The National Information Technology Development Agency has sanctioned Soko Lending Company Limited, an online lending platform, with a fine of N10m for privacy invasion.
This was contained in a press statement titled ‘NITDA sanctions Soko Loan for privacy invasion’ issued by NITDA’s spokesperson, Hadiza Umar, on Tuesday.
The statement said, “This action was taken after receiving series of complaints against the company for unauthorised disclosures, failure to protect customers’ personal data and defamation of character as well as carrying out the necessary due diligence as enshrined in the Nigeria Data Protection Regulation.”
It added, “One of such complaints filed by Bloomgate Solicitors on behalf of its client, the data subject, was received on Monday, 11th November 2019. NITDA, as part of its due diligence process commenced investigation over the alleged infractions of the provisions of the NDPR.
“According to one of the complainants, when he failed to meet up with his repayment obligations due to insufficient credit in his account on the date the direct debit was to take effect, the company unilaterally sent privacy invading messages to the complainant’s contacts.
“Investigation revealed that complainant’s contacts who were neither parties to the loan transaction nor consented to the processing of their data have confirmed the receipt of such messages.
“The agency made strident efforts to get Soko Loan to change the unethical practice but to no avail. After the agency’s investigation team secured a lien order on one of the company’s accounts by which it could come up with privacy enhancing solutions for its business model, Soko Loan decided to rebrand and direct its customers to pay into its other business accounts.
“The agency’s investigation further revealed that the company embeds trackers that share data with third parties inside its mobile application without providing users information about it or using the appropriate lawful basis.”
NITDA said it found Soko Loan to be in violation of the use of the non-conforming privacy notice, contrary to Article 2.5 and 3.1(7) of the NDPR.
For the alleged breaches of privacy data, NITDA imposed a monetary sanction of N10m on Soko Loan.
It also directed that no further privacy-invading messages be sent to any Nigerian until the company and its entities showed full compliance with the NDPR.