Data Privacy Violations Lead to Significant Fines by the Data Protection Commissioner

The Office of the Data Protection Commissioners (ODPC) in Kenya imposed substantial fines totaling Sh9.4 million on three organizations for breaching personal data privacy. This action underscores an escalating commitment to safeguarding individuals’ digital-age personal information.

Digital credit provider, Mulla Pride Ltd., operates popular lending apps such as KeCredit and Faircash. They incurred a fine of Sh2.98 million for their unauthorized sharing of complainants’ contact details and names with third parties – an action that resulted in distressing messages along with unsolicited phone calls. The penalty not only underscores the importance for digital lenders to inform data subjects about their information collection processes but also serves as a stark reminder: all data handling must align precisely with the intentions and consent provided by these subjects; this is non-negotiable at graduate-level discourse within financial institutions.

The ODPC imposed a fine of Sh1.9 million on the popular establishment, Casa Vera Lounge, situated along Nairobi’s Ngong Road; they had posted an individual’s image on social media without securing consent: this was their offense. Through this decisive action — penalizing and making public knowledge of it — the intent is to deter other venues from committing similar violations by using patrons’ images without permission.

Uthiru’s educational institution, Roma School, incurred a hefty penalty of Sh4.6 million for its violation: posting pictures of minors without requisite parental consent; this significant sanction establishes an imperative precedent–underscoring the responsibility schools and facilities bear in handling children’s personal data to ensure that processing only occurs after obtaining due permission from their parents or guardians.

These actions by the ODPC not only carry a punitive aspect, but also serve as education: they emphasize the criticality of compliance with both–the Data Privacy Rights Act and the Data Protection Act. Both statutes are integral components to Kenya’s data privacy legislation; thus, their adherence underscores an essential practice in this realm.

Immaculate Kassait, the Data Commissioner, also urges data controllers and processors to ensure strict adherence to Act provisions during personal data processing. The Office of Data Protection Commission (ODPC), besides conducting compliance audits on numerous organizations including WhitePath – a digital credit provider – and Naivas Supermarkets in response to recent data breaches imposes additional penalties. Consequently: Through these audits’ results communication; it reinforces for respective controllers that prompt corrective action is indispensable – an essential step towards enhanced security measures against future breaches–a testament of their commitment towards protecting customer privacy rights with utmost diligence.

The ODPC looks ahead with ambitious plans: they aim to execute forty compliance audits on data controllers and processors across diverse sectors this financial year. This proactive strategy reflects Kenyan authorities’ steadfast commitment – not only towards safeguarding personal data but also towards enforcing individual privacy rights within organizations.


Please enter your comment!
Please enter your name here