National Information Technology Development Agency (NITDA) has slammed Soko Loan Company Limited – a Nigeria-based microloan platform, with a fine of ₦10 million for invasion of privacy after being found guilty of illegally tampering with users’ private data.
The agency claimed this sanction is coming after it has recieved series of complaints against the company for “unauthorised disclosure, failure to protect customers’ personal data and defamation of character, and to carry out due diligence as prescribed by the Nigeria Data Protection Regulation (NDP)”
As part of its due diligence process, NITDA commenced an investigation – a first for the regulatory body – over the alleged infractions after receiving a complaint filed by Bloomgate Solicitors on behalf of its client on Monday, 11th November 2019.
Most microloan platforms don’t require collateral to disburse instant loans that can take between five minutes to 24 hours.
If a recipient defaults on their loan, the lender targets their acquaintances since they have illegal access to their contact lists. The platform sends messages to customers’ contacts to report how they have been scammed by the customer, these people could be friends, work colleagues or even in-laws.
According to the statement released by the agency, “one of the complainants, when he failed to meet up with his repayment obligations due to insufficient credit in his account on the date the direct debit was to take effect, the company unilaterally sent privacy-invading messages to the complainant’s contacts.”
The agency claimed to have made strident efforts to get Soko Loan to change its unethical practices but it refused to yield. Even to the point when the agency secured a lien order on one of the company’s accounts, Soko Loan still gave the cold shoulder to the agency’s nudging, rebranded and directed its customers to pay into its other business accounts.
“We currently have about 60-80 loan apps in Nigeria, depending on who you ask. There are like 20 unique ones, the rest are just the same company creating many apps.” D, a product specialist told TechCabal. “Sokoloan, for instance, has seven apps.”
NITDA’s investigation revealed that the company embeds trackers in its mobile application. These trackers share customers’ data with third part parties; Soko Loan also failed to provide its users with legal information about the trackers
In addition to the ₦10 million sanction, NITDA also directed that no further privacy invading messages be sent to any Nigerian until the company and its entities showed full compliance with the NDPR.
This sanction is expected to be a first of many since there are lots of complaints from users on microloans apps guilty of violating their private data. The agency is expected to continue casting an eagle eye over the sector.