The Office of the Data Protection Commissioner (ODPC) has issued three penalty notices to three Data Controllers for failing to observe Data Privacy Rights to data subjects and also not complying with the Data Protection Act.
Mulla Pride Ltd, a Digital Credit Provider (DCP) which operates KeCredit and Falcrash mobile lending Apps was the first Data Controller that received a penalty of Sh2, 975, 000 after it was found culpable of using names and contact information of the complainants which were obtained from third parties, and subsequently used to send threatening messages and phone calls.
“This Penalty will ensure that Digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data.” ODPC said in a statement.
Nairobi’s Casa Vera Lounge has been penalised Sh1,850,000 for using a reveler’s image without consent.
According to the Data Commissioner Immaculate Kassait, the popular club based along Ngong Road shared the reveler’s image on its social media pages.
Thirdly, Roma School, an educational institution based in Uthiru has been fined Sh4, 550, 000 for posting minors’ pictures without parental consent
The Commissioner said the heavy penalty will ensure that going forward, social joints will seek consent before using customer’s photos.
“The establishment was fined Sh1,850,000 for posting a reveller’s image on their social media platform without the Data Subject’s consent. This penalty seeks to ensure that other lounges, clubs seek consent from their customers prior to posting.” Kassait said in a statement to newsrooms.
“It will further ensure that the data controllers are limited to strictly dealing with data subjects who have consented to the collection and processing of their data.” The notice added.