Help digital lenders to flourish and enhance data protection

Digital lenders must embrace less combative ways of effecting loan recovery. [Courtesy] 

Digital loans need not be diminished, as the main objective for digital lenders is to facilitate access to credit for un-bankable masses with no collateral, reliable employment and credit history, as a method of bridging the gap that has been – financial inclusion. Publicly available data, statistics and financial reports indicate that indeed, the role of digital lenders in developing the economy cannot be gainsaid.

Challenges in regulating the behavioural aspects of digital lenders are bound to arise and this calls for an objective mechanism to resolve all forms of complaints and disputes. For one, there is need for a conversation on recovery of non-collateral digital loans as many digital lenders are experiencing sharp losses as a result of defaulting digital borrowers.

Technology has been the elusive saving grace as an enabler of improved service provision, including access to credit and increased coverage and circulation of money in the economy. It is therefore my view that the growth of digital lending business depends on efforts by respective digital lenders and related service providers to ensure compliance with all existing laws, especially those on consumer protection, such as the Data Protection Act 2019.

Among other factors, the Central Bank of Kenya (Amendment) Bill 2021 that was recently approved by Parliament introduces a raft of powers for the bank to price interest rates for digital loans and develop regulations to govern aspects of data protection in the context of digital loans.

The law seeks to enforce highest standards of consumer protection, already legislated under laws such as the Consumer Protection Act and the Data Protection Act 2019. Therefore, the role of CBK is facilitative, sectoral and complimentary. The CBK, as a regulator, is not in the business of stifling this industry, but rather creating clear rules of engagement for the players involved.

The practical nature of the lending business and the related challenges can therefore be resolved, at a more compact level than before considering that more players have been co-opted, including the Association of Digital Lenders and Credit Reference Bureaus. These players need to focus on ensuring that the use of data in the sector is fair and compliant with principles of data protection.

Legal practitioners should also focus on assisting digital lenders by offering business solutions relating to developments in laws affecting the sector. This will help reduce instances of non-compliance leading to optimal business performance.

Section 37 of the Data Protection Act 2019 provides that a person shall not use for commercial purposes personal data obtained pursuant to the provisions of the Act unless the person has sought and obtained express consent from a data subject; or is authorised to do so under any written law and the data subject has been informed of such use when collecting the data from the data subject.

This brings to fore, the role of Credit Reference Bureaus (CRBs), in providing information, which in the strict sense is data, on digital loan borrowers for the purpose of ascertaining credit-worthiness. As service providers, CRBs have faced backlash, leading to various interventions that have threatened their role in the market.

Considerations for CRBs should be on how to provide the much-needed service, without necessarily violating the rights of data subjects. Needless to say, even conventional banking business depends on other service providers in determining whether to advance credit or not. The code developed by the Association of Digital Lenders contains insightful standards that need to be enforced.

Aspects of data protection that must be embraced are transparency and accuracy in the communication of digital loan offers, easy to understand digital loan agreements and involving digital borrowers in decision-making in relation to their loans. This will bring a level of clarity, to neuter public outcry relating to debt shaming and also facilitate amicable loan repayment terms.

Digital lenders must also embrace less combative ways of effecting loan recovery, including renegotiation of terms and moratorium for repayment, at least on timelines. This will ensure that the focus is on the growth of businesses, by dispute avoidance.

Other data protection concerns for digital lenders include ensuring confidentiality of data, lawful processing of data, and responsible sharing and transfer, all of which require a lawful basis, including consent and performance of a legitimate aim, to fulfil a legal obligation.

There is therefore need for continuous conversation on making the digital lending ecosystem profitable and beneficial to all players while complying with laws on privacy and data protection in Kenya.

Mr Bosire practices Telecommunications, Media, Technology and Data Protection Law. [email protected]