Survey: Lenders breaching privacy

Customers at a banking hall in Nairobi. FILE PHOTO | NMG
Customers at a banking hall in Nairobi. FILE PHOTO | NMG 

Kenya’s mobile money operators and web-based lenders are conducting their business in breach of customers’ privacy, a UK-based consortium of agencies that monitor security of consumers on digital platforms has said.  

Privacy International Network says telecoms operator Safaricom’s #ticker:SCOM M-Pesa, M-Kopa and internet-based lenders Tala and Branch are using these platforms to collect crucial data that they deploy while making crucial financial decisions.

This, the network says, amounts to misuse of their clients’ digital identities and significantly risking their privacy and other fundamental rights. Privacy International Network’s report is based on an assessment of the financial technology operators’ activities in Kenya and India.

The survey found that the lenders’ operations are in violation of the very clients’ rights they had pledged to protect. Privacy International Network specifically accuses the three Kenyan firms of conducting espionage on customers to determine, among other things, their eligibility for loans.

Mining smartphones data enables these lenders to generate a broad range of information, including location, call records, and SMSs – often without the knowledge of the customers.


“There are ways in which companies in the fintech space in Kenya fail to protect their customers’ data. Some gather data regularly, even when the customer is not using their service, and use this to improve their algorithmic decision-making,” the report says, adding that customers often lack control over the data.

“In some cases, the algorithms are developed far from Kenya, in California for instance, raising the question as to what happens when these companies are sold,” the report says.

Customer and ex-customer data alike often becomes just another asset to sell with the company, the report says. Even more important is the finding that the collected digital data is often illegally used to make financial decisions against clients.

Privacy International Network found that based on factors such as how often a customer calls his or her mother and using call records as well as contents of the SMSs, a customer can be allowed or denied credit.

“Our research finds there has been a massive increase in the quantity and scope of consumer information gathered by financial institutions. This expansion has been largely unchecked, particularly in developing countries, while serving the interests of companies and industries, which are mostly located in developed countries,” the report says.

“Seemingly irrelevant data, such as text messages and call logs, are now being considered to justify a consumer’s suitability for various financial products, including loans. If current trends continue, PI believes it will become increasingly difficult – and eventually impossible – for people to use financial services without having to allow access to the most intimate information about themselves.”