A widespread breach of personal data has prompted the Data Protection Commission (DPC) to warn Ghanaians against unlicensed online loan applications (apps).
In an explanation, the Executive Director of the Commission, Patricia Adusei-Poku, said her outfit has received endless complains of breaches of personal data and privacy rights from benefactors of unlicensed web-based cash loaning applications.
Digital loan services have become an increasingly easy-to-go-to avenue for people to access credit, as many are unable or ineligible to secure loans through traditional providers such as the banks.
However, in recent years, the Data Protection Commission has received a great number of complaints regarding the debt-shaming and harassment tactics employed by these online digital loan services toward defaulters.
According to a statement,
“Our background checks have established that these online loan applications are unlicensed and therefore have no authorization to operate,”
The DPC explained that digital lending apps require certain permissions upon installation, such as access to users’ private information like their contacts, text messages, location, and calendar, and that the collected data is thought to be used to screen users’ behavioral data and determine whether or not they are eligible for loans.
However, complaints from borrowers indicate that the collected data is intended to shame these borrowers into defaulting on their payments.
Additionally, other complaints suggest that, even in the event of full repayment, loan app administrators exploit borrowers’ personal information to violate their privacy rights.
Unfortunately, these apps have continued to operate unchecked, causing distress, defaming borrowers, and invading their users’ privacy.
“Some notions coming out earlier had indicated that google had pulled down these loan apps from the google play store but our checks have proved that to be an untrue statement. The apps are fully operational and available to be installed by the public,” the statement noted.
The statement added the Data Protection Commission has continued to receive several complaints that clearly describes the commotion these apps have caused the country.
“We have also assessed a few privacy notices of these apps which complicate their mode of operation as they do not show any accountability to their clients in terms of how their data is going to be used in actual fact”.
The Data Protection Act 2012 Act (843) protects users from unnecessary disclosures of their private information. Under the regulations, any data gathered should have a legitimate purpose, with a specific mandate on the data controller to let borrowers know, in simple and clear language, what data will be collected and how it would be used.
“We have looked at the privacy policies of these apps and have determined the below mentioned apps have and continue to process individuals’ personal data in a manner that is not consistent with the provisions of the Act. Below are some of them:
Ficashx; popcash; kudicredit; Cocoaloan; Popcash; smartmoney; sikapurse; Easy Loan; SoftKash; Boseafie Loans; Fourcredy; Sika dua; Creditbay; Creditlab; Akwaaba Cash; and MomCash.
Others are: Ultra Loans; Onloans; Loan Pro; Cedi Story; Machloan; Loan Galaxy; and Pro Kash.
“These loan apps have breached and continue to breach the Data Protection Act in several ways primarily as they are not registered with the Data Protection Commission” as stipulated in section (46) 3 of Act 843.
Processing personal data without registering with the commission is criminal listing these online apps as high-profile illegal entities.
“We continue to encourage data subjects who have fallen victim to submit their complaints. The Commission is ever ready to assist the police with their investigations as we have already handed over valid documents and filed complaints from Data Subjects that evidence the unlawful ways of operations of these apps. We call on the Cyber security unit of the Bank of Ghana, the National Cyber Security Authority and all other relevant agencies to rally efforts in fishing out the location of operation of these loan apps and apprehend these illegal data controllers to cease their operations,” the DPC statement further read.
It concluded that:
“We also call on the public to stay alert and refrain from downloading apps that request access to their personal and private space. We also encourage individuals to take time to read the contracts they enter to make sure their privacy is not infringed”.