Digital loan services have become an increasingly easy-to-go-to avenue for people to access credit, as many are unable or ineligible to secure loans through traditionalproviders such as
the banks. But in recent times, the Data Protection Commission has received tons of complaints regarding the harassment and debt shaming approaches these online digital loan services are
using to deal with defaulters.
Our background checks have established that these online loan applications are unlicensed and therefore have no authorization to operate.
The digital lending apps require certain permissions upon installation, including access to users’ private information such as their contacts, text messages, location and calendar.
One would have thought that the data collected is used to screen users’ behavioral data and assess their eligibility for loans, but complaints from borrowers indicate that the data
collected is to debt shame when these borrowers' default in payment. Other complaints also indicates that even in the event of full repayment the administrators of the loan apps take
advantage of the data in their possession to infringe on borrowers' privacy right.
Unfortunately, these apps remain largely unchecked and have continued in their operations causing distress, defaming borrowers and violating the privacy of individuals.
Some notions coming out earlier had indicated that google had pulled down these loan apps from the google play store but our checks have proved that to be an untrue
statement. The apps are fully operational and available to be installed by the public.
The Data Protection Commission has continued to receive several complaints that clearly describes the commotion these apps have caused the country. We have also assessed a few privacy
notices of these apps which complicate their mode of operation as they do not show any accountability to their clients in terms of how their data is going to be used in actual fact.
The Data Protection Act 2012 Act (843) protects users from unnecessary disclosures of their private information. Under the regulations, any data gathered should have a legitimate
purpose,with a specific mandate on the data controller to let borrowers know, in simple and clear language, what data will be collected and how it would be used.
We have looked at the privacy policies of these apps and have determined the below mentioned apps have and continue to process individuals' personal data in a manner that is not
consistent with the provisions of the Act and they are;
Ficashx popcash kudicredit, Cocoaloan, Popcash, smartmoney, sikapurse, Easy Loan, Ficash Kudicredit, SoftKash Boseafie Loans, Fourcredy, Sika dua, Creditbay and Creditlab.
Others are Akwaaba Cash MomCash, Ultra Loans Onloans, Loan Pro Cedi story, Machloan Loan Galaxy and Pro Kash just to mention a few.
These loan apps have breached and continue to breach the Data Protection Act in several ways primarily as they are not registered with the Data Protection Commission as stipulated in
section (46) 3 of Act 843. Processing personal data without registering with the commission is criminal listing these online apps as high-profile illegal entities.
We continue to encourage Data subjects who have fallen victim to submit their complaints. The Commission is ever ready to assist the police with their investigations as we have already
handed over valid documents and filed complaints from Data Subjects that evidence the unlawful ways of operations of these apps.
We call on the Cyber security unit of the Bank of Ghana, the National Cyber Security Authority and all other relevant agencies to rally efforts in fishing out the location of
operation of these loan apps and apprehend these illegal Data Controllers to cease their operations. We also call on the public to stay alert and refrain from downloading apps that request
access to their personal and private space. We also encourage individuals to take time to read the contracts they enter to make sure their privacy is not infringed.