Hustler Fund is supposed to deepen financial inclusion, but it’s come with risks. Photo: QUARTZ/ Faustine Ngila
An easy mobile-loan scheme that catapulted president William Ruto’s rise to power in Kenya only a few months ago has quickly turned into a lightning rod for data privacy concerns.
the Hustler Fund is Ruto’s $410 million loan project to lift millions of Kenyans out of poverty through a bottom-up economic model. In a country where only 9% of the workforce has a stable income—39% of Kenyan youth are without jobs—such an offer carries huge potential.
However, citizens and data privacy experts alike are now worried about the multiple layers of data collection and processing involved in securing funds.
How the Hustler Fund works
Ruth became Kenya’s fifth president in August, defeating his closest competitor Raila Odinga by securing only 2% more votes.
G/O Media may get a commission
A key promise he made during the election campaign was a loan without interest. The Hustler Fund was, therefore, launched on Nov. 30, primarily targeting Kenya’s “low-income earners,” whom Ruto, a chicken seller in his youth, dubbed “hustlers.”
By simply dialing *254# on their mobile phones, Kenyans can register for the scheme. Around two hours after registering, they are informed of the amount they are qualified to receive. This could be between $4 and $41.
By today, at least 3.5 million Kenyans have applied for loans under the scheme. Ruto claims the fund’s platform receives 600 loan applications every single second.
The funds are being provided by commercial lenders KCB Bank and Family Bank, and are being distributed through Kenya’s three mobile money platforms, M-Pesa, Airtel Money, and T-Kash.
Yet, things aren’t as simple as they seem.
The problem with the Hustler Fund
Ruto’s campaign promise notwithstanding, it turns out that Hustler Fund charges 8% as interest if loan buyers repay the amount within 14 days. Past that deadline, the rate goes up to 9.5%.
Besides, the amounts many of the applicants qualify for are simply too low to help them out of financial woes. It is not clear which credit history data the government uses to determine loan amounts.
There are other, bigger, problems, too.
“The first issue is informed consent. They (the government) have just taken a draft privacy policy and tailored it. Ideally, it should be in a language that the ‘hustler’ understands,” Elizabeth Orembo, a member of the Kenya ICT Action Network (KICTANet), a Nairobi-based tech policy think tank, told Quartz. “Instead it is in a legalese that would only be understood by the Kenyan elite.”
In any case, even though Kenya has a relatively high rate (pdf) of digital literacy, only a segment of the population understands data protection. This is despite campaigns by the data protection commission to educate citizens.
only 36% of Kenyan companies are aware of privacy laws. Of these, 58% admit to allowing third-party trackers to collect customer data on their systems—without consent.
Data-related problems, therefore, can’t be far behind.
For instance, on registering for a loan, the Hustler Fund platform seeks the applicant’s M-Pesa pins. M-Pesa is a mobile banking service that allows Kenyans to store and transfer money through their mobile phones. Again, applicants aren’t given the option to hold back consent for the use of this pin.
Kenyans on social media have labeled this “data mining without user consent.”
Moreover, many applicants have not received any money even days after applying, further raising the specter of data safety in the hands of multiple data processors.
What experts and Kenyan citizens say
“Who is the data processor in this case? Is it the government or mobile money providers? Who else has access to the data? Because Equity Bank says their loans will also use the Hustler Fund credit history to calculate creditworthiness. Who else is in this game as a data processor?” KICTANet’s Orembo asked.
While the government has tried to explain the need for applicants’ M-Pesa pins, experts believe this breaches the 2019 Data Protection Act.
“Your right to privacy is baked into your 2010 Constitution and even the government should not take it away. The fact that most governments regularly violate citizen privacy should never, ever be normalized,” John Walubengo, a data protection consultant, noted on the KICTANet public forum.
“As a citizen, you have a say in every step of the long personal data life cycle that includes accessing, collecting, processing, sharing, retention, securing, and retiring it,” he said.
Some applicants say their data is already being shared or sold without their permission.
“The problem is that many applicants just want the money, they’re unaware of their data privacy rights,” said Egline Samoei, another KICTANet member.
Comments are closed.