Safaricom denies allegations of sharing customer data without consent

By Robert Mutasi 

After an exposé by the Daily Nation, Safaricom has come out strongly to deny it shares sensitive customer data like CDRs with security agencies without oversight. 

The exposé said Kenyan telecom companies grant unfettered access to such information to enable authorities to track individuals-a move that breaches the right to privacy as enshrined in the law, according to privacy advocates.

In a statement explaining the matter, Safaricom assured its customers of its commitment to their privacy, indicating that it discloses customer data only when taken to court and ordered to do so. 

"We don't share any customer data unless required explicitly of us by way of a court order," said the company. 

The response by Safaricom was meant to ensure the general public that access to customer records is consolidated and pegged on due course of law.

The company further elucidated how CDRs work, saying these records offer no live locations, but they are generated for billing purposes only.

"A customer's Call Data Record (CDR) does not show any live location and movements of customers. It is generated after a call is terminated and for text messages once they are sent or received," Safaricom said.

This explanation clarified one of the most important allegations in the Daily Nation report-that telephone companies might be capable of tracking people's movements in real-time.

Safaricom also referred to its numerous, long-standing efforts toward securing customer data-including a 2012 deal with Neural Technologies.

The deal facilitated the launch of a Fraud Management System aimed at picking out and blocking scam deals involving Safaricom's services, including its popular mobile money transfer system, M-Pesa.

"Neural Technologies is a global brand operating in over 30 countries, providing support to telcos and utility companies in preventing and detecting fraud with no third-party access," the company said.

As an added layer of data protection, Safaricom reported its attainment of the ISO 27001 certification-the highest standard for privacy information systems management.

It was an assurance that "This certification is a testimony to our commitment to preserve our customer privacy and provide a worry-free experience on our network," emphasized Safaricom.

Safaricom reiterated in its last statements: "We have always been transparent and candid in the way we deal with our stakeholders and shall continue to be so to maintain the trust we have garnered over time."

Debate was stirred by a recent report by the Daily Nation detailing Safaricom's response on the balance between security interest for the nation and privacy rights for individuals in Kenya. 

The incident also raises wider implications for privacy safeguards in an age when data is becoming one of the most valuable assets and has underlined stringent data protection policies in the telecommunications sector.