NPC finds online lending firm criminally liable

Published February 20, 2021, 5:00 AM

by Bernie Cahiles-Magkilat

The National Privacy Commission (NPC) has recommended the prosecution of Fynamics Lending Inc., the operator of the PondoPeso online lending application which has reportedly been harassing and public-shaming delinquent borrowers, for violating the data privacy law.

In a 40-page decision, the Commission chaired by Privacy Commissioner Raymund Enriquez Liboro determined the criminal liability of Fynamics Lending Inc. and its Board of Directors, for violation of Section 25 (Unauthorized Processing of Personal Information and Sensitive Personal Information) of the Data Privacy Act (DPA).

Violators of Section 25 could be penalized by imprisonment of up to three years, and a fine of up to P2 million for unauthorized processing involving personal information. Where sensitive personal information is involved, violators shall be penalized by imprisonment of up to six years and slapped with a fine of up to P4 million.

In a statement, NPC said it has forwarded the decision and a copy of the pertinent case records to the Department of Justice, recommending the prosecution of the Respondents for the crimes of Unauthorized Processing under Section 25 of the DPA for its further actions.

The decision on Fynamics Lending Inc. resulted from one of the sua sponte investigations conducted by the NPC against online lending companies. From July 6, 2018, to July 31, 2019, NPC received 689 complaints against online lending companies and their applications. A total of 113 complaints were made against Fynamics’ online lending app during the period.

NPC cited various forms of complaints against Fynamics’ online lending app including the use of personal information from complainants’ mobile phonebook/directory/contact list to contact third persons, without their consent or authority; personal information about the data subjects, discussing with third persons and asking them to settle the loan on behalf of the data subjects; and unduly intrusive posts on social media of sensitive and personal information, among others.

The decision emphasized the role that personal information controllers play in “ensuring that the innovation and growth that happens in the Philippines continue to abide by the laws and ethical practices, leading to products and services that are free from any doubt on their security and informational privacy.”

“The National Privacy Commission once again reminds businesses to adhere to the data privacy law and respect their customers’ data privacy rights. To operators and companies behind online lending applications whose business model exploits borrowers, the Commission is determined to halt your unethical and illegal use of your customers’ personal information,” Liboro said.

In October 2019, the NPC issued a ban on data processingagainst 26 online lending apps for data privacy violations including debt-shaming. The order led to the takedown of these sites from app download giant, GooglePlay.

In September 2020, the NPC issued a circular ordering online lending applications to stop accessing contact lists of borrow*ers.

The NPC continues to investigate other online lending companies that have been the subject of numerous complaints ranging from harassment to public shaming of borrowers.