Online loan company faces data privacy breaches for allegedly ‘shaming’ borrowers to pay off debts
Owners of an online loan application that allegedly violated data privacy rules are now subject to the full force of the law and could end up with six years in prison and paying up to 6 million pesos. ‘fine.
The National Commission for the Protection of Privacy (NPC) on Friday recommended the prosecution of Fynamics Lending Inc., the operator of PondoPeso, an online lending application. Dozens of borrowers have filed complaints against the app for subjecting them to public humiliation to force them to pay.
In a 40-page decision, the AFN concluded that Fynamics and its board should be charged with violating Article 25 of the Data Protection Act (DPA).
Criminals convicted of unauthorized processing of personal information could be sentenced to three years in prison and a fine of £ 2 million. In addition, violators could be sentenced to up to six years in prison and pay up to 4 million pesos in fines.
The AFN submits its findings and relevant case documents to the Department of Justice, as it proposes to prosecute the respondents on charges of unauthorized treatment under section 25 of the DPA.
Based on complaints filed with the AFN, PondoPeso allegedly used personal information from the borrowers’ contact list without their consent or authorization. Worse yet, this personal information would have been shared with third parties, including friends, relatives and colleagues.
In some cases, these third parties would have been forced by PondoPeso to settle the loan on behalf of the borrowers.
Likewise, PondoPeso agents were accused of allegedly using borrowers’ personal information to damage their reputation to the point of forcing them to pay off their loan. In the worst-case scenarios, sensitive information against the borrowers would have been shared on social media by PondoPeso, which the AFN deemed excessive beyond what was agreed by the parties.
Privacy Commissioner Raymund E. Liboro reminded companies to comply with the provisions of the DPA and respect the data privacy rights of their customers.
He warned that the NPC would hunt down business owners and operators who exploit their borrowers by stealing their personal information and using it against them. He added that companies should comply with the DPA to protect products and services from any doubts about data privacy.
From July 2018 to July 2019, the NPC received a total of 689 complaints against online lending companies and their applications, including at least 113 against PondoPeso.
In 2019, the NPC issued a directive banning 26 online lending applications from processing personal information for breach of the DPA. The Google Play download store then removed these apps from its platform to prevent other users from accessing them.