Privacy body orders online lending apps shut down

MANILA, Philippines — The National Privacy Commission (NPC) has ordered the immediate takedown of the mobile apps of four online lenders for the unauthorized use of the personal data of their borrowers.

Privacy commissioner Raymund Enriquez Liboro said the takedown of the online lending apps of JuanHand, Pesopop, CashJeep and Lemon Loan is necessary “to prevent serious privacy risks and protect and preserve the privacy rights of data subjects.”

In four separate orders, the NPC directed Wefund Lending Corp., Joywin Lending Investor Inc., Cash8 Lending Corp. and Populus Lending Corp. – operators of JuanHand, Lemon Loan, CashJeep and Pesopop, respectively – to halt the processing of their borrowers’ personal data.

The NPC has furnished copies of the orders to the National Telecommunications Commission (NTC) to take down the four apps from the internet, and to Google to remove them from Google Play Store.

The four online lending apps have been the subject of various complaints of unauthorized use of personal data that resulted in harassment and shaming of borrowers and are currently being investigated for violations of the Data Privacy Act and other NPC issuances.

The ban was issued based on the findings of the NPC’s Complaints and Investigation Division (CID) which examined the apps and found that these violated the principles of transparency, legitimate purpose and proportionality in the Data Privacy Act of 2012 and the NPC issuance on the Processing of Personal Data for Loan- Related Transactions (NPC Circular No. 20-01).

The four apps have gained access to practically all the data in a borrower’s mobile device, according to NPC’s CID, which simulated the registration process of loan applicants and evaluated source codes.

The apps can process information ranging from a borrower’s sensitive personal data, location, photos, media files, emails, contact lists and data from social media platforms like Facebook, Instagram and Google.

The NPC said the apps have gained access to a trove of information in the borrowers’ mobile devices, including contacts and social media data, that are excessive and may be weaponized to harass and shame delinquent borrowers before persons in their mobile devices’ contact list to collect debts.

“These online lending apps raised many red flags and the companies operating these apps demonstrate problematic data actions that expose borrowers to serious privacy risks and harms,” Liboro said.

Companies operating these apps were provided the opportunity to reply to NPC’s findings, but two of the apps did not file position papers, while the other two failed to convince the commission why it should not impose the ban.

The NPC continues to investigate the possible criminal liabilities of the online lending app operators’ directors, officers and agents.

The commission said the apps were engaged in “irrelevant, unnecessary and excessive” harvesting of personal and sensitive information without borrowers’ free and informed consent.