The Nigeria Data Protection Commission (NDPC) has disclosed that it is currently investigating more than 400 cases of privacy breaches involving online loan apps, News About Nigeria reports.
According to the commission’s 2023 Annual Report, which was obtained by The Punch on Thursday, the proliferation of digital lending platforms has led to a surge in cases of data privacy breaches.
The NDPC revealed that ongoing investigations have unveiled the intrusive nature of these loan apps, which often have access to users’ contacts, photos, messages, and other personal data without their consent.
Despite a policy introduced by Google in April 2023 that banned loan apps from accessing users’ photos and contacts, the NDPC noted that the practice has continued.
The commission noted that these privacy breaches represent a systemic problem and require a systemic solution.
In response to these challenges, the NDPC stated that it is collaborating with other regulators and third-party platforms used by the lenders to address the issue comprehensively.
The commission is advocating for a ban or restriction on mobile numbers associated with lenders found to have breached the privacy of their customers.
Haruna Michael, a user of a loan app, shared his experience, revealing that one of the digital lenders misused his photos and falsely labelled him as a criminal when he defaulted on a loan repayment.
To address these issues, the NDPC has drafted the Nigeria Data Protection Act-General Application and Implementation Directive, which aims to curb data breaches and promote data ethics and privacy by design.
“Over 400 cases of privacy breaches involving shadowy loan sharks are being addressed at the systemic level.
“The commission has now drafted the Nigeria Data Protection Act-General Application and Implementation Directive, which addresses the abetment of data breaches, the need for data ethics and privacy by design and by default, among others.
“Under abetment, the third-party platforms through which data privacy breaches take place will now be required to deny access to those who use their platforms for privacy breaches.”
Additionally, the commission is working with regulators under the Joint Enforcement and Regulatory Taskforce to sanitise the digital lending space.
Furthermore, the Federal Competition and Consumer Protection Commission now mandates lending companies to obtain data protection clearance from the NDPC before operating.
