Loan Apps, Data Theft and the Age of Digital Bullying By Kabir Abdulsalam
At a recent official event, I had just wrapped up a presentation and was exchanging pleasantries with colleagues when I noticed my friend, Moshood, standing by the buffet table, his expression clouded with worry. He was glued to his phone, nodding occasionally, his brows furrowed in deep concern.
As I approached, he acknowledged me with a silent nod but remained fixated on the conversation. When he finally ended the call, he let out a frustrated sigh and turned to me, his face etched with disbelief.
“Can you imagine?” he said, waving his phone. “This is the sixth time today that people have called me, saying some loan app is telling them I owe ₦500,000!”
I was stunned. Moshood is a responsible individual, the last person to take a reckless loan. “But I never borrowed from them,” he continued, his voice laced with frustration.
As we stood there, trying to make sense of the situation, a troubling thought crossed my mind—how many more Nigerians had fallen victim to this digital harassment? The aggressive tactics of these lending apps, invading people’s privacy and publicly shaming them, had become an epidemic.
This encounter reinforced a growing reality: while digital lending platforms have made access to credit easier, they have also introduced a wave of cyberbullying, data breaches, and outright extortion.
With traditional banks imposing stringent loan conditions, millions of Nigerians have turned to digital lending platforms, drawn by the promise of instant, collateral-free credit. But behind this convenience lurks a dangerous loophole—these apps often demand sweeping access to borrowers’ phone contacts, messages, and other private data.
In the event of default, rather than following due process, these lenders resort to harassment. Borrowers’ friends, colleagues, and even distant acquaintances receive humiliating messages branding them as fraudsters. Some have lost jobs, suffered reputational damage, and even battled mental distress due to these tactics. The question remains: how did we get here, and why do these apps operate with such impunity?
Nigeria’s legal framework for data protection is anchored in Section 37 of the 1999 Constitution, which guarantees the right to privacy, including the confidentiality of telephone conversations and electronic communications. However, for years, enforcement mechanisms were weak.
To address this, the Nigeria Data Protection Regulation (NDPR) was introduced in 2019 by the National Information Technology Development Agency (NITDA). This regulation applies to all entities processing Nigerians’ personal data and sets strict guidelines on collection, storage, sharing, and consent.
One of the most infamous cases of data privacy violations came in August 2021 when NITDA cracked down on Soko Lending Company Limited (Soko Loans) after numerous complaints of privacy invasion.
Soko Loans required users to install an app that accessed their phone contacts. When borrowers defaulted, the company launched a smear campaign—sending defamatory messages to their friends and family.
Read Also:
Following an investigation, NITDA found Soko Loans guilty of failing to provide a clear privacy notice, which misled users on how their data was collected and used. The agency also determined that the company processed personal data without legal justification. Additionally, it was found that Soko Loans shared borrowers’ data with third parties without consent. The company also disregarded regulatory compliance by failing to submit mandatory audit reports.
In response, NITDA imposed a ₦10 million fine on the company and mandated a Data Protection Impact Assessment. Soko Loans was also ordered to cease its privacy-violating practices until full compliance with the NDPR was achieved.
Despite these interventions, digital lenders continued exploiting regulatory loopholes. Recognizing the urgent need for stronger legislation, President Bola Ahmed Tinubu signed the Nigeria Data Protection Act (NDPA) into law on June 12, 2023. The Act strengthens Nigeria’s data privacy framework, ensuring that digital lenders and other entities handling personal data are held accountable. It establishes the Nigeria Data Protection Commission (NDPC) and a Governing Council to oversee compliance.
The Nigeria Data Protection Act ensures that personal data is processed lawfully, fairly, and transparently. It holds digital lenders accountable for unethical practices. It gives Nigerians the right to control how their personal data is used. It provides legal recourse for victims of data privacy violations.
More than just a legal instrument, the Nigeria Data Protection Act is a significant step toward positioning Nigeria as a global player in the digital economy. By ensuring that personal data is handled ethically, the Act fosters trust, enhances cybersecurity, and promotes economic growth.
While the enactment of the Nigeria Data Protection Act is a milestone, laws are only as effective as their enforcement. To safeguard Nigerians from digital lenders’ privacy breaches and intimidation, urgent implementation is required. The government must fully operationalize the Nigeria Data Protection Commission and its Governing Council, ensuring strict oversight of digital lenders. There must be clear regulatory guidelines for enforcing the Nigeria Data Protection Act, leaving no room for loopholes. The government and relevant agencies must launch mass public awareness campaigns to educate Nigerians about their rights under the Act. Strict penalties must be imposed on violators to ensure that data processors who breach the law face severe consequences.
The Federal Competition and Consumer Protection Commission (FCCPC) and NITDA must intensify efforts to monitor loan apps and swiftly crack down on any that continue using unethical practices.
Nigeria’s fintech sector has immense potential, but its success hinges on trust. The reckless abuse of borrowers’ data by digital lenders threatens not just individuals but the credibility of the entire industry.
If Nigeria is to thrive in the digital age, personal data must remain just that—personal. It is time to enforce the Nigeria Data Protection Act, rein in rogue lending apps, and guarantee that Nigerians’ rights are not sacrificed on the altar of financial expediency.
Abdulsalam is Senior Staff writer with PRNigeria, can be reach via [email protected]
