Have you ever received a phone call from a stranger asking you to help them recover a loan from someone you know? If yes, then you are not alone. Many Ugandans have been harassed by online money lenders who access their contacts without their consent and use them to pressure borrowers to repay their loans. This is a clear violation of data privacy and a threat to personal dignity.
According to Article 27 of the Constitution of Uganda, every person has a right to respect for their privacy, which includes the protection of their personal data. In 2019, Uganda enacted the Data Protection and Privacy Act, which regulates the collection and processing of personal data and provides for the rights and obligations of data subjects, data collectors, data processors and data controllers. The Act also establishes the National Information Technology Authority (NITA) as the supervisory authority for data protection and privacy in Uganda. However, the Act has not been fully implemented and many online money lenders operate without complying with its provisions.
One of the common practices of online money lenders is to require borrowers to grant them access to their contacts as a condition for getting a loan. This allows them to collect and process personal data of third parties without their knowledge or consent. They then use this data to contact the borrowers’ relatives, friends or colleagues and ask them to help them recover the loan or inform them about the borrower’s debt situation. This can cause embarrassment, stress, anxiety and damage to the borrower’s reputation and relationships. For example, one borrower reported that he received over 100 calls from different numbers in one day from an online money lender who also contacted his boss, his wife and his pastor. Another borrower said that she was threatened with legal action and public shaming if she did not pay back her loan on time.
Online money lending applications in Uganda are exploiting the lack of awareness and enforcement of data protection and privacy laws in the country. They are violating the rights of borrowers and their contacts by accessing and using their personal data without their consent. This is unacceptable and unethical. The government should take urgent steps to implement the Data Protection and Privacy Act and ensure that online money lenders comply with its requirements. The NITA should monitor and regulate the activities of online money lenders and impose sanctions for any breaches of data protection and privacy. The public should also be educated about their rights and responsibilities under the Act and how to protect their personal data from unauthorized access and misuse.
We conducted a study on 5 loan mobile application and this is what we noticed with their terms and conditions
Hello and Welcome,
In order to promptly determine your qualification for a loan and speed up the release of funds, the subsequent permissions are essential.
For a thorough evaluation of credit risk, clipboard data is extracted from your device. This encompasses details pertinent to financial transactions, such as sender’s identity, nature of transaction, and the sum involved. The prime objective of gathering this information is to carry out an exhaustive risk analysis. By inspecting these transaction specifics, we gain insights into your financial reliability, thereby enabling well-informed lending decisions. We take data security seriously; hence, rest assured that your clipboard information will be transmitted securely to our servers at https://abc.com, using robust encryption standards. Unauthorized access, data compromise, or any misuse is rigorously guarded against.
We amass and scrutinize your device’s location data to fine-tune our risk assessment metrics and customer scoring. This location information is uploaded securely to our server (https://api.quicksente.com/api).
Text message logs are gathered, with specific attention to those linked to financial activities. This involves monitoring sender names, transaction explanations, and transaction amounts to assist in risk analysis. This data informs your financial and risk portfolio, affecting your loan options. Personal text messages are not subject to surveillance, storage, or sharing. After you provide clear approval, the relevant text message data is uploaded securely to our server at (https://abc.com).
We obtain a host of device-specific metrics, inclusive of the device’s make, model, regional and language configurations, unique identification codes like IMEI and serial numbers, and software status. Additionally, a list of installed apps on your device is collected to gauge your borrowing behavior and financial standing. All this data is securely uploaded to our server (https://abc.com) and is crucial in forestalling unauthorized devices from acting on your behalf, thereby averting fraud.
All the compiled data is stored on our server (https://abc.com) within a fortified network environment, and it remains confidential, not to be disclosed to any external entities.
Voice Call Records
Upon receiving your distinct approval for call log access, we will initiate a voice call to you. We’ll then document your call timings, incoming and outgoing numbers, and associated names. This enables us to validate that you are using your designated mobile device to download our app and for OTP verifications. To corroborate this, we conduct a call and then examine your call logs to verify reception of said call. This adds an additional layer of trustworthiness to your credit profile. All this information will be securely uploaded to our server (https://abc.com) only upon receiving your explicit agreement.
Usage of Gathered Data
The collected data serves multiple purposes. Firstly, it is employed to offer you our Service. Secondly, this data is instrumental in validating your identity and constructing credit score models to ascertain loan options available to you. Additionally, this data is utilized for credit reporting and debt recovery activities.
Data Collection Parameters
At the point of Service registration, we capture essential identifiers such as your bank and phone numbers, potentially along with your name, age, video, image, media, and other modes of contact. This information is used to cross-verify your identity with external agencies, including your designated emergency contacts. We also amass device-oriented data to fortify our credit rating system. This consists of device manufacturer details, software attributes, and unique user identification. Alongside, we gather your email records, phone directory, and other device behaviors, such as SMS history and geolocation data. This is further supplemented by information acquired from third-party resources like credit agencies and financial organizations. Registering for our Service constitutes your consent to the collection and handling of the above-mentioned data.