The Nigeria Data Protection Commission (NDPC) has said it is investigating over 400 cases of privacy breaches involving online loan apps.
Cases of data privacy breaches have become prevalent in recent times due to the proliferation of digital lending platforms.
The commission made this known in its 2023 Annual Report made available to newsmen on Thursday.
It noted that its ongoing investigations have revealed that “loan apps are overly intrusive.”
NDPC is also seeking a ban or restriction on mobile numbers found to have been used by lenders to breach the privacy of their customers.
“They generally violate the principles of Data Protection and Privacy because they have access to contacts, pictures, messages, etc. of data subjects,” the commission stated.
This indicated that despite an April 2023 policy introduced by Google banning loan apps from accessing photos and contacts of users, the practice has continued.
Acknowledging that privacy breaches by loan apps are a systemic problem, the commission said it is also adopting a systemic solution by working with other regulators and third-party platforms being used by the lenders.
A user of a loan app, Haruna Michael, said that one of the digital lenders used his photos and tagged him as a fleeing criminal because he defaulted in paying the loan he received within the stipulated time.
He said his contacts were reached and he was reported as a fraudster.
“Over 400 cases of privacy breaches involving shadowy loan sharks are being addressed at the systemic level.
“The commission has now drafted the Nigeria Data Protection Act-General Application and Implementation Directive which addresses the abetment of data breaches, the need for data ethics and privacy by design and by default among others.
“Under abetment, the third-party platforms through which data privacy breaches take place will now be required to deny access to those who use their platforms for privacy breaches.
“Organisations, particularly communication networks should be willing to restrict or ban telephone lines that are implicated in privacy violations,” the commission said.
The NDPC added that it is also collaborating with regulators under the Joint Enforcement and Regulatory Taskforce to sanitise the digital lending space.
It noted that the Federal Competition and Consumer Protection Commission now requires lending companies to obtain data protection clearance from NDPC before operation.