Kenya’s Data Protection Watchdog Is Punishing ‘Unusual Suspects’
The Office of the Data Protection Commissioner (ODPC) in Kenya meted out some punitive action aimed at upholding data privacy rights on Tuesday, September 26, imposing substantial fines totalling KES 9.3 M (~USD 63 K) on three distinct businesses found guilty of breaching data protection regulations.
In an official announcement, the ODPC divulged that these penalties were doled out due to flagrant violations of data privacy rights and non-compliance with the Data Protection Act. The culprits in question comprised a private school, a digital credit provider, and a prominent nightclub, each found guilty of distinct infractions.
The private school was slapped with a hefty USD 4.5 M fine. Their misdeed? Disseminating photographs of minors on their social media platforms without obtaining the requisite consent from the parents. This staggering penalty sets a precedent, marking the highest fine ever imposed on an educational institution, serving as a cautionary tale for others who might consider similar data sharing without consent.
The digital credit provider, on the other hand, found itself facing a KES 3 M fine for its transgressions. This company was reprimanded for exploiting the names and contact information of its complainants, acquired through third-party sources. Their actions demonstrated a disregard for data protection norms, per the ODPC, which has deemed it unacceptable.
The third entity to face the ODPC’s punitive measures was a nightclub situated in Ngong, Nairobi, which received a fine of KES 1.9 M. This establishment incurred the wrath of the ODPC for brazenly posting an image of a reveller on their social media platforms without obtaining the individual’s consent. This case highlights the ODPC’s resolve to safeguard individuals’ data privacy, even in social and recreational settings.
Furthermore, the ODPC has taken a decisive stance against the digital lending industry by penalising the credit provider. Their investigation revealed that the company had utilized customer data to engage in unsettling practices, such as sending threatening messages and making unsolicited phone calls. This landmark penalty serves as a reminder to digital lenders and financial institutions to be transparent in their data collection and processing procedures, ensuring they communicate their intentions clearly to the data subjects involved, the data privacy watchdog emphasises..
In her closing remarks, Data Commissioner Immaculate Kassait issued a stern call to all institutions entrusted with handling data. She emphasized the importance of strict adherence to the provisions outlined in the Data Protection Act of 2019. The ODPC’s actions underscore its commitment to safeguarding the privacy and data rights of individuals, sending a message that data violations will not be tolerated in Kenya’s digital landscape.
Featured Image Credits: Protos