![The ODPC disclosed that it had received around 150 complaints relating to Whitepath and its unethical practices. [Photo/ BBC]](https://businesstoday.co.ke/wp-content/plugins/phastpress/phast.php/c2VydmljZT1pbWFnZXMmc3JjPWh0dHBzJTNBJTJGJTJGYnVzaW5lc3N0b2RheS5jby5rZSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMyUyRjA0JTJGMTIwNDk4MTc0X2dldHR5aW1hZ2VzLTkyNjY1MzI3OF85NzY1NDkuanBnJmNhY2hlTWFya2VyPTE2ODEyODM4MzktNTAyNzgmdG9rZW49YjY4ZjhkY2VkMTQzNDQ1Nw.q.jpg "_120498174_gettyimages-926653278_976549")
The Office of the Data Protection Commissioner has hit digital credit companies Whitepath Company Limited and office space provider Regus Kenya with penalties of Ksh5 million each over their misuse of customer data. Whitepath operates loan applications including Sky Pesa, Instar Cash and Zuri Cash, and has been on the spot over debt-shaming – spamming borrowers’ contacts with messages and phone calls to shame them into paying.
The ODPC disclosed that it had received around 150 complaints relating to Whitepath and its unethical practices.
Whitepath and Regus have been ordered to pay Ksh5 million each, in line with Section 63 of the Data Protection Act, and Regulation 20 of the Data Protection Complaints Handling Procedure and Enforcement.
“The ODPC received close to 150 complaints against Whitepath alleging that their applications have accessed their mobile phone contacts and are sending unwarranted and unsolicited text messages to their contacts. Additionally, the Whitepath staff have been harassing the complainants and their contacts irregularly obtained from the complainant’s phone books. On the other hand, the complaint against Regus alleged frequent spamming of automated improper information to the complainant despite attempts to make the respondents stop,” a statement from the ODPC confirmed.
Loan applications in Kenya have come under scrutiny for their misuse of customer data, particularly their tendency to access contacts in user phone books. Earlier this month, Google announced upcoming policy updates barring applications accessing user contacts and photos from its Play store.
The company’s updated personal loans policy states that apps aiming to provide or facilitate personal loans may not access user contacts or photos. The changes will take effect on May 31, 2023.
Google had previously announced that it would no longer allow loan apps without proof of licensing from the Central Bank of Kenya (CBK) on its app store. The Central Bank of Kenya (Amendment) Act, which came into effect in December 2021, brought all digital lenders under the supervision of the apex bank – with tough new regulations introduced to rein in the industry.
Commenting on the penalties against Whitepath and Regus, Data Commissioner Immaculate Kassait stated: “Data protection is the responsibility of every data controller and processor and it must be the company’s top priority whenever they collect, process or store personal information. I challenge businesses to protect personal data by design and by default and cooperate with the ODPC to avoid penalties.”
NEXT>Zimele: David Ndii’s Multi-Million Wealth Management Business
