The Nigeria Data Protection Commission (NDPC) has launched investigations into more than 400 cases of privacy breaches involving digital lenders, commonly known as loan apps. This move comes amid rising concerns over the intrusive nature of these apps and their handling of user data.
In its recently released Annual Report for 2023, the NDPC highlighted the pervasive nature of privacy violations by loan apps, noting that they often access sensitive user information such as contacts, photos, and messages, in violation of data protection principles. Despite efforts by platforms like Google to restrict such access, these practices persist, prompting regulatory scrutiny.
Acknowledging the systemic nature of the problem, the NDPC emphasized the need for a coordinated approach involving multiple stakeholders. The commission is drafting directives aimed at curbing data breaches and promoting data ethics, with provisions to hold third-party platforms accountable for facilitating privacy violations.
Additionally, the NDPC is collaborating with other regulatory bodies, such as the Federal Competition and Consumer Protection Commission (FCCPC), to address unethical practices in the digital lending space. This includes requiring lending companies to obtain data protection clearance before operating.
Earlier complaints lodged by consumer rights organizations like Citizens’ Gavel have underscored the urgency of addressing abuses by unlicensed digital money lenders. These complaints, fueled by over 600 consumer grievances, highlight instances of harassment, defamation, and other illegal debt collection tactics employed by these lenders.
In response, the FCCPC has introduced interim regulatory frameworks for digital lending and is considering new regulations to tackle challenges in debt recovery by loan apps. Despite progress in registering digital lenders, cases of harassment persist, prompting regulatory bodies to take further action to protect consumers and safeguard their privacy rights.