, November 10, 2021, Immaculate Kassait, Kenya’s Data Protection Commissioner, disclosed that investigations are ongoing regarding an undisclosed number of digital lenders for sharing borrowers’ confidential data in pursuit of defaulters.
In Nigeria, on Friday, November 12, 2021, NITDA announced its partnership with the Federal Competition and Consumer Protection Commission (FCCPC) to tackle data privacy abuse by money lending operators.
However, as we found out on Monday, November 15, 2021, the FCCPC is also partnering with other agencies on this issue. They are the Central Bank of Nigeria (CBN), the National Human Rights Commission (NHRC), the Independent Corrupt Practices and Other Related Offences Commission (ICPC), and the EFCC.
What does this mean for your data?
To understand this, the functions of the different agencies would need to be reviewed. To do this, as our headline implies, imagine a kitchen setting.
The first tool here is the FCCPC.
Think of the Commission as your customer care representative for any sector in the country. The FCCPC has ten strategic goals to aid its work — ensuring consumer satisfaction. So, say I contact any of the “loan defaulters,” and they wish to complain about the loan companies’ actions, this is an excellent place to start. Let’s call them the pot.
The CBN is Nigeria's apex regulator in the banking sector, granting and revoking licences in the industry while providing guidelines that must be strictly followed. Interestingly, money lending in Nigeria is regulated by the various states. The CBN appears to have little to no input in this space. So, let’s call them spices.
Another important tool is the knife, and here we have the NHRC. The Commission was set up in 1995 as an extra-judicial channel to help citizens fight human rights violations. Essentially, think of them as an extra sword apart from the courts to combat human rights abuse.
The ICPC and the EFCC both fight crimes, but while the former focuses on corruption and other related offences, the latter is a financial crimes agency. If, for example, in the course of investigations, any money lending company has committed an offence under their purview, they could face prosecution. Let’s call them the mallet, hammering away at criminals.
NITDA, like we established here, on the other hand, has, among other responsibilities, the duty to oversee information technology innovations, and more specific to this scenario, data protection. We’ll dub them water, a good base for most foods, an essential ingredient.
So, what's cooking in this kitchen?
According to the FCCPC's official statement, all six "resolved to collaborate, pursue urgent enforcement action against already known violators while investigating others, as well as criminal prosecutions where applicable. A joint task force of analysts and enforcers was also created and immediately activated."
Essentially, we have a brigade of six different agencies going after all erring money lending platforms in the country.
Per Hadiza Umar, Head, Corporate Affairs and External Relations, NITDA, “The Agency has received over 40 petitions from members of the public on the personal data abuse of some lending companies.
“The partnership with FCCPC will lead to a more robust and concerted regulatory approach which we believe would ensure that Nigerians get the necessary reprieve from the illegal use of their personal data for money lending operations. The partnership would entail joint investigations, enforcement and possible prosecution.”
According to NITDA's statement, one of the complaints it received regarding Soko Loan was filed in November 2019 by Bloomgate Solicitors on behalf of a client. During its investigations, it found several violations involving unlawful data processing and refusal to cooperate with the Agency.
Considering the length of time between receipt of complaints and eventual fining, perhaps this partnership with other government agencies is the right way to go. Cooking up a thick broth to serve money lending operators, trying to ensure your data is protected.
A few days ago, on November 11, 2021, I received a WhatsApp message from another lending platform; interestingly, this was relatively short. All it asked was that I tell the person concerned to repay the loan: no threats, no account numbers, and no mention of the amount owed.
Although, still a violation of my privacy, could this mean companies are becoming wary? We can't conclude based on this one message, but it would be interesting to see how things pan out over the next few months.