How to Request Deletion of Personal Data from Online Lending Apps

The rise of Online Lending Applications (OLAs) in the Philippines has streamlined access to credit, but it has also raised significant concerns regarding data privacy. Many OLAs require extensive permissions—access to contacts, gallery, location, and social media accounts—which are sometimes misused for debt collection harassment.

Under Philippine law, specifically Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), borrowers have the right to control how their personal information is processed, stored, and deleted.

1. The Legal Basis: The Right to Erasure

The DPA grants "Data Subjects" (the borrowers) several rights. The most relevant in this context is the Right to Erasure or Blocking.

Under Section 16(e) of the DPA, a data subject has the right to suspend, withdraw, or order the blocking, removal, or destruction of their personal data from a Personal Information Controller’s (PIC) filing system. This applies if:

  • The personal data is incomplete, outdated, false, or unlawfully obtained.
  • The data is being used for unauthorized purposes.
  • The data is no longer necessary for the purposes for which it was collected.
  • The borrower withdraws consent (and there is no other legal ground for processing).

2. Steps to Request Data Deletion

To effectively exercise your right to erasure, you must follow a formal process to ensure there is a paper trail should you need to escalate the matter to the National Privacy Commission (NPC).

Step A: Identify the Data Protection Officer (DPO)

Every legitimate OLA is required by law to appoint a Data Protection Officer. Look for the OLA's "Privacy Policy" section within the app or on their official website. The policy must list the contact details (usually an email address) of the DPO.

Step B: Submit a Formal Request

Send a formal letter or email to the DPO. Your request should include:

  1. Identification: Your full name and the account details associated with the app.
  2. Specific Demand: State clearly that you are exercising your Right to Erasure under Section 16 of RA 10173.
  3. Reason for Request: Specify if the loan is fully paid, if consent is being withdrawn, or if the data collected is excessive (e.g., "The app's access to my contact list is no longer necessary for the fulfilled credit agreement").
  4. Timeline: Provide a reasonable period (typically 15 to 30 days) for them to comply and provide written confirmation of the deletion.

Step C: Revoke App Permissions

While waiting for the OLA to process your request, manually revoke permissions on your smartphone:

  • Go to Settings > Apps > [OLA Name] > Permissions.
  • Toggle off access to Contacts, Camera, Storage, and Location.
  • Uninstall the app. Note: Uninstalling the app does not delete your data from their servers; it only stops further local data collection.

3. The "Unpaid Loan" Complication

It is important to manage expectations regarding data deletion if you have an outstanding balance.

Under the DPA, a company can retain your data if it is necessary for the fulfillment of a legal contract or for legitimate business interests. If you have not paid your loan, the OLA has a legal right to keep your basic information (name, address, promissory note) to pursue collection.

However, even with an unpaid loan, they cannot legally retain or use data that is irrelevant to debt collection, such as your entire contact list or private photos, especially if such data is used for "debt shaming," which is a violation of NPC Circular 20-01.

4. Escalation to the National Privacy Commission (NPC)

If the OLA ignores your request, refuses to delete your data without a valid legal reason, or continues to harass your contacts, you can file a formal complaint with the NPC.

Action Description
Document Evidence Save screenshots of your sent deletion request, the OLA’s response (or lack thereof), and any instances of data misuse (e.g., texts to your contacts).
File a Complaint Visit the NPC official website and use their "Complaints" portal.
Cite Violations Mention violations of NPC Circular No. 20-01, which specifically prohibits OLAs from accessing contact lists for harassment or "shaming" purposes.

5. Key Considerations for Borrowers

  • Check SEC Registration: Before dealing with an OLA, verify if they are registered with the Securities and Exchange Commission (SEC) and have a Certificate of Authority (CA). Unregistered OLAs are more likely to ignore data privacy laws.
  • Privacy by Design: Be wary of apps that require access to your social media or contacts as a condition for a loan. This is often a red flag for intrusive data practices.
  • Certificate of Deletion: When a request is granted, you have the right to ask for a "Certificate of Data Destruction" or a formal written confirmation that your records have been purged from their active databases.

By asserting your rights under the Data Privacy Act, you can mitigate the risks of identity theft and protect your personal reputation from the aggressive digital tactics used by predatory lending platforms.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login