6 Nigerian agencies unite to fight data privacy abuse by money-lending fintechs

On May 15, 2021, I received a message from a loan company informing me that Ms. X, someone I met in 2020 during my National Youth Service Corps (NYSC), had not repaid a loan she had contracted. I had supposedly been listed as an emergency contact.

Among other things, I was told not to believe this person if they said they had reimbursed them, and also to warn them that “unfriendly measures” involving the police and the Commission for Economic and Financial Crimes (EFCC) were on the way. to be taken against him.

The message ends with a claim: “You may as well tell the debtor to withdraw if you are not aware of this LOAN because you will also be affected …”

Fast forward to June 1, 2021, and I got a similar message from the same company but about a different person. This time, while I wasn’t subtly threatened, the exact amount the person had to pay was included in the message along with the account numbers to deposit the unpaid amount into.

Again, this was someone I hadn’t had much contact with and had met during my NYSC.

In August 2021, the National Information Technology Development Agency (NITDA) fined 10 million yen for data privacy breaches on Nigeria-based microcredit platform Soko Loan Company Limited.

According to Ripples Nigeria, in October 2021, although the company has paid the fine, it appears to be on the verge of closing. However, there is no official statement from the company on this matter.

It seemed like a step in the right direction and a potential deterrent for others.

This is not a new event. Many Nigerians receive unsolicited and embarrassing text messages and WhatsApp messages from money lending companies about close friends and family, and sometimes, as in my case, barely known acquaintances.

In Kenya the story is the same, with many people reporting the same. These Kenyan credit companies, like their Nigerian counterparts, provide high interest loans with clauses essentially asking users to compromise their personal data and that of others.

On Wednesday, November 10, 2021, Immaculate Kassait, Kenya’s Data Protection Commissioner, revealed that investigations were underway into an undisclosed number of digital lenders for sharing confidential borrower data in pursuit of defaulters.

In Nigeria, on Friday November 12, 2021, NITDA announced its partnership with the Federal Competition and Consumer Protection Commission (FCCPC) to combat data privacy abuse by money lending operators.

However, as we discovered on Monday, November 15, 2021, the FCCPC is also partnering with other organizations on this issue. These are the Central Bank of Nigeria (CBN), the National Human Rights Commission (NHRC), the Independent Commission on Corrupt Practices and Other Related Offenses (ICPC) and the EFCC.

What does this mean for your data?

Photo credit: wuestenigel Flickr via Compfight cc.

To understand this, we would have to review the functions of the different agencies. To do this, as our title suggests, imagine a kitchen decor.

The first tool here is the FCCPC.

Think of the Commission as your customer service representative for all areas of the country. The FCCPC has ten strategic goals to facilitate its work – ensuring consumer satisfaction. So let’s say I contact one of the “loan defaulters” and they want to complain about the actions of the loan companies, this is a great place to start. Let’s call them pot.

The CBN is Nigeria’s supreme regulatory body in the banking sector, granting and revoking licenses in the industry while providing guidelines that must be strictly followed. Interestingly, money lending in Nigeria is regulated by different states. The CBN appears to have little to no entry into this space. So let’s call them spices.

Another important tool is the knife, and here we have the NHRC. The Commission was established in 1995 as an extrajudicial channel to help citizens fight human rights violations. Essentially see them as an additional sword outside the courts to tackle human rights violations.

The ICPC and EFCC both fight crime, but while the former focuses on corruption and other related offenses, the latter is a financial crimes agency. If, for example, during investigations a money lending company committed an offense within its jurisdiction, it could be prosecuted. Let’s call them mallet, hammering criminals.

The NITDA, as we have established here, on the other hand, among other responsibilities, has the duty to oversee IT innovations, and more specifically in this scenario, data protection. We duplicate them the water, a good base for most foods, an essential ingredient.

So what’s cooking in this kitchen?

According to the official statement of the FCCPC, all six “have resolved to cooperate, to pursue urgent execution measures against already known offenders while investigating others, as well as criminal prosecution where appropriate. A joint working group of analysts and application managers was also created and immediately activated.

Basically, we have a brigade of six different branches that go after all the money lending platforms roaming the country.

Per Hadiza Umar, Head of Corporate Affairs and External Relations, NITDA, “The agency has received over 40 petitions from members of the public about the abuse of personal data from some loan companies.

“The partnership with the FCCPC will lead to a more robust and concerted regulatory approach which we believe would provide Nigerians with the necessary breathing space against the illegal use of their personal data for money lending transactions. The partnership would involve joint investigations, law enforcement and possible prosecution. “

According to NITDA’s statement, one of the complaints it received regarding Soko Loan was filed in November 2019 by Bloomgate Solicitors on behalf of a client. During its investigations, it found several violations involving illegal processing of data and a refusal to cooperate with the Agency.

Considering the time that elapses between the receipt of complaints and the eventual fine, this partnership with other government agencies may be the right way to go. Prepare a thick broth to serve the money lending operators, trying to ensure the protection of your data.

A few days ago, on November 11, 2021, I received a WhatsApp message from another lending platform; interestingly, it was relatively short. All he asked was that I tell the person concerned to repay the loan: no threats, no account numbers, and no mention of the amount owed.

Although, still a violation of my privacy, could that mean businesses are getting suspicious? We can’t conclude based on this one post alone, but it would be interesting to see how things play out over the next few months.


Writer, Humanoid, Forever she / her, Word lover.


Looking to switch to technology? Learn to code in 1 year with AltSchool Africa. Get a software engineering degree for $ 0. Apply here.

About the author