Forty Digital Credit Providers (DCPs) are under investigation over suspicion of breaching data privacy laws following complaints from customers, the Office of the Data Protection Commissioner (ODPC) has revealed.
In a statement dated Wednesday, October 5, 2022, the ODPC revealed that it had received a total of 1,030 complaints from Kenyans of which 555 were admitted. Of those 299 were lodged against digital lenders which represents about 54% of all cases admitted.
“The ODPC wishes to notify the public that it is conducting preliminary documentary assessment on 40 Digital Credit Providers (DCPs) whose practices regarding the processing of personal data has been raised to the Data Commissioner as complaints by various members of the public,” the statement reads in part.
The DCPs in question include:
It is important to note that digital credit providers listed above are yet to be found to in breach of data protection laws as the ODPC outlines below.
“During the audit process, the aforementioned DCPs will be required to provide the ODPC with requisite documents by October 18, 2022 failure to which they will be deemed to have failed to cooperate with the office which is an offence under Section 61 of the Data Protection Act [Obstruction of Data Commissioner],” the statement further reads.
Read Also: Only 10 Digital Lenders Have CBK Approval
The Data Protection (Complaints Handling and Enforcement Procedures) regulations, 2021 took effect in February 2022 paving way for data subjects to file complaints and report data breaches to the Data Commissioner.
Pursuant to Section 58(3) of the Data Protection Act, 2019, any person who, without reasonable excuse, fails to comply with an enforcement notice commits an offence and is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both.
“We want to assure the public that the complaints received will be investigated and concluded accordingly,” Data Commissioner, Immaculate Kassait stated.
This comes at a time when digital lenders have come under the supervision of the Central Bank of Kenya after years of operating unregulated.
As of September 17, when the 6-month window to apply for a CBK licence for unlicensed DCPs lapsed, the apex bank had received a total of 288 applications. Only 10 of those had received CBK approval. These are:-
The remaining applications are at different stages in the licensing process with the CBK saying it is awaiting the submission of requisite documents.
“We urge these applicants to submit the pending documentation expeditiously to enable completion of the review of their applications.”
As regards digital lenders who failed to meet the September 17 deadline of applying for a CBK licence, the regulations require them to cease operations.
The push for regulation was hinged on what was seen as abusive practices that some digital lenders stand accused of including aggressive collection practices, debt shaming and predatory interest rates.
Late 2021 digital lenders were also required to make borrowers aware of interest rates, other loan charges, late payment penalties and rollover fees before issuing out loans.
The Competition Authority of Kenya (CAK) said digital lenders had to adopt the same model used by mobile money operators, where all costs associated with a transaction are displayed before the transaction is confirmed.
A study done by CAK found that 73% of Kenyans were not aware of the cost of loans they had borrowed from digital lenders.