Four lending apps were found to have “nearly complete access” to borrowers’ personal and sensitive information from their mobile devices, according to the National Privacy Commission.
The Covid-19 pandemic has given rise to online lending platforms where loan applicants can get cash in just a few clicks.
These online platforms and mobile applications have proved popular among Filipinos who found themselves strapped for cash and unable to access “traditional” lending institutions due to the pandemic and the restrictions that came along with it.
However, a government agency now says users of these mobile applications could stand to lose more than just their money.
The National Privacy Commission (NPC) said on Wednesday (August 25) that at least four lending applications will be taken down from the internet and removed from Google Play Store following an investigation.
These four lending apps – JuanHand, Pesopop, CashJeep and Lemon Loan – were found to have violated data privacy laws of borrowers, according to the commission.
“These apps have been the subject of various complaints of unauthorized use of personal data that resulted in harassment and shaming of borrowers and are currently being investigated for violations of the Data Privacy Act and other NPC issuances,” NPC said in a statement posted on their social media Wednesday.
The commission added that the apps have access to a “trove of information” from borrowers’ mobile devices that can be “weaponized” for harassment and other illegal activities.
“The NPC said the apps have gained access to a trove of information in the borrowers’ mobile devices, including contacts and social media data, that are excessive and may be weaponized to harass and shame delinquent borrowers before persons in their mobile devices’ contact list to collect debts,” they said.
The commissioner stated that while the companies involved were provided enough time to respond to their report, two failed to file position papers and two failed to convince the NPC of the legality of their actions.
“These online lending apps raised many red flags and the companies operating these apps demonstrate problematic data actions that expose borrowers to serious privacy risks and harms,” NPC Commissioner Raymund Liboro said.
‘Complete access’
Based on the report of NPC’s Complaints and Investigation Division (CID) which received reports and complaints from borrowers against them, the apps had nearly complete access to the borrowers’ personal and sensitive information from their mobile devices.
These include “location, photos, media files, emails, contact lists, and data from social media platforms like Facebook, Instagram, and Google +.”
NPC noted that this level of access violates “the principles of transparency, legitimate purpose, and proportionality” in the Data Privacy Act of 2012 and the NPC issuance on the Processing of Personal Data for Loan-Related Transactions (NPC Circular No. 20-01).
JuanHand was specifically cited in its “invasive manner” of using their borrowers’ personal information.
“In particular, JuanHand, for example, has an invasive manner of using personal data. It can read a borrower’s calendar of events and confidential information, add, and modify calendar events, and send emails to contacts without the borrower’s knowledge,” NPC said.
Of the four, JuanHand has been downloaded the most from Google Play with over one million, followed by Lemon Loan and Pesopop with more than 500,000 downloads each, and then CashJeep with over 100,000 downloads.
(With report from Interaksyon.com)
Tags: #dataprivacy, #onlinelending, #privateinformation, #NationalPrivacyCommission