ODPC Fines Two Firms For Breaching Data Laws
The Office of the Data Protection Commissioner (ODPC) has slapped Whitepath Limited and Regus Kenya each with a fine of $37,369 for breaching data protection laws.
Whitepath reportedly failed to comply with the ODPC enforcement notice issued on January 10th, 2023, while Regus Kenya was non-cooperative and failed to respond to a notification of complaint dated October 27th, 2022, a reminder to the notification of the complaint dated November 11th, 2022, and an enforcement notice dated 16th February 2023.
In a notice, ODPC said it received close to 150 complaints against Whitepath alleging that their applications have accessed their mobile phone contacts and are sending unwarranted and unsolicited text messages to the said contacts irregularly obtained from the complainant’s phone book.
The complaint against Regus, on the other hand, alleged frequent spamming of automated improper information to the complainant despite attempts to make the respondent stop.
According to the notice, each company is required to pay the ODPC a penalty of $37,369 pursuant to Section 63 of the Data Protection Act and Regulation 20 of the Data Protection (Complaints Handling Procedure and Enforcement).
Additionally, ODPC issued an enforcement notice to Ecological Industries Limited due to non-cooperation with several notifications of a complaint launched on January 25th, 2023, and a remainder on 15th February 2023 against them for publishing of a personal photo on a company catalogue and calendar for marketing purposes. Failure to comply with the enforcement notice within the stipulated time, ODPC says the company with be faced with a penalty notice.
Speaking on the notices, Immaculate Kassait, the Data Commissioner said, “Data protection is the responsibility of every data controller and processor, and it must be the company’s top priority whenever they collect, process or store personal information. I challenge businesses to protect personal data by design and by default and cooperate with the ODPC to avoid penalties.”
Section 63 of the Data Protection Act stipulates the maximum amount of the penalty that may be imposed by the Data Commissioner in a penalty notice is up to $37,369 or in the case of an undertaking, up to one per centum of its annual turnover of the preceding financial year, whichever is lower.
The complaints against Whitepath point to a growing concern among the public over the debt collection harassment by loan app companies. Customers have reported being harassed by uncouth loan company agents who call them and their contacts incessantly in a bid to force them to pay loans.
Due to the growing concern, Google announced last week said it would from May 31 prohibit loan apps from accessing user contacts, external storage, images, videos, contacts, the exact location, and call records.