The Data Protection Commission has cautioned the public to refrain from downloading applications that request access to their personal and private space.
The Commission also urged individuals to take time to read the contracts of applications they subscribe to, to ensure their privacy was not infringed upon.
The Executive Director of the Commission, Patricia Adusei-Poku, gave the caution following an increase in complaints about digital loan services companies harassing and using a debt shaming approach to deal with defaulters.
She said the digital loan services included, among others, Ficashx, kudicredit, Popcash, sikapurse, Ficash, SoftKash, Sika dua, Akwaaba Cash, Ultra Loans, Loan Pro, Machloan, Cocoaloan, Boseafie Loans, MomCash, Onloans and Cedi story.
She noted that other complaints had revealed that even in the event of full repayment, the administrators of the loan applications took advantage of the data in their possession to infringe on borrowers’ privacy rights.
Mrs Adusei-Poku also called on the Cyber Security Unit of the Bank of Ghana, the National Cyber Security Authority and other relevant agencies to rally efforts in fishing out the location of the operations of such loan applications and also apprehend the illegal Data Controllers to cease their operations.
Digital loan services
The executive director explained that unfortunately, digital loan services had become an easy-to-go-to avenues for a lot of people who were not eligible to secure loans through traditional providers such as the banks.
She said the Commission’s assessment on some privacy notices of the applications showed their complicated mode of operation where they did not show any accountability to their clients in terms of how their data was going to be used.
She said the Data Protection Act 2012 Act (843) protected users from unnecessary disclosures of their private information, noting that under the regulations, any data gathered should have a legitimate purpose, with a specific mandate on the data controller to let borrowers know, in simple and clear language, what data would be collected and how it would be used.
“These loan apps have breached and continue to breach the Data Protection Act as they are not registered with the Data Protection Commission as stipulated in section (46) 3 of Act 843.
“Processing personal data without registering with the commission is criminal, listing these online apps as high-profile illegal entities,” she said.
She added that their background checks also established that the online loan applications were unlicensed and therefore had no authorization to operate.
“The digital lending apps require certain permissions upon installation, including access to users’ private information such as their contacts, text messages, location and calendar,” she said.
Submit complaint
She said although reports had indicated that Google had pulled down such loan apps from the google play store, the Commission’s checks had proved otherwise.
She urged data subjects who have fallen victim to submit their complaints to the Commission.
She added that the Commission was ready to assist the police with their investigations, adding that they had handed over valid documents and filed complaints from Data Subjects as evidence of the unlawful ways of operations of these apps.
