As mobile credit expands across emerging markets, one question looms large: how can lenders and telecom operators enforce repayment without undermining the privacy of their users? Device locking—the ability to remotely disable a financed smartphone if payments are missed—has proven to double repayment rates. Yet its use raises sensitive questions around data protection, transparency, and trust.
With new regulations tightening worldwide, this balance between repayment enforcement and consumer rights has never been more urgent. To unpack the issue, we spoke with Victor Kirnarskiy, CEO of GetMobi, a company at the forefront of device-based credit solutions across LATAM, Asia, and Africa. As Victor put it: “Privacy is actually one of the foundations of device locking. The software never transfers personal data, and it’s technically impossible to extract it.”
Why Privacy Matters
Device locking transforms smartphones into enforceable collateral, allowing lenders to mitigate repayment risk at scale. But the same technology exposes users to potential privacy violations if misused.
From a business perspective, privacy is a trust driver. Users who feel surveilled or unfairly punished are less likely to adopt credit programs. Legally, privacy is non-negotiable—frameworks like GDPR in Europe, LGPD in Brazil, and the DPDP Act in India impose strict consent, minimization, and transparency requirements. UX-wise, poor communication around locks can erode user confidence, while clear disclosures strengthen repayment discipline.
As Kirnarskiy emphasized: “Relations between the lender and the user are based on trust, and respect for privacy is part of that trust.”
The Compliance & Regulatory Landscape
Across regions, regulators interpret “proportional enforcement” differently:
EU & UK: GDPR sets a global standard, demanding explicit consent, minimal data collection, and strong user rights.
LATAM: Brazil’s LGPD and Mexico’s evolving fintech regulations highlight the shift toward stricter oversight.
Africa: Governments in Kenya and Uganda encourage digital credit growth but face pressure from NGOs to tighten user safeguards.
Asia: India’s DPDP Act and pending AI regulations require transparent, explainable enforcement mechanisms.
In developed markets, projects move slower due to extensive legal reviews, while in emerging economies the challenge lies in anticipating future regulation. As Victor noted, “Even if privacy laws are not strict today, lenders often over-prepare because no one can guarantee what will be implemented next year.”
Operational & UX Considerations
Privacy-by-design is not theory—it’s practice. Key lessons:
Consent & Transparency: Lenders must provide in-app disclosures, multilingual agreements, and digital receipts of consent. Surprises destroy trust.
UX Design: Notifications should be respectful and non-invasive. Allowing limited emergency access during lockouts preserves dignity and inclusion.
Best Practices: One Southeast Asian lender reduced support calls to near zero by showing every borrower a simple two-minute explainer video before signing contracts. Clear onboarding eliminated confusion and boosted repayment discipline.
The opposite is also true: opaque or disguised locking practices trigger complaints, regulatory scrutiny, and reputational damage.
Technical & Organizational Safeguards
Device locking systems must prevent both abuse and error:
Role-based access controls reduce the risk of unauthorized commands.
Audit logs provide traceability in case of disputes.
Fail-safes ensure devices are never locked incorrectly or permanently.
Cybersecurity is equally critical. As Victor explained, breaches often result not from the locking software itself, but from poor internal security: “If a customer doesn’t protect access to systems, someone could lock devices unfairly. That’s a huge reputational risk.”
Case Studies & Lessons Learned
Positive Example (Southeast Asia): A microfinance company integrated clear FAQs, training for merchants, and simple explainer videos. Result: zero confusion and stronger repayment rates.
Negative Example (Southeast Asia): Some lenders misused lock systems to install spyware, extracting contacts and photos. Governments responded with fines and closures—proof that misuse leads not just to distrust, but to criminal liability.
Global Benchmarks: GDPR reshaped global device privacy policies, while African initiatives like M-Kopa showed how responsible lock enforcement can expand credit access to millions.
Lesson: transparency and proportional enforcement strengthen adoption, while shortcuts destroy trust.
A Privacy-Centric Playbook
Based on global practices and GetMobi’s field experience, three principles stand out:
Be explicit and vivid: Tell customers from day one that the phone includes device lock, and explain how it works.
Be honest internally: Ensure legal, product, and engineering teams are aligned that locking is only for repayment discipline—not surveillance or control.
Invest in cybersecurity: Even startups need clear policies and a dedicated person responsible for security operations.
This playbook aligns with regulators, protects users, and sustains long-term credibility.
Trust as a Competitive Advantage
The future of device locking hinges on trust. Firms that embed privacy into every layer—consent, UX, safeguards, and governance—will not only avoid regulatory penalties but also build stronger relationships with their users.
Emerging technologies like AI and blockchain may further enhance repayment discipline and unlock new financing models, but without privacy at the core, the system collapses. The choice is clear: treat privacy as a constraint, and you limit growth; treat it as a competitive advantage, and you expand access sustainably.
We invite practitioners, regulators, and innovators to share how they are navigating this balance between repayment enforcement and trust.