Digital Lenders Are Blatantly Abusing Data Protection Laws and They Don’t Care

Too many phone calls from their agents even before the due date; uncalled for penalties, lack of confidentiality; contacting your contact list to probe you to pay.


There a ton of mobile lending apps out there; and they have thrived because the online lending space is unregulated, to say the least, and that the majority of Kenyans find themselves in a financial fix. These people are likely listed by the CRB, which means that they cannot access traditional banking institutions for loans.

The next stop? Seek the help of online loan sharks that masquerade as digital lenders. These are companies that have somehow managed to reap the benefits of their vices in the Kenyan space for a long time now, and having honed their craft, they continue to remain appealing to customers who seek their services.

READ MORE: Exploitative Loan Apps Deserve A Quick, Painful Death

Two things should be taken into account: first, these lenders never want to establish your creditworthiness – they will dish out a loan to you; and secondly, and since the leans are not secured, the interest rates are hilariously high with shorter (a max of two weeks) payment period. For instance, you can request for a KES 6000 loan and you will only receive KES 4000, and after a fortnight, you must clear that loan else you would have to endure pure harassment from these people, including them illegally accessing your addresses in a bid to shame you.

These issues have been raised by customers before, and regulators are not doing anything to protect customers. Ajua, the research firm that tracks business data to empower companies has revealed that digital lenders have doubled up on this kind of harassment for defaulters based on an analysis that was conducted for the 2021 Q1 period.

It gets worse: Ajua says that these lenders are deliberately ignoring data privacy laws that have since been put into force in an effort to recover their loans. They call random contacts using a defaulters contacts address (uploaded to them when setting up the loan apps), or go as far as tagging the defaulter’s profile on social media platforms.

The shaming tactics have heightened over the pandemic, a period which people have been trying to alleviate their financial constraints through loans.

Here are some testimonies:

I was working with a private company before corona face three lockdown, they threatened to use my profile photos in my social media accounts to create a group to raise money for me, to take money on my M-PESA account by force.

Too many phone calls from their agents even before the due date uncalled for penalties lack of confidentiality-contacting your contact list to probe you to pay.

The cases are against data protection laws, which are bundled under the Data protection Bill 2019 that went live in the same year.

According to Ajua’s Data Protection Officer John Walubengo, the laws were put in place to ensure that Kenyans are not subject to gross abuses as demonstrated by digital lenders’ loan recovery processes.

These laws enhance the rights of the consumers allowing them to exercise their rights to ownership of the personal data that enterprises collect about them. Such rights include but are not limited to the right to consents, right to be forgotten, right to data rectification, right to be informed of data breaches amongst others. – John Walubengo

It is not clear why Kenya’s data commissioner office has not picked up on these abuses to restore some sanity in the space, and why these lenders are blatantly ignoring the law that has been in practice for more than one year.

The risk of infringing on privacy across the board is growing by the day given the increased volume of data being collected by companies and advances in the technology for processing them. Mobile money lenders as well as other industries should be mindful of personal data and educate themselves on data privacy compliance to avoid running into any problems with the law. – Ajua