The Personal Data Protection Committee (PDPC) has sent a list of 11 suspicious mobile applications found on the Google Play Store to the Bank of Thailand for investigation into their personal loan services, as they may be operating without proper registration.
Wetang Phuangsup, the acting secretary-general of the PDPC, reported that this action was prompted by the pre-installation of two potentially unlicensed personal loan apps on certain mobile devices from Chinese brands Oppo and its subsidiary Realme. Two of the apps are linked to the Fineasy app, while another app known as “Happy Loan” in English is also under scrutiny.
The PDPC and the National Cyber Security Agency are conducting expanded investigations into Fineasy and Happy Loan, which have led to the identification of 11 suspicious apps available on the Google Play Store.
This information has been forwarded to the central bank for a more thorough examination. If deemed illegal, the central bank can take action to halt these 11 apps’ services in Thailand, in coordination with Google.
Wetang mentioned that in connection to Fineasy and Happy Loan, 40 individuals have filed complaints against Oppo, Realme, and their distributors, alleging illegal operations and improper collection of personal data, violations of the Personal Data Protection Act (PDPA). The number of complainants has increased from 11 last week.
The specifics of these complaints will be reviewed by an expert committee for further examination and potential fines.
Additionally, Wetang noted that representatives from Oppo met with the PDPC to address concerns regarding reports that 165 gigabytes of data from Oppo Thailand, which includes customers’ personal information, is being sold on a dark web site. This leaked information reportedly consists of employee records from the company’s human resources database and sensitive operational details.
The seller is reportedly asking for $20,000 (approximately 673,000 baht) for the data. The PDPC has instructed Oppo Thailand to investigate the leak, assess the associated risks, and provide a detailed report within 72 hours. The committee aims to confirm if a breach occurred to mitigate further potential damages. Should the PDPA be violated, legal actions and administrative measures will be taken.
Possefy Group Co Ltd, the local distributor for Oppo, has recently acknowledged the issue and stated it has reported the breach to the PDPC’s Eagle Eye Centre and local authorities.
In relation to the Fineasy and Happy Loan cases, the Digital Economy and Society Ministry has released 10 guidelines for relevant parties to handle pre-installed apps to protect consumers and prevent legal violations. These guidelines are effective immediately and include a requirement for manufacturers to select only essential apps that do not compromise user privacy.
On January 17, Oppo Thailand executives conducted a press conference to apologize to customers concerning the Fineasy and Happy Loan apps. They confirmed that the installation of these two apps on new smartphone models was halted as of January 14. Since January 16, Oppo has begun rolling out software updates to allow mobile users to uninstall the Fineasy app.
The company emphasized its commitment to adhering to privacy and data protection laws in all operating countries. Realme issued a similar statement on the same day, noting that operations for the Happy Loan app were also suspended on January 14.
