Nigeria’s NITDA Sanctions Online Lending Platform Soko Loan For Privacy Invasion

By
Milcah Lukhanyu
-
0
431

Nigeria’s National Information Technology Development Agency (NITDA) has sanctioned Soko Loans, an online lending platform (Soko Lending Company Limited) for privacy invasion after receiving series of complaints against the company.

NITDA says it received complaints against for Soko Loans for unauthorized disclosures, failure to protect customers’ personal data and defamation of character as well as carrying out the necessary due diligence as enshrined in the Nigeria Data Protection Regulation (NDPR).

In November 2019, Bloomgate Solicitors filed a complaints for failure to ptotect their data. NITDA, as part of its due diligence process, commenced investigation over the alleged infractions of the provisions of the NDPR. Like most digital lending platforms, Soko Loans grants its customers uncollateralised loans and requires a loanee to download its mobile application on their phone and activate a direct debit in the company’s favour. The app gains access to the loanee’s phone contacts.

Trending
NCBA Pledges KES 13 Million to Kenyan Youth in Major Scholarship Drive

According to one of the complainants, when he failed to meet up with his repayment obligations due to insufficient credit in his account on the date the direct debit was to take effect, the company unilaterally  sent privacy invading messages to the complainant’s contacts.

Investigation revealed that complainants’ contacts who were neither parties to the loan transaction nor consented to the processing of their data have confirmed the receipt of such messages. The Agency made strident efforts to get Soko Loan to change the unethical practice but to no avail.  After the Agency’s investigation team secured a lien order on one of the company’s accounts by which it could come up with privacy enhancing solutions for its business model, Soko Loan decided to rebrand and directs its customers to pay into its other business accounts.

The Agency’s investigation further revealed that the company embeds trackers that share data with third parties inside its mobile application without providing users information about it or using the appropriate lawful basis.

NITDA has therefore found Soko Loan and its entities in violation of the following legal provisions:

  1. Use of non-conforming privacy notice, contrary to Article 2.5 and 3.1(7) of the NDPR;
  2. Insufficient lawful basis for processing personal data, contrary to Articles 2.2 and 2.3 of the NDPR;
  3. Illegal data sharing without appropriate lawful basis, contrary to Article 2.2 of the NDPR;
  4. Unwillingness to cooperate with the Data Protection Authority, contrary to Article 3.1 (1) of Data Protection Implementation Framework; and
  5. Non-filing of NDPR Audit reports through a licensed Data Protection Compliance Organisation (DPCO), contrary to Article 4.1(7) of the NDPR.

In view of the foregoing and in consideration of its implication on the privacy of Nigerians and erosion of trust in the digital economy, NITDA hereby imposes a monetary sanction of Ten Million Naira (N10,000,000) on Soko Lending Company Limited and directs that no further privacy invading messages be sent to any Nigerian until the company and its entities show full compliance with the NDPR.

NITDA also directs the company to pay for the conduct of a Data Protection Impact Assessment by a NITDA appointed DPCO on its operation; and places them on a mandatory Information Technology and Data Protection oversight for 9 months.

The agency has reported that the criminal aspects of this investigation has been deposited with the Nigeria Police and if the executives of the company are liable to imprisonment for violating Section 17 of the NITDA Act, 2007 and the agency is urging Nigerian businesses and data controllers to engage NITDA-licensed Data Protection Compliance Organisations (DPCO) to guide them towards compliance with the data protection law.

As a regulator, the Agency is poised to fully enforce the NDPR with the aim of sanitising the operating environment, instilling confidence in the digital economy and protecting the right to privacy of Nigerians. NITDA is under the supervision of the Federal Ministry of Communication and Digital Economy and empowered by Section 6(c) of the NITDA Act, 2007 to develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions in Nigeria.

Advertise on TechMoran.com — reach founders, innovators, and decision-makers

Promote your product, event, press release, or launch a report to a highly engaged tech and business audience. You can also take over our homepage for premium visibility and sponsor our monthly #TechNight events and podcasts and annual StartupEast Conference & Awards to maximize brand exposure.

Beyond reach and visibility, we have over ten years of experience in SEO-driven digital publishing and we are the best in the SEO market at helping brands grow organic visibility through high-quality editorial backlinks and strategic content placement. We are here to help you improve your search rankings and long-term discoverability. We also help improve AI discoverability, ensuring your brand is more visible across emerging AI-powered search and recommendation systems.

Your campaign will also be extended across TechMoran, BusinessTech.co.ke, and AfricanWomenNetwork.net, including their newsletters, giving you wider reach and engagement across East Africa’s leading digital audiences. Be part of the region’s biggest tech and business platforms monthly, quarterly, and annually.

Contact Sales