The Nigeria Data Protection Commission (NDPC) is currently engrossed in investigating more than 400 instances of privacy breaches involving digital lenders, commonly known as loan apps. This endeavor unfolds amidst the Commission’s pursuit of a ban or limitation on mobile numbers linked to privacy infringements by these lenders.
In its recently unveiled Annual Report for 2023, the Commission underscored the pervasive intrusiveness of loan apps, which consistently violate principles of data protection and privacy by accessing users’ contacts, photos, messages, and more. Despite Google’s April 2023 policy aimed at curbing such practices, the unauthorized access persists.
Recognizing the systemic nature of privacy breaches facilitated by loan apps, the Commission is pursuing systemic solutions, collaborating with regulators and third-party platforms utilized by these lenders. Over 400 cases of privacy breaches are being tackled systematically, with the Commission drafting the Nigeria Data Protection Act-General Application and Implementation Directive (NDPA-GAID) to address data breaches, promote data ethics, and enforce privacy by design.
Furthermore, the NDPC is collaborating with regulators through the Joint Enforcement and Regulatory Taskforce to sanitize the digital lending sphere. Notably, the Federal Competition and Consumer Protection Commission (FCCPC) now mandates lending companies to obtain data protection clearance from NDPC before commencing operations.
Earlier this year, Citizens’ Gavel, a consumer rights organization, lodged a formal complaint with the FCCPC against 30 unlicensed digital money lenders operating in Nigeria. Their investigations, fueled by over 600 consumer complaints, uncovered egregious practices including defamation, cyberbullying, and death threats in debt collection.
Citizens’ Gavel implores the FCCPC to collaborate with stakeholders such as the Central Bank of Nigeria (CBN) and the National Information Technology Development Agency (NITDA) to comprehensively address the abuse and unethical practices of unregistered and unlicensed digital money lenders.
In response to these concerns, the FCCPC introduced the Limited Interim Regulatory/Registration Framework and Guidelines for Digital Lending, 2022. While over 260 digital lenders have been registered, cases of harassment and defamation persist, albeit reduced by 80% as of last year.
Acknowledging the ongoing challenges, the Acting Executive Vice Chairman/CEO of the FCCPC, Dr. Adamu Abdullahi, affirmed the Commission’s commitment to crafting new regulations to address debt recovery challenges posed by loan apps.