Several mobile lenders are under investigation from the Kenya data regulator for unscrupulous practices they employ in a bid to recover their money.

For many months, Kenyans have complained that certain lenders threaten to ‘debt shame’ them to their contacts, with some of these threats translating into action.

This practice of sharing defaulter data, which should be confidential, has attracted the attention of the agency, and Commissioner Immaculate Kassait has promised to crack down.

Two lenders often mentioned in this regard are Okash and Opesa, partially owned by Norwegian internet browser giant Opera. Opera was acquired by a Chinese consortium in 2016.

Both lenders have been disowned by the Digital Lenders Association of Kenya (DLAK), which accused them of invading customers’ privacy.

Once you download their app, you grant them permission to access your contact list, and it is this information they allegedly use to blackmail you into paying.

“Not only does this behavior go against Kenyan data protection laws, but it reeks of indignity. By reaching out to a customer’s contact list, Opesa and Okash rob the individual of basic dignity and consumer rights,” a statement from DLAK in 2020 read.

Such behavior is a violation of the Data Protection Act, which bars sharing of private data with third parties without consent.

Okash however dismisses DLAK as “an association of competitor digital lenders who shouldn’t be quoted as an independent source.”

On this latest investigation, Mr Kassait said, “The Office received complaints from data subjects regarding digital money lending applications. Towards this end, my office has commenced investigations on a total of 67 such complaints in line with the office mandate.”

Although Ms Kassait did not divulge the identity of the lenders being targeted, it is understood that the Opera-linked apps, as late as October this year, were still employing such tactics; i.e. either contacting phonebook contacts, or threatening to do so.

“Your OKASH record states you ignore and block calls from us. This shows non-cooperation. Clear [Amount] now to avoid Phonebook engagement,” a message sent to an Okash client recently, and seen by us reads.

Okash however denies doing this, specifically stating that “they will not use any contacts from the phone’s contact list.”

However, even if found guilty, offenders can only be fined Sh5 million or 1% of their annual turnover (whichever is lower). For big lenders, that is a mere slap on the wrist, with little incentive to stop the practice, especially if they end up netting more from it.

“Infringement of provisions of the Kenya Data Protection Act (DPA) will attract a penalty of not more than Sh5 million or, in the case of an undertaking, not more than 1 percent of its annual turnover of the preceding financial year, whichever is lower,” the Act states.


Clarification

In a previous version of this article, we indicated that Opera owns the Opesa and Okash. We have updated to reflect both the ownership of Opera and its partial stake in the two lending apps.

We have also updated with Okash’s response to DLAK’s statement.