Kenyan loan app fined $2,000 for adding guarantor without consent and harassment

A Kenyan loan app, Whitepath has been fined a sum of KES 250,000 ($2,000) by Kenya’s Office of the Data Protection Commissioner (ODPC) for violating data privacy laws. According to court files, the lender added an individual as a guarantor without their consent and subjected them to debt collection calls after the borrower failed to pay back. 

Court records revealed that Dennis Caleb Owuor received a debt collection call from a Whitepath representative in November 2024. The caller notified that Owuor was added as a guarantor to a run-away borrower.

Despite Owuor’s claims to be unaware of being a guarantor, the caller failed to provide any clear explanation and kept on demanding the debt repayment from him. Upon several efforts by Owuor to stop the pestering to no avail, he complained to the ODPC about the breach of his privacy and harassment.

Whitepath, when contacted by the regulator for a response, failed to grant an audience. Nevertheless, Kenya’s Data Protection Act allows enforcement regardless. 

The regulator then ruled that:

1. Whitepath, which operates Instarcash and Zuricash loan apps, had no legal grounds to process Owuor’s information or list him as a guarantor without his consent. 
2. The company violated data protection laws by failing to notify Owuor that his data was being used. 
3. The regulator then fined Whitepath $2,000 and directed the lender to erase the complainant’s data and provide proof of full compliance. 

Whitepath had faced a similar data privacy violation case two years ago. In April 2023, the data protection regulator fined the lender KES 5 million ($39,000) after receiving about 150 complaints ranging from unauthorized access to borrowers’ contact lists and sending unsolicited messages. The penalty was levied after Whitepath ignored an earlier enforcement notice. 

The ruling comes amid a heap of regulatory measures on Kenyan e-lenders for their abusive debt collection initiatives and mishandling of customers’ data. 

The case also circles around stories of digital lenders devising abusive means to track defaulting borrowers such as public sharing of debtors’ data, aggressive collection strategies, and extracting contact details from borrowers’ phones.

Experts have also raised concerns about whether the financial penalties are sufficient to curb various forms of unethical practices by loan apps. They suggest more exorbitant fines and stronger regulator measures to provide customers with data privacy.

Similar Read: Approved loan apps in Nigeria increases by 18.8% to 380 in February amidst economic palaver.

Loan apps and associated risks – Nigerian scene

With the ongoing economic pressures and shift to fix a living, the growing number of loan apps has been alarming. A February 2025 information from the Federal Competition and Consumer Protection Commission (FCCPC), reported by Technext, revealed an 18.8 per cent surge in approved loan apps from 320 in October 2024 to 380 in February 2025. 

The rate increase also translates to a surge in associated risks such as getting scammed by fake platforms, exposure of personal information, and the high interest rate accustomed to the process.   

Technext also made an investigative report on how the Cybernews research team discovered an open MongoDB database linked to BestFin Nigeria, a financial technology company that operates the popular icredit loan app. The database was over 300GB in size, left completely exposed to the public internet with the data of 846,000 people left unprotected.

As these loan apps have become a popular choice for individuals seeking financial relief, some lenders resort to aggressive tactics, including sending embarrassing messages to borrowers and displaying personal photos of borrowers across social media when repayments are being delayed. These actions have led to significant distress, with victims losing jobs and facing public humiliation.

This action saw the FCCPC  encourage Nigerians to report any instances of harassment from loan apps particularly after loan repayment failures by sending complaints via email to @fccpc.gov.ng or message FCCPC directly on X.

They can also visit fccpc.gov.ng and navigate to the “File a Complaint” section to fill in details such as the loan app’s name, contact details, loan amount, and a description of the issue.

While the FCCPC is currently playing the role of regulator in the digital lending space, financial experts have warned that the commission would need to step up beyond registering and granting approval to digital lenders and start proper policing of their operations.

“It is not enough to issue a licence or grant approval based on the fact that they have met certain conditions set by the FCCPC, the regulator needs to monitor these lenders and ensure that they are operating in ethical ways, especially, how they disburse loans and how they recover their loans,” said Mr. Gbolagunte Ajayi, a financial analyst.