SEC, DICT, NPC remind online lending platforms to uphold borrowers’ data privacy
The Securities and Exchange Commission (SEC) has teamed up with the Department of Information and Communications Technology (DICT) and the National Privacy Commission (NPC) to strengthen borrowers’ protection from abusive lending and financing practices.
In a joint advisory, the SEC, together with the DICT and the NPC, reminded lending and financing companies about the existing rules on the processing of borrowers’ personal data for loan-related transactions, under Republic Act No. 10173, or the Data Privacy Act of 2012, and Republic Act No. 11765, or the Financial Products and Services Consumer Protection Act.
The advisory also reiterated rules issued by the SEC to protect the rights of borrowers under SEC Memorandum Circular No. 18, Series of 2019, which prohibits unfair debt collection practices of financing and lending companies, and SEC Memorandum Circular No. 19, Series of 2019, which requires financing and lending companies to disclose the online lending platforms (OLPs) they operate.
“The government recently received numerous reports of [OLPs] engaging in harassment, intimidation, public shaming and unlawful use of personal data in their collection practices,“ the advisory read.
“Digital transformation must protect—not prey upon—the Filipino people. The National Government stands firm in enforcing the law and safeguarding the rights, privacy, and dignity of every Filipino in the digital economy,“ it added.
Among others, the SEC, DICT and NPC underscored that OLPs are prohibited from accessing borrowers’ contact lists and reaching out to those that are not named as guarantors, as unconstrained and disproportionate processing of personal data may lead to harassment, collection of debt outside guarantors, and unfair debt collection.
In addition, the joint advisory emphasized the responsibility of OLPs to ensure secure and proper disposal and destruction of personal data that would render further processing impossible, and allow data subjects to turn off, disallow, or revoke permission when the purpose for an application permission has been achieved, among other rules.
“Violations of applicable laws, [implementing rules and regulations], and SEC regulations may subject the erring [financing and lending companies] to administrative sanctions, including fines, suspension or revocation of authority to operate, and other penalties provided under relevant laws,“ warned the SEC, DICT and NPC.
In parallel, the joint advisory urged individuals availing of loans through OLPs to remain vigilant in protecting their personal data.
The public should download OLPs from official or verified sources only and ensure that they are operated by SEC-registered and licensed corporations, according to the SEC, DICT and NPC advisory.
Borrowers must also read privacy notices and consent forms carefully, as some online applications use deceptive design patterns or techniques to deceive borrowers into performing acts relating to the processing of their personal data, the government agencies added.
Borrowers were further advised to review the permissions required by OLPs to ensure that they do not request unnecessary permissions unless needed for specified and legitimate purposes before transacting with them.
Borrowers must also inform and secure the express consent of their guarantors, the SEC, DICT, and NPC, emphasized.
Should anyone experience unfair debt collection practices, the public may submit a complaint to the SEC Financing and Lending Companies Department through imessage.sec.gov.ph or contact the Commission’s unified hotline at 1-4732 (1-4SEC).
Other abusive behaviors, such as harassment, threats, frauds and scams, must likewise be reported to proper authorities, including the DICT, the National Bureau of Investigation, and the Philippine National Police. #
