The Office of the Data Protection Commissioner (ODPC) on Tuesday, April 11, issued penalty notices to two mobile lending apps for breaching operation rules.
According to the ODPC, the money lending apps violated the policies stipulated under the Data Protection Act.
"Each company is required to pay the ODPC a penalty of Ksh5 million pursuant to Section 63 of the Data Protection Act and Regulation 20 (Complaints Handling Procedure and Enforcement)," the letter read in part.
One of the companies failed to comply with the ODPC's enforcement notice dated January 10 over violation of data policy.
In addition, the agency received several complaints of data violation against the loan service app and harassing their clients as well as their contacts.
"The ODPC received 150 complaints against the company alleging that their application accessed their mobile phone contacts and sent unwarranted and unsolicited text messages to said contacts," the letter read in part.
On the other hand, the second firm was deemed non-cooperative and failed to respond to a notification of Complaint issued in October 2022 and a subsequent reminder in November 2022.
The company then ignored an Enforcement Notice on February 16. ODPC claimed that the app sent multiple messages to clients.
"The complaint against the second firm alleged frequent spamming of automated improper information to the complainant despite attempts to make the respondents stop," the ODPC noted.
Meanwhile, the firm issued an enforcement notice to another company for publishing a personal photo on a company catalog ad calendar for marketing purposes.
Data Commissioner Immaculate Kassait reiterated that data protection was the responsibility of every data controller and processor and must be a top priority for all firms handling data.
Kassit challenged businesses to protect personal data by design and by default and adhere to the laid out rules.
