The privacy watchdog has recommended the criminal prosecution of an online lender who harassed and public-shamed borrowers into paying back their debts, more than a year since an investigation was announced.
The National Privacy Commission (NPC) recommended the filing of charges against Fynamics Lending Inc., the operator of the PondoPeso online lending application, for violating the data privacy law. It forwarded its decision and a copy of the case records to the Department of Justice.
NPC said the agency has determined the criminal liability of the company and its board of directors for the unauthorized processing of personal and sensitive information. Fynamics is one of the lending companies that the agency flagged in September 2019.
Under the Data Privacy Act, an unauthorized processing of personal information can lead up to three years in jail and a fine of up to P2 million. Moreover, if sensitive personal information is involved, violators can face up to six years in jail and a fine of up to P4 million.
“To operators and companies behind online lending applications whose business model exploits borrowers, the Commission is determined to halt your unethical and illegal use of your customers’ personal information,” Privacy Commissioner Raymund Liboro said in a statement on Friday.
NPC said it received a total of 689 complaints against online lending companies from July 6, 2018, to July 31, 2019. Of this figure, 113 were made against Fynamics’ online lending app.
The agency said the app used the personal information of the contact list of the complainants to contact friends, relatives and co-workers, sharing unwarranted and false information.
These persons were often told that the data subjects named them as co-makers or character references. In some cases, they were asked to settle the loan on behalf of the data subjects, NPC said.
NPC said the representatives or agents of the app used the personal information of the complainants to damage the reputation of data subjects or to harass, threaten or coerce them to settle their loans’
‘Unduly intrusive’
“Methods used in personal data processing information were unduly intrusive, including posting on social media of personal and sensitive personal information of data subjects or even subjecting their contacts to threats and harassment. The personal information processed was excessive or otherwise used for purposes beyond what is necessary or authorized under their agreement,” NPC said.
In October 2019, the NPC issued a ban on data processing against 26 online lending apps for data privacy violations, including debt-shaming. The order led to the takedown of these sites from app download giant GooglePlay.
In September 2020, the NPC issued a circular ordering online lending applications to stop accessing contact lists of borrowers.