NITDA fines N 10million on online lending platform Sokoloan for invasion of privacy
The National Information Technology Development Agency (NITDA) imposed a penalty of N 10 million on an online lending platform, Soko Lending Company Limited (Soko Loans), for breach of data privacy .
This was revealed in a press release by NITDA spokesman Hadizar Umah.
According to NITDA, she has received a series of complaints against the company, including “unauthorized disclosures, failure to protect customer personal data and defamation.”
“One such complaint filed by Bloomgate Solicitors on behalf of its client, the affected person, was received on Monday, November 11, 2019. NITDA, as part of its due diligence process, has initiated an investigation into the breaches presumed to the provisions of the NDPR. .“
NITDA said its investigations have shown that Soko Loans gives its clients unsecured loans and requires a lender to download their mobile app to their phone and activate a direct debit in favor of the company, which allows the application to access phone contacts of the lender.
“According to the complainants, when he did not fulfill his repayment obligations due to insufficient credit on his account on the effective date of the direct debit, the company unilaterally sent life threatening messages private to the complainant’s contacts,“, We read in part in the press release.
NITDA also said it found that Soko’s loans also incorporated trackers that share data with third parties in its mobile app without providing users with information about it or using the proper legal basis.
After its investigation, NITDA said it found Soko loans guilty of using non-compliant privacy notice, insufficient legal basis for processing personal data, illegal sharing of data without a basis appropriate legality, unlike the Nigerian Data Protection Regulation.
NITDA also said that Soko’s loans were guilty of refusing to cooperate with the Data Protection Authority, contrary to Article 3.1 (1) of the Data Protection Implementation Framework; and non-filing of NDPR audit reports through an approved data protection compliance body (DPCO), contrary to NDPR Article 4.1 (7).
In addition to a penalty of N10million, NITDA ordered that no further privacy-invasive messages be sent to a Nigerian until the company and its entities fully comply with NDPR and ordered the loan. of Soko to pay for the conduct of a data protection impact assessment by an NITDA named DPCO on its operation.
The agency also imposed mandatory information technology and data protection monitoring for 9 months on Soko loans.
NITDA said criminal aspects of the investigation have been filed with Nigerian police to determine whether company executives face jail time for violating section 17 of the NITDA Act of 2007 .
“NITDA therefore uses this medium to remind all Nigerian companies and data controllers of their obligation to engage NITDA-approved Data Protection Compliance Organizations (DPCOs) to guide them towards compliance with the Data Protection Act. Data protection.
Why it matters
Soko Loans is not the only online loan company that invades user privacy. Most loan applications and microcredit companies use this method as an easy way to ensure people repay their loans to avoid embarrassment. This is because one of their main selling points is the lack of secured loans.
This decision by NITDA will force these loan applications to devise new ways to get their money back that does not involve invasion of privacy.