Regulator trains guns on digital lenders over customer data privacy

The Data Protection Act prohibits companies from collecting personal data from Kenyans without obtaining informed consent from users. [Istockphoto]

Digital lenders face millions of shillings in penalties for failing to comply with the Data Protection Act 2019.

The Office of the Data Protection Commissioner (ODPC) has launched an audit of 40 digital lenders following complaints from members of the public about the entities’ use of their data.

“As of September 30, 2022, the ODPC had received 1,030 complaints, the office admitted 555 of those cases, including 299 that involved digital lenders, representing 54% of all admitted cases,” a statement from the desk. Some of the digital lenders to be audited include Tala, Branch, Coopesa, Fairkash, Flexi Cash, Hela Credit, Skypesa, Mokash, and Zash Loan.

The ODPC now says digital lenders have two weeks to provide the regulator with required documentation or risk enforcement action under Section 61 of the Data Protection Act 2019.

The law prohibits companies from collecting personal data from Kenyans without obtaining informed consent from users.

The law also prohibits companies from using personal data for direct marketing purposes without informing the subjects. This includes online advertisements targeted at consumers based on their browsing history as well as promotional material sent directly to consumers via text message.

The law also allows users who have suffered harm due to the misuse of their personal data to seek compensation for damages, including financial loss and distress. The ODPC said yesterday it had issued an enforcement notice against a private hospital after an employee of the facility then improperly contacted a patient who had visited the hospital.

“The Data Commissioner has directed the Hospital to describe the specific actions it will take to mitigate or eliminate the breach or contravention and to rectify and/or establish structures within which the actions will be implemented. within 30 days,” the statement read.

The latest ODPC audit follows a crackdown on unlicensed digital lenders by the Central Bank of Kenya (CBK) which sought to weed out rogue gamers. Earlier this year, CBK gave digital lenders until September 17 to obtain operating licenses or cease operations.

“The licensing and oversight of digital credit providers has been precipitated by concerns raised by the public about the predatory practices of unregulated players and in particular their high costs, unethical debt collection practices and abuse of personal information,” CBK Governor Patrick Njoroge told a press conference. a previous press conference.

A recent report by the Center for Intellectual Property and Information Technology Law and Citizen Labs at Strathmore University revealed that several digital lending apps in Kenya are linked to tracking and advertising software, with some linked to third-party platforms such as Facebook.

Apps, which run on startup and even prevent the phone from going to sleep, have been found to read contacts, location data and gain access to network connectivity data, all of which are used to profile the borrowers.

Branch, for example, requires users to give it permission to record audio while Tala has the power to create accounts on its users’ devices, set passwords and use those accounts.

Comments are closed.