According to the Philippine Daily Inquirer a man named Roger was surprised to hear from an old college friend after all these years who was hacked off that he gave her phone number to an online lending company that was hounding him at that time.
The company told her that he was in debt and needed to pay up. Roger took out a loan using the company's app in May, after seeing an ad on Facebook. His payment had been overdue for a week when the company contacted his college friend. But in fact he didn't give the company her number. The company tapped his contact list, then messaged his college friend to get him to make good on his debt.
The company also called his wife and threatened to report him to his boss so he would lose his job. Roger, 26, has since paid back the loan. And he vowed never to use the app again.
The National Privacy Commission (NPC) has reported receiving 921 formal complaints since July 2018 about online lending companies who publicly shame borrowers to get them to pay up... Three companies are facing cases filed by the NPC for violating the Data Privacy Act of 2012.
Privacy Commissioner Raymund Enriquez Liboro earlier released copies of the investigators' fact-finding reports, which recommended criminal prosecution of the board members of the three companies.
"The investigation determined that their business practice specifically targets the privacy of persons, practically making a profit out of people's fear of losing face and dignity. These unethical practices simply have no place in a civilized society and must stop," Liboro then said...
In an affidavit sent to the NPC, one complainant said Fast Cash threatened to post her selfies on Facebook. Another said the CashLending app changed her profile picture on Facebook to an obscene picture... None of these would have happened unless the users gave permission to these apps. But many users backed into a corner by circumstance didn't have a choice. Roger, for one, said he could not use the app unless he agreed that the company could access his contacts.
The NPC argued that although the users gave their approval, the lack of easily understandable and clear information, among other factors, meant that it was not a "valid" consent... Among the charges filed against the companies are noncompliance with the legal requirements of processing personal data, as well as malicious and unauthorized disclosure. Their operators may face imprisonment of up to seven years and fines of not more than P5 million [about $97,000 U.S. dollars] under the Data Privacy Act of 2012.
One person who filed a formal complaint with the government later received a discouraging text message from the company in question. "Before you sue us, we already sent a text blast to all of your contacts. We know your home address, your office and even your ugly face. Good luck with your privacy law."