On May 15, 2021, I received a message from a lending company informing me that Mrs X, someone I met in 2020 during my National Youth Service Corps (NYSC), had not repaid a loan they took. I had been supposedly listed as an emergency contact.
Among other things, I was told not to believe this person if they say they have paid back, and also warn them that “unfriendly measures” involving the police and the Economic and Financial Crimes Commission (EFCC) were about to be taken against them.
The message ends with an ominous, “You can as well tell the debtor to remove you if you do not know about this LOAN as you will be affected as well…”
Fast forward to June 1, 2021, and I received a similar message from the same company but about a different person. This time, while I was not subtly threatened, the exact amount the person was to pay was included in the message with account numbers into which to deposit the outstanding sum.
Again, this was someone I didn’t have much contact with and had met during my NYSC.
In August 2021, the National Information Technology Development Agency (NITDA) hit Nigeria-based microloan platform, Soko Loan Company Limited with a ₦10 million fine for data privacy abuse.
According to Ripples Nigeria, in October 2021, though the company has paid the fine, it seems to be on the verge of a shutdown. However, there’s no official statement from the company addressing this.
This appeared to be a step in the right direction and a potential deterrent to others.
This is not a new occurrence. Many Nigerians receive unsolicited and embarrassing text and WhatsApp messages from money lending companies about close friends and family, and sometimes, like in my case, barely known acquaintances.
In Kenya, the story is the same, with many people reporting the same thing. These Kenyan lending companies, like their Nigerian counterparts, give high-interest loans with clauses essentially asking users to compromise their personal data and that of others.
On Wednesday, November 10, 2021, Immaculate Kassait, Kenya’s Data Protection Commissioner, disclosed that investigations are ongoing regarding an undisclosed number of digital lenders for sharing borrowers’ confidential data in pursuit of defaulters.
In Nigeria, on Friday, November 12, 2021, NITDA announced its partnership with the Federal Competition and Consumer Protection Commission (FCCPC) to tackle data privacy abuse by money lending operators.
However, as we found out on Monday, November 15, 2021, the FCCPC is also partnering with other agencies on this issue. They are the Central Bank of Nigeria (CBN), the National Human Rights Commission (NHRC), the Independent Corrupt Practices and Other Related Offences Commission (ICPC), and the EFCC.
What does this mean for your data?
To understand this, the functions of the different agencies would need to be reviewed. To do this, as our headline implies, imagine a kitchen setting.
The first tool here is the FCCPC.
Think of the Commission as your customer care representative for any sector in the country. The FCCPC has ten strategic goals to aid its work — ensuring consumer satisfaction. So, say I contact any of the “loan defaulters,” and they wish to complain about the loan companies’ actions, this is an excellent place to start. Let’s call them the pot.
The CBN is Nigeria’s apex regulator in the banking sector, granting and revoking licences in the industry while providing guidelines that must be strictly followed. Interestingly, money lending in Nigeria is regulated by the various states. The CBN appears to have little to no input in this space. So, let’s call them spices.
Another important tool is the knife, and here we have the NHRC. The Commission was set up in 1995 as an extra-judicial channel to help citizens fight human rights violations. Essentially, think of them as an extra sword apart from the courts to combat human rights abuse.
The ICPC and the EFCC both fight crimes, but while the former focuses on corruption and other related offences, the latter is a financial crimes agency. If, for example, in the course of investigations, any money lending company has committed an offence under their purview, they could face prosecution. Let’s call them the mallet, hammering away at criminals.
NITDA, like we established here, on the other hand, has, among other responsibilities, the duty to oversee information technology innovations, and more specific to this scenario, data protection. We’ll dub them water, a good base for most foods, an essential ingredient.
So, what’s cooking in this kitchen?
According to the FCCPC’s official statement, all six “resolved to collaborate, pursue urgent enforcement action against already known violators while investigating others, as well as criminal prosecutions where applicable. A joint task force of analysts and enforcers was also created and immediately activated.”
Essentially, we have a brigade of six different agencies going after all erring money lending platforms in the country.
Per Hadiza Umar, Head, Corporate Affairs and External Relations, NITDA, “The Agency has received over 40 petitions from members of the public on the personal data abuse of some lending companies.
“The partnership with FCCPC will lead to a more robust and concerted regulatory approach which we believe would ensure that Nigerians get the necessary reprieve from the illegal use of their personal data for money lending operations. The partnership would entail joint investigations, enforcement and possible prosecution.”
According to NITDA’s statement, one of the complaints it received regarding Soko Loan was filed in November 2019 by Bloomgate Solicitors on behalf of a client. During its investigations, it found several violations involving unlawful data processing and refusal to cooperate with the Agency.
Considering the length of time between receipt of complaints and eventual fining, perhaps this partnership with other government agencies is the right way to go. Cooking up a thick broth to serve money lending operators, trying to ensure your data is protected.
A few days ago, on November 11, 2021, I received a WhatsApp message from another lending platform; interestingly, this was relatively short. All it asked was that I tell the person concerned to repay the loan: no threats, no account numbers, and no mention of the amount owed.
Although, still a violation of my privacy, could this mean companies are becoming wary? We can’t conclude based on this one message, but it would be interesting to see how things pan out over the next few months.
Writer, Humanoid, Forever she/her, Lover of words.
Looking to transition into tech? Learn how to code in 1 year with AltSchool Africa. Earn a diploma in software engineering at $0. Apply Here.
Is anyone talking abt how borrowers should also make prompt repayment of the loans that they enjoyed
Is anyone talking about the huge interest these bloodsucking fintechs impose on small loans?
Another important angle there, Big pimping. Although I can’t confidently say this would be addressed, it would be lovely to have all these angles tackled in a manner that ensures everyone is well, somewhat happy.
Prompt payment is a desire for borrower. Do not think u can use the current economic challenge to embarass people or invade thier data privacy, and then calling or send fake messages of character assination to all of his contact.
That is not right pls. You are one of those with such iliterate behaviour from the way u asked .
Are u aware of some that even after payment they still went to send these nasty messages to contact? Lack of proper operation mode.
These digital lenders should step up and team with banks for an auto debit to be placed on the debtors bank account and be put to lien if no fund in d acct at present.
No system is subjected to be 100% perfect at a go.
That is an important angle as well, Soji. Hopefully, this move helps restore some sanity in a manner that ensures prompt repayment without any need for people’s data to be compromised
This is move is very good, I remember when I borrowed money from getmigo, After paying back their money before the deadline, they still kept sending me messages like I haven’t payed them.
I called their customer care and complained, After that they sent me a text that they have sent a message to all of my contact that I am owing them and I haven’t paid this was like 3 weeks after I have paid them ooo
I had to send a mail to them warning them and telling them not to embarrass me alongside with the prove of my payment.
That was when they stopped the stupid play, I think its so unfair and insecure for you not only to have access to user’s personal data but to also share it.
I agree with you, Olaide. This is one of the reasons why the Privacy Roundtable is important to me. People’s personal data should not be compromised ‘anyhow’, especially when you’ve not sought their consent. Hopefully, this move helps prevent more data privacy abuse.
I was a victim of this abuse,almost commit suicide and lost my job because of the damaging messages sent to my families and friends all because I defaulted which was course by my shop being burgled. The stigma follows me up till date. I’m a single mother of two with no support from anyone trying to survive for her kids
Hello, Nafisat.
I’m really sorry you had to go through such an experience. While this may be little comfort, hopefully this move prevents others from going through the same thing. Rooting for you and your family to bounce back.