| Authority: | NITDA |
|---|---|
| Jurisdiction: | Nigeria |
| Relevant law: | Articles 2.2, 2.3, 2.5 and 3.1(1), 3.1(7), 4.1(7) of the NDPR. |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | 11 November 2019 |
| Decided: | August 2021 |
| Published: | Yes |
| Fine: | N10million |
| Parties: | Soko Lending Company Limited |
| Case No.: | N/A |
| Appeal: | N/A |
| Original Source: | NITDA |
| Original contributor: | MZIZI Africa |
NITDA sanctioned Soko Lending Company Limited by fining it N10million for unauthorized disclosures, failure to protect customers' personal data, defamation of character as well as failure to carry out the necessary due diligence as enshrined in the Nigeria Data Protection Regulation (NDPR).
Soko Lending Company Limited offers its customers uncollateralized loans, requiring them to download a mobile application and activate a direct debit in the company’s favor. The app gains access to the customer’s phone contacts.
One complainant reported that when he missed a repayment due to insufficient funds, the company sent intrusive messages to his contacts without his consent.
Investigations revealed that the complainant's contacts, who were not involved in the loan transaction and had not consented to their data being processed, confirmed receiving these messages. Despite efforts by the agency to stop this unethical practice, Soko Loans continued. The agency secured a lien on one of the company’s accounts to push for privacy improvements, but Soko Loans rebranded and redirected payments to its other accounts.
Further investigation by NITDA found that Soko Loans embedded trackers in its mobile app that shared data with third parties without informing users or using a lawful basis.
NITDA determined that Soko Loans and its entities violated several legal provisions: