The National Privacy Commission (NPC) has ordered the immediate takedown of four online lending apps (OLAs), JuanHand, Pesopop, CashJeep, and Lemon Loan to protect the data privacy rights of borrowers.

These apps have been the subject of various complaints of unauthorized use of personal data that resulted in harassment and shaming of borrowers and are currently being investigated for violations of the Data Privacy Act and other NPC issuances.

The NPC said the apps have gained access to a trove of information in the borrowers’ mobile devices, including contacts and social media data, that are excessive and may be weaponized to harass and shame delinquent borrowers before persons in their mobile devices’ contact list to collect debts.

Privacy Commissioner Raymund Liboro said the orders banning the four apps “are crucial to prevent serious privacy risks and protect and preserve the privacy rights of data subjects.”

“These online lending apps raised many red flags and the companies operating these apps demonstrate problematic data actions that expose borrowers to serious privacy risks and harms,” Commissioner Liboro added.

Companies operating these apps were provided the opportunity to reply to NPC’s findings, but two of the apps did not file position papers, while the other two failed to convince the Commission why it should not impose the ban.

The ban shall remain in effect until lifted by the Commission.

Meanwhile, the NPC continues to investigate the possible criminal liabilities of the OLA operators’ directors, officers, and agents.

In four separate orders, the NPC directed Wefund Lending Corporation, Joywin Lending Investor Inc., Cash8 Lending Corporation, and Populus Lending Corporation – operators of Juan Hand, Lemon Loan, CashJeep, and Pesopop, respectively – to halt the processing of their borrowers’ personal data.

The Commission said the apps were engaged in “irrelevant, unnecessary, and excessive” harvesting of personal and sensitive information without borrowers’ free and informed consent.

The NPC has furnished copies of the orders to the National Telecommunications Commission (NTC) to take down the four apps from the internet and to Google LLC to remove them from the Google Play Store.

The Commission issued the orders based on the findings of the NPC’s Complaints and Investigation Division (CID) which examined the apps and found that these violated the principles of transparency, legitimate purpose, and proportionality in the Data Privacy Act of 2012 and the NPC issuance on the Processing of Personal Data for Loan-Related Transactions (NPC Circular No. 20-01).

The four apps have gained access to practically all the data in a borrower’s mobile device, according to NPC’s CID, which simulated the registration process of loan applicants and evaluated source codes.

The apps can process information ranging from a borrower’s sensitive personal data, location, photos, media files, emails, contact lists, and data from social media platforms like Facebook, Instagram, and Google +.

Complete surrender

This level of access amounts to the borrower’s complete surrender of all data in his mobile device and other information that the lender can collect from third parties, such as employers, utilities, government agencies, remittance companies, and insurance and financial services providers.

In particular, JuanHand, for example, has an invasive manner of using personal data. It can read a borrower’s calendar of events and confidential information, add, and modify calendar events, and send emails to contacts without the borrower’s knowledge.

Permanent right of use of data, complaints

In addition, CID’s Fact-Finding Report found that borrowers have unwittingly granted JuanHand a “permanent right” to use the “true, up-to-date, valid and complete information” they have provided so they can avail themselves of a loan.

The CID said it was conducting investigations of OLAs amid numerous complaints against them. Based on Google’s statistics, JuanHand has been downloaded more than 1 million times; Lemon Loan and Pesopop, more than 500,000 times each; and CashJeep, over 100,000 times.

The NPC is currently studying and investigating more than 200 OLAs available for download and will issue orders and other actions according to the investigation results.

This is not the first time that the Commission is cracking down on OLAs.

In October 2019, the Commission issued a ban against 26 OLAs for failing to appear before it and answer allegations, such as the use of personal data to shame delinquent borrowers.

Through NPC’s coordination with the NTC and Google LLC, the 26 OLAs were taken down, and the apps are no longer publicly available for download, installation, or use.

Recently, the Commission has opened a channel with Google’s Regional Office for the immediate execution of its orders.

Leave a Reply

Your email address will not be published. Required fields are marked *