Outcry against digital leaders
Nairobi, Saturday, June 17, 2023
KNA by Jane Gicharu
Unlawful use of personal data by digital lenders has emerged as a key public concern during the on-going countrywide awareness programme on data protection that is being undertaken by the Office of Data Protection Commissioner (ODPC).
The sensitization is targeting data controllers and data processors in the counties and aims at ensuring that the personal data they collect from Kenyans is used for only the intended purpose.
Members of the public have lamented that digital lenders have illegally obtained their personal information and especially phone numbers which they use to lure them into taking unsolicited credit.
ODPC officials who were in Nyeri and Laikipia counties for this exercise however noted that while some of this data was obtained unlawfully from the data collectors and process, individuals who are referred to as data subjects have also been irresponsible and have provided their personal information without due diligence.
Mr. Boniface Wamai, a Data Protection Officer in charge of Registration advised data subjects to familiarize with ‘terms and conditions’ of digital lenders before taking loans.
“Some of you have allowed the creditors to access all your contacts and in the event of non-repayment, the lenders embark on harassment of these contacts.” he said.
He however noted that following numerous complaints from the public, ODPC was relooking at these terms and conditions to see if they are aligned to the provisions of the Data Act of 2019.
Compliance officer Ali Samow said that some digital lenders have already registered with ODPC and are willing to conduct their business in compliance with the law.
Data controllers and processors who suffer a data breach where personal information in their custody is lost have been asked to report to the Office of the Data Commissioner within 72 hours of the breach and to also inform the data subject of this development.
Personal data protection in Kenya is governed by the Data Protection Act of 2019. The Act gives effect to Article 31 (c) and (d) of the Constitution of Kenya that contains the right to privacy, which is a fundamental human right. It provides for the protection of personal data by requiring organisations to obtain consent from individuals before collecting, using, or disclosing their personal information.
The Office of the Data Commissioner is responsible for ensuring compliance with data protection laws in Kenya. ODPC officers said that part of their mandate was to engage with entities that collect and process personal data to enlighten them on their obligation and the need to comply with the Data Protection Act.
While those handling personal data are compelled by the law to protect this information, individuals have been urged to be mindful of the privacy of their own personal data by taking steps such as reading privacy policies of those they give their data to and being cautious about sharing personal information online.
Under the Act, data collectors and data processors are obligated to register with ODPC as the office has a mandate to regulate them. These entities are also required to undertake a Data Protection Impact Assessment (DPIA), which entails identifying possible data breaches and putting in place measures to mitigate these risks.
Courtesy ; K. N. A
What's Your Reaction?
