BLOG
There has been a geometric increase in the use of Digital lending platforms (LendTechs) in recent times. These platforms have made loans easily accessible, reduced cumbersome documentation and increased prompt payouts. However, the practices of some of these LendTechs are riddled with disregard for adequate measures in the areas of data protection, cybersecurity, and consumer protection.
On 19 February 2021, Ikigai Innovation Initiative, in conjunction with NaijaSecForce, Regcompass, and Tech Hive Advisory Limited, published a comprehensive report titled: “Digital Lending: Inside the Pervasive Practice of LendTechs in Nigeria.
The report dived into the world of digital lending in Nigeria from privacy, data protection, security, and consumer protection perspectives. The report examined 22 (Twenty-Two) mobile
apps and websites and 10 mobile apps for security compliance.
Our findings
The report found violations of data protection and consumer protection law. The highlights are:
● Use of dark patterns to manipulate users
● We found instances where debt recovery relied on the threat of social disgrace and false allegation of crime against Users
● We found the use of unfair, unreasonable and unjust contractual terms in the terms of use
● Use of incomplete or absence of privacy notice
● We made a data subject access request to two and they did not acknowledge or respond to the request
● More than half of the Apps had trackers embedded in them without notifying users or using the appropriate lawful basis
What we have done so far
On 11th May 2021, we filed a complaint with the National Information Technology Development Agency (NITDA), Central Bank of Nigeria (CBN) and the Federal Competition and Consumer Protection Commission (FCCPC) requesting the regulators to investigate the pervaissive practices.
Regulators response
NITDA and FCCPC responded to our complaint and promised to investigate.
● According to NITDA, it has already commenced an investigation against one of the LendTechs and a decision will be announced soon.
● The FCCPC commends our intervention as “timely and most relevant” and the complaint has been forwarded to their legal team for an opinion.
● We are yet to get a response from the CBN, but are monitoring the development.
Our recommendations
● The need for improved regulation and close monitoring of the LendTech industry;
● The use of privacy-preserving models for LendTech applications and websites;
● Improved transparency in terms of use and privacy notice to genuinely reflect their processing activities;
● The separation of terms of use from privacy notices;
● Improvements in security from the design stage;
● Embedding privacy by design;
● App store owners should enforce their App hosting rules and delist Apps that fail to meet the minimum standard;
● Regulation of the use of dark patterns; and
● Raising awareness of Users.