Inside Politics

Why your privacy is at digital lenders’ mercies customer’s

Wednesday, May 19th, 2021 00:00 |
Loan. Photo/File

Harriet James @harriet86jim

On April 20, 2021, I received a text message demanding that I pay a loan. I tried to retrace my steps back in time trying to recall whether I had mistakenly secured a loan I was currently not aware of.

However, I hadn’t. I owed no one any money. I was shocked that the lender even knew my name.

“We are calling you because the person who owes us our money has defautled on repayments and is not picking our calls,” said the call operator.

My efforts to explain myself seemed fruitless as the person from the other end of the line didn’t want to hear what I had to say. So, I just hang up the phone and moved on with life. 

The vast opportunities available in the mobile telephony sector have consequently led to the rise of digital lenders.

The high cost of living and the inability to live within thier means has resulted to the rise of the digital lending applications.  

According to the Financial Sector Deepening and Central Bank report 2019, it is estimated that there are more than 100 digital lending apps in the country.

Both mobile banking and digital loan apps have assisted in increasing household access to credit to 81.7 per cent in 2019 from 32.4 per cent in 2013. 

It is said that the need for credit among Kenyans has increased among persons with salaries ranging from Sh9,000 to Sh90,000 due to the availability of such loans.

Apart from the exorbitant interest rates and non-disclosure of payment terms, the issue of invasion of privacy is a serious concern.

Third party access

Not only do they send texts and make embarrassing phone calls to third parties on the customer’s contact list, but they also access the contact details on a borrower’s phone and send them targeted marketing messages.

Some of the messages have click bait content suggesting that a loan has been approved.

This constitutes not only to an unethical behaviour, but also it’s a breach of data protection laws.

Sara Otieno remembers her experience with the debt collectors. She received a chilling phone call about paying a debt for a person whom she didn’t even know.

The person from the other end of the call told her that her contact was in the debtor’s phone list.

“The person had a Sh1,500 debt according to the debt collector who called. When I tried to tell them that I didn’t know the person, they didn’t desire to hear any explanation and all they wanted was their money. They even had a till number ready,” she says.

Cyber security expert Paul Kathambani says one of the reasons people get calls from the mobile lending apps is because downloading some of the applications automatically means giving away your right to privacy. 

“Most people blindly click the button to accept the terms and conditions without reading them.

In those terms you give the app access to your address book as well as contact list.

In case of default the firm will embarrass you by sending messages to your contacts in hopes of pressuring you to pay the loan.

In addition, as long as you accepted the terms and conditions that stated that they can send the information to third parties and they mention those parties, then it can be difficult to pin them down,” he explains.

Paul adds that there are apps that comply with the Data Protection Act, 2019, and will not request for access to your contacts or address book.

However, if people are patient enough to read through the terms and conditions, they always indicate that they will share your personal information with the mobile firms and other agencies including Credit Reference Bureaus (CRBs) for purposes of verifying the information that you gave them.

This includes population and registration data held by the Government in the Integrated Population Registration System (IPRS).

“This they claim is part of KYC (Know Your Customer). They also reserve the right to share with CRBs.

The challenge here is because there is no information in the public domain of how individuals can access their information in the IPRS or who has access to it,” he says.

For lawful purposes

The Data Protection Act of 2019 brings into play comprehensive laws that protect the personal information of individuals.

Personal data should only be obtained if it will be used for a lawful purpose and should not in any way be processed for any means incompatible with the purpose.

“Unfortunately, you can’t avoid the texts if they already have your information.

The only hope is that the data commissioner will take action against such firms and have these firms that pry into people’s privacy punished.

When you download those apps and use the services, you accept to give them the access to your data.

Perhaps people can be selective about the apps they download and read the terms and conditions to be sure that their privacy is protected before accepting and using them,” Paul adds.

“They used your information without your consent. They are breaking the law when they do this.

The lending apps do not ask for guarantors as our members are not asked to provide them,” says Kevin Mutiso, chairman of the Board of Digital Lenders Association.

There have been various attempts to regulate the digital lending industry in Kenya.

For instance, the Competition Authority of Kenya in 2016 gave a directive to all financial services providers, including digital lenders, to ensure that they provide the details of all charges on their platforms and to make sure that their clients are aware of the charges.

In 2018, Treasury published the Financial Markets Conduct Bill that would regulate the digital lenders, which sadly haven’t been passed into law due to various contentions on its proposals.

In 2020, the Central Bank of Kenya (CBK) Amendment Bill was tabled in parliament to ensure that CBK regulates the conduct of digital financial product providers and services.

The bill is yet to be debated and passed by parliament. If it’s passed, it will compel the CBK to publish the names of all digital lenders every four months to review those that are compliant.

“We need to ensure that we have regulations that protect the customer under the customer credit code.

We also need to have a service ombudsman where customers report to and the lender can be fined,” says Kevin in conclusion.

More on Inside Politics