The Federal Government has launched an investigation into the activities of some informal digital lending operators popularly known as “sharp sharp” loan providers, over alleged breaches of customer data privacy.
The development was disclosed by the National Commissioner of the Nigeria Data Protection Commission, Vincent Olatunji, during an interview with the News Agency of Nigeria (News Agency of Nigeria) on the sidelines of a training programme for Data Protection Officers in Abuja.
According to Olatunji, the government is increasingly concerned about how some of these loan operators handle borrowers’ personal information, especially in their aggressive debt recovery practices.
These “sharp sharp” lenders often referred to as loan sharks operate largely online, offering quick, collateral-free loans to customers. However, many of them remain unregulated or loosely supervised.
Olatunji explained that some of the reported violations include accessing borrowers’ phone contacts without permission, contacting friends and family members during loan recovery, and in some cases, circulating personal images or sending defamatory and threatening messages.
He noted that while many Nigerians may not be fully aware, some of these issues also arise because borrowers often fail to carefully read the terms and conditions before accepting loan offers.
“Many borrowers unknowingly expose their personal data due to failure to read loan agreements,” he said, adding that similar challenges exist globally and are not unique to Nigeria.
News: http://ADC Leadership Crisis: Supreme Court Shifts Hearing to April 22
He further stressed that the rise of fully digital lending platforms, many of which operate without physical offices, has made regulation more complex, even though compliance with data protection laws remains compulsory.
Olatunji emphasized that any organisation offering digital lending services in Nigeria must comply with privacy requirements before operating.
He also highlighted the role of key regulatory bodies in the sector, including the Federal Competition and Consumer Protection Commission, the National Information Technology Development Agency, the Nigerian Communications Commission, the Central Bank of Nigeria, and the Nigeria Police, all of which play different roles in monitoring compliance and protecting consumers.
According to him, digital lenders are expected to obtain proper approval and licensing—particularly from the FCCPC, and must meet strict requirements on user privacy protection.
“Part of the requirements is to ensure provisions around privacy are complied with so that they do not infringe on the rights of their customers,” he said, warning that unauthorised access to users’ contact lists is a punishable offence.
“We will come after them,” he added firmly.
On ongoing investigations involving Sterling Bank, Remita, and Temu, the NDPC boss said the commission was following due process to ensure fairness and accountability.
He explained that investigations require time, as organisations are invited to respond to allegations and defend their operations before final decisions are made.
“For Sterling Bank, we have completed the process and issued our decision,” he said.
“For Temu, the process is ongoing, and they have requested additional time to appear before the commission, which has been granted.”
Olatunji reaffirmed that the priority of the Nigeria Data Protection Commission remains the protection of citizens’ personal data and ensuring that all data controllers and processors operate within the law.
