NDPR: Nigerian government goes after illegal online banks over privacy violations  

The Nigerian government, at the weekend, shut down operations of online financial institutions deemed to be illegal and accused of serial violations of citizens’ privacy rights.

RELATED  NDPR: NITDA Imposes N10m Fine On Soko Loans For Privacy Invasion

The raid was carried out on Opebi Road, Ikeja, Lagos by the Federal Competition Consumer Protection Commission (FCCPC), in collaboration with the National Information Technology Development Agency (NITDA), Independent Corrupt Practices and other Related Offences Commission (ICPC), and the Nigerian Police Force.

The affected financial institutions include:  Kashkash, EasyCredit, Okash, Speedy Choice, Easy Moni and GoCash.

ALSO READ:  NDPR: NITDA Partners FCCPC To Tame Online Money Lenders Over Privacy Abuse

According to the FCCPC, the raid was carried out following series of customers’ complaints of malpractices the financial institutions notably violating their data privacy rights in their debt recovery drive.

ADVERTISEMENT

Nigeria online financial institutions have gained notoriety as loan sharks with complete disregard for the Nigeria Data Protection Regulation (NDPR), the country’s principal data protection legislation.

YOU MAY ALSO READ NITDA, Nigeria Police Team Up On NDPR Enforcement

Many online financial institutions including the legally registered ones have been accused of privacy invasion by exposing the personal data of loan defaulters to third parties. The NDPR forbids it.

Last year, NITDA imposed a five million naira fine on Electronic Settlement Limited (ESL) among other sanctions for breach of personal data by the fintech company. It similarly sanctioned Soko Lending Company Limited (Soko Loans), an online lending platform, for privacy invasion.

ADVERTISEMENT

NITDA went after Soko Loans after receiving series of complaints against the company for unauthorized disclosures, failure to protect customers’ personal data and defamation of character of loan defaulters.

According to the Chief Executive Officer, FCCPC, Babatunde Irukera, “Section 17(a) of the FCCPA, 2019 empowers the commission to administer and enforce provisions of every Nigerian law with respect to competition and protection of consumers.”

Following mounting accusations of privacy violations by customers of the financial institutions, the FCCPA is under obligation to act. He said the agency had begun investigations into the allegations since 2020.

ADVERTISEMENT

His words, “This information started quite a while ago. Some time ago, when the country was on lockdown in 2020 due to the pandemic, we started seeing the rise in money lenders. Because there was lockdown due to the pandemic, people needed small easy loan which is understandable. But over a period of time, people started complaining about the malpractices of the lenders, so we started tracking it”

The NDPR issued by the NITDA January 2019 in pursuant to Section 32 of the NITDA Act 2007 as subsidiary legislation to the NITDA Act 2007, guide against abuse of privacy rights.

Since it became operational in 2019, N ITDA has fostered inter-agency collaborations with the ICPC|, Niger Police and FCCPA to fully implement the provisions of the NDPR

In 2021, part of the offences of Soko Loans under the NDPR were:  

1. Use of non-conforming privacy notice, contrary to Article 2.5 and 3.1(7) of the NDPR;
2. Insufficient lawful basis for processing personal data, contrary to Articles 2.2 and 2.3 of the NDPR;
3. Illegal data sharing without appropriate lawful basis, contrary to Article 2.2 of the NDPR;
4. Unwillingness to cooperate with the Data Protection Authority, contrary to Article 3.1 (1) of Data Protection Implementation Framework; and
5. Non-filing of NDPR Audit reports through a licensed Data Protection Compliance Organisation (DPCO), contrary to Article 4.1(7) of the NDPR.

“Towards the end of last year, we gathered quite a lot of information. We started working with some other key agencies and the FCCPC led the meeting where we all agreed there would be a joint effort to look into these businesses,” said Irukera, adding that the interest rate charged by online financial institutions appear to violate the ethics of how lending is done.

According to the FCCPC boss “The key two things that were subject of concern were what seems to be the naming and shaming violation of people’s privacy with respect to how these lenders recover their loans.”

“Secondly, the interest rate seems to be a violation of the ethics on how lending is done. So, those were the two things that we set out to look for.”

A worried Irukera added:

“We found out that most of these companies operate from the same place. We also found out that many of them are actually operated by the same person. They are not Nigerian companies, they don’t have an address in Nigeria and they are not registered in Nigeria with the Corporate Affairs Commission and they do not have any licence to do their business”

“Essentially, what they have is an app, and so we started gathering more information about them. We engaged the public and the people who had been their victims. They gave us more information”

There will be more raids,  Irukera assured.

“It doesn’t also mean that the people we are proceeding against today are the only ones, no. We want to start with them. We also understand that they are between five and seven companies operating at the same location.”