The Office of the Data Protection Commissioner (OPDC) on Tuesday fined 3 businesses Ksh9 million for data privacy violations.
In a statement, the agency announced the 3 institutions, a private school, a digital credit provider and a nightclub were all fined various amounts for different violations.
“The Office of the Data Protection Commissioner (ODPC) has issued three Penalty Notices to three Data Controllers for failing to observe Data Privacy Rights to Data Subjects and also not complying with the Data Protection Act,” read the statement.
The school was fined Ksh4.5 million for posting a minor's pictures on its social media platforms without consent from the parents.
The digital credit provider was fined Ksh3 million for using the names and contact names of the complainants obtained from third parties.
The night club based in Ngong road, Nairobi was fined Ksh1.9 million for posting a reveler's image on their social media platforms without their consent.
According to the agency, the Ksh4.5 million penalty dished out to the private school is the highest slapped on an educational institution. The agency affirmed the position that the fine will serve as a warning to other institutions against sharing data without consent.
In the same vein, the agency revealed that the digital lending company used the data mined from its customer to send threatening messages and phone calls.
"This Penalty will ensure that Digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data." the agency said in the statement.
The Commission also noted that it had conducted a compliance audit on another digital credit provider with respect to recent allegations of data privacy violation.
The Data Commissioner Immaculate Kassait called upon all institutions handling data to adhere to the provisions of the Data Protection Act, 2019.
