Nairobi — The Office of the Data Protection Commission (ODPC) has launched investigations on 40 Digital Credit Providers for misuse of personal data.
The ODPC said it launched investigations following complaints from members of the public on the safety of their data.
"The ODPC wishes to notify the public that it is conducting preliminary documentary assessment and audit on 40 Digital Credit Providers (DCPs) whose practices regarding the processing of personal data has been raised to the Data Commissioner as complaints by various members of the public," it said in a statement.
The digital lenders under investigation are Branch, Tala, APESA, ASAPKASH, Cash Sea, Collectplus, Coopesa, Credit Kes, Credit Moja, Deltech Capital Limited, DIRECT CASH, Fairkash.
Others are Flashpesa, Flexi Cash, Hela Credit, Hikash, IKASH Connect, INSTARCASH, IPESA, KASH LOAN, KASHBEAN, KASHPLUS, KASHWAY, KESLOAN, LEMON KASH, Lioncash, M-CREDIT, METALOAN, Mokash, PAPCASH, POCKET CASH, PREMIER CREDIT LTD, ROCKET PESA, Senti, Skypesa, Wakanda Credit, Zash loan, Zenka Digital Limited and Zuri Cash.
As of September 30, the ODPC said it had received 1,030 complaints, the office admitted 555 of these cases including 299 which were on Digital Lenders, representing 54 percent of all cases admitted.
The Data Protection (Complaints Handling and Enforcement Procedures) regulations, 2021 took effect on February 2022 paving way for data subjects to file complaints and report data breaches to the Data Commissioner.
During the audit process, the aforementioned DCPs will be required to provide this Office with requisite documents by October 18, 2022 failure to which they will be deemed to have failed to cooperate with the Office which is an offence under Section 61 of the Act.
Sign up for free AllAfrica Newsletters
Get the latest in African news delivered straight to your inbox
The ODPC noted that it has already issued an enforcement notice against Aga Khan University Hospital (the "Hospital") following a breach of Kenya's Data Protection Laws.
A complaint was raised by a patient to the Data Commissioner that after visiting the Hospital, a staff later inappropriately contacted the complainant contrary to Sections 25, 41 and 46 of the Data Protection Act, 2019. (The Act).
"In exercise of the Powers of the ODPC, the Data Commissioner directed the Hospital to outline specific measures it will take to mitigate or eliminate the breach/ contravention and to rectify and/or put in place structures within which the measures shall be implemented within 30 days," it said.
Pursuant to Section 58(3) of the Data Protection Act, 2019, any person who, without reasonable excuse, fails to comply with an enforcement notice commits an offence and is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both.
Data Commissioner, Immaculate Kassait MBS has reiterated ODPC's commitment to protect personal data and enforce compliance in the event of a breach of the laws.
"This is just one among many other complaints being investigated by the office. We want to assure the public that the complaints received will be investigated and concluded accordingly. All aggrieved members of the public are encouraged to continue sending their complaints via https://www.odpc.go.ke/file-a-complaint," she said.
