The Data Protection Commission (DPC) has cautioned the general public against unlicensed online loan applications (apps), citing widespread violation of personal data.
In a statement, the Commission’s Executive Director, Patricia Adusei-Poku, said her outfit has received countless complaints of breaches of personal data and privacy rights from patrons of unlicensed online money lending applications.
“Digital loan services have become an increasingly easy-to-go-to avenue for people to access credit, as many are unable or ineligible to secure loans through traditional providers such as the banks. But in recent times, the Data Protection Commission has received tons of complaints regarding the harassment and debt shaming approaches these online digital loan services are using to deal with defaulters.
“Our background checks have established that these online loan applications are unlicensed and therefore have no authorization to operate,” the statement said.
The DPC explained that digital lending apps require certain permissions upon installation, including access to users’ private information such as their contacts, text messages, location and calendar and that one would have thought that the data collected is used to screen users’ behavioral data and assess their eligibility for loans. It, however, lamented complaints from borrowers indicate that the data collected is to debt shame when these borrowers’ default in payment.
Other complaints also indicate that even in the event of full repayment the administrators of the loan apps take advantage of the data in their possession to infringe on borrowers’ privacy right.
“Unfortunately, these apps remain largely unchecked and have continued in their operations causing distress, defaming borrowers and violating the privacy of individuals.
“Some notions coming out earlier had indicated that google had pulled down these loan apps from the google play store but our checks have proved that to be an untrue statement. The apps are fully operational and available to be installed by the public,” it noted.
The statement added the Data Protection Commission has continued to receive several complaints that clearly describes the commotion these apps have caused the country. “We have also assessed a few privacy notices of these apps which complicate their mode of operation as they do not show any accountability to their clients in terms of how their data is going to be used in actual fact”.
The Data Protection Act 2012 Act (843) protects users from unnecessary disclosures of their private information. Under the regulations, any data gathered should have a legitimate purpose, with a specific mandate on the data controller to let borrowers know, in simple and clear language, what data will be collected and how it would be used.
“We have looked at the privacy policies of these apps and have determined the below mentioned apps have and continue to process individuals’ personal data in a manner that is not consistent with the provisions of the Act and they are: Ficashx; popcash; kudicredit; Cocoaloan; Popcash; smartmoney; sikapurse; Easy Loan; SoftKash; Boseafie Loans; Fourcredy; Sika dua; Creditbay; Creditlab; Akwaaba Cash; and MomCash.
Others are: Ultra Loans; Onloans; Loan Pro; Cedi Story; Machloan; Loan Galaxy; and Pro Kash.
“These loan apps have breached and continue to breach the Data Protection Act in several ways primarily as they are not registered with the Data Protection Commission as stipulated in section (46) 3 of Act 843. Processing personal data without registering with the commission is criminal listing these online apps as high-profile illegal entities.
“We continue to encourage data subjects who have fallen victim to submit their complaints. The Commission is ever ready to assist the police with their investigations as we have already handed over valid documents and filed complaints from Data Subjects that evidence the unlawful ways of operations of these apps. We call on the Cyber security unit of the Bank of Ghana, the National Cyber Security Authority and all other relevant agencies to rally efforts in fishing out the location of operation of these loan apps and apprehend these illegal data controllers to cease their operations,” the DPC statement further read.
It concluded that: “We also call on the public to stay alert and refrain from downloading apps that request access to their personal and private space. We also encourage individuals to take time to read the contracts they enter to make sure their privacy is not infringed”.