BUSINESSECONOMY

Data Commissioner Hits Loan Apps With Ksh5 Million Fine

Share
The ODPC disclosed that it had received around 150 complaints relating to Whitepath and its unethical practices. [Photo/ BBC]
The ODPC disclosed that it had received around 150 complaints relating to Whitepath and its unethical practices. [Photo/ BBC]
Share

The Office of the Data Protection Commissioner has hit digital credit companies Whitepath Company Limited and office space provider Regus Kenya with penalties of Ksh5 million each over their misuse of customer data. Whitepath operates loan applications including Sky Pesa, Instar Cash and Zuri Cash, and has been on the spot over debt-shaming – spamming borrowers’ contacts with messages and phone calls to shame them into paying.

The ODPC disclosed that it had received around 150 complaints relating to Whitepath and its unethical practices.

Whitepath and Regus have been ordered to pay Ksh5 million each, in line with Section 63 of the Data Protection Act, and Regulation 20 of the Data Protection Complaints Handling Procedure and Enforcement.

“The ODPC received close to 150 complaints against Whitepath alleging that their applications have accessed their mobile phone contacts and are sending unwarranted and unsolicited text messages to their contacts. Additionally, the Whitepath staff have been harassing the complainants and their contacts irregularly obtained from the complainant’s phone books. On the other hand, the complaint against Regus alleged frequent spamming of automated improper information to the complainant despite attempts to make the respondents stop,” a statement from the ODPC confirmed.

Loan applications in Kenya have come under scrutiny for their misuse of customer data, particularly their tendency to access contacts in user phone books. Earlier this month, Google announced upcoming policy updates barring applications accessing user contacts and photos from its Play store.

The company’s updated personal loans policy states that apps aiming to provide or facilitate personal loans may not access user contacts or photos. The changes will take effect on May 31, 2023.

Google had previously announced that it would no longer allow loan apps without proof of licensing from the Central Bank of Kenya (CBK) on its app store. The Central Bank of Kenya (Amendment) Act, which came into effect in December 2021, brought all digital lenders under the supervision of the apex bank – with tough new regulations introduced to rein in the industry.

Commenting on the penalties against Whitepath and Regus, Data Commissioner Immaculate Kassait stated: “Data protection is the responsibility of every data controller and processor and it must be the company’s top priority whenever they collect, process or store personal information. I challenge businesses to protect personal data by design and by default and cooperate with the ODPC to avoid penalties.”

NEXT>Zimele: David Ndii’s Multi-Million Wealth Management Business

Written by
BUSINESS TODAY -

editor [at] businesstoday.co.ke

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Related Articles
FanisiTech Beverage Awards
BUSINESS

FanisiTech Ranked Top Beverage Sales Automation Company

FanisiTech Limited has been recognised as the First Runners-Up in the "Most...

Kakamega High Court
BUSINESS

High Court Issues Fresh Orders on Truck in Tax Evasion Case

The High Court sitting in Kakamega on 11th December reversed an order...

EPRA Renewable energy in kenya
ECONOMY

EPRA Given New Green Certification Role by Global Renewable Energy Agency 

The International Tracking Standard Foundation (I-TRACK Foundation) Board has appointed  Energy and...

Flutterwave awards and recognitions
BUSINESSTECHNOLOGY

Payments Technology Firm Flutterwave Listed in ‘Brands That Matter’

Flutterwave, Africa’s leading payment technology company, has been included in Fast Company’s...