Contents

1. Summary
   1. Facts
   2. Holding
2. Comment
3. Further resources
4. The Decision

Summary

Zerox Technology Company Limited (the “Respondent”) the proprietors of AsapCash, a digital lending product, were found to have violated the DPA,19 when they added the Complainant to a WhatsApp group created by the Respondent to fundraise monies to settle a third party’s outstanding loan notwithstanding that the Complainant didn't know that person and was not a party to the credit arrangement.

Facts

The Respondent is a digital credit provider operating a money lending product known as “Asap Cash”

The Complainant alleged that the Respondent created a fundraising WhatsApp group in respect of a third party who allegedly owed the firm money.

The Complainant was thereafter included in the chat as a participant notwithstanding that the third party was a stranger to the Complainant and the inclusion into the chat was done without his consent.

The Complainant provided screenshots of the WhatsApp group as proof.

The Respondent admitted the Complainants allegations but stated that the actions were taken by an employee without their authority, and disciplinary action was taken against the errant employee as a result. No proof of these actions was provided.

The ODPC found that there was a violation of the Complainant's rights under the Act, as the Respondent did not collect the personal data directly from the Complainant who was also not informed of the use to which his personal data was being put.

Additionally, it was found that the Respondent did not fulfill its obligations under the Act as a data controller and data processor. As a result, the complainant was found entitled to compensation under the Act for the damage suffered.

Holding

The ODPC held that:

• The Respondent was liable for infringement of the Complainant's rights and for violations of the DPA,19
• The Respondent to compensate the Complainant a token sum of KES.20,000/=