| Authority: | ODPC - Kenya |
|---|---|
| Jurisdiction: | Kenya |
| Relevant law: | Section 25(4), 26, 61 of the Data Protection Act, 2019; Article 31 of the Constitution of Kenya |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | 22 February 2024 |
| Decided: | 21 May 2024 |
| Published: | Yes |
| Fine: | N/A |
| Parties: | Eric Kariuki vs. Ceres Tech Ltd t/a Lemon Cash |
| Case No.: | 318 of 2024 |
| Appeal: | N/A |
| Original Source: | ODPC |
| Original contributor: | MZIZI Africa |
Ceres Tech Limited (the “Respondent”) was found not liable for breaching the Data Protection Act 2019. It could not be proven that they contacted the Complainant regarding a loan for which he did not consent to be listed as a guarantor or emergency contact. However, the organization was found liable for obstruction of justice for withholding access to their system.
Eric Kariuki (the “Complainant”) lodged a complaint with the ODPC against Ceres Tech Limited, a digital credit provider that lends money to its customers through its mobile application ‘Lemon Cash’.
The Complainant alleged that he has been receiving calls from the Respondent or its agents in respect of a loan allegedly taken by a third party from the Respondent who had since defaulted on its repayment.
The Respondent denied contacting the Complainant regarding the loan or at all and offered the ODPC access to its systems for verification.
However, on the day slated for a review of the Respondent's systems, the ODPC was only granted access to the front end of the Respondent's system but not the back end and they could not therefore verify or discharge the Complainant's allegations.
The ODPC found that the Complainant could not prove that the calls he received did not emanate from the Respondent.
The ODPC held that:
The full text of the ruling is available below.