| Authority: | ODPC - Kenya |
|---|---|
| Jurisdiction: | Kenya |
| Relevant law: | Section 25(a)(b), 26(a), 28(1), 29, 30, 32, 41 of the Data Protection Act, 2019; Article 31 of the Constitution of Kenya |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | 6 January 2024 |
| Decided: | 4 April 2024 |
| Published: | Yes |
| Fine: | KES.500,000/= |
| Parties: | Jane Njambi vs. Creditwatch Investment Ltd |
| Case No.: | 0018 of 2024 |
| Appeal: | N/A |
| Original Source: | ODPC |
| Original contributor: | MZIZI Africa |
Creditwatch Investments Ltd (the “Respondent”), a digital credit provider and proprietorof CloudLoan, was found liable for violating the Applicants' rights by using their personal information to demand repayment of loans issued to a third party. The Applicants were neither aware of the collection of their data nor informed of its intended use.
Creditwatch Investments Ltd (the “Respondent”), a digital credit provider lender operating the name CloudLoan sent multiple messages to the Complainant demanding that she repays a loan taken by a third party allegedly as an emergency contact.
The Respondent confirmed that the Applicant was not a beneficiary of credit facilities from the Respondent but averred that their contacts were provided as alternate/emergency contacts by the third parties/customers when they accessed the facility.
The Complainant averred that she continued to receive various harassing messages from diverse employees of the Respondents which continued until the date of the complaint, and despite her request for them to stop.
The Respondent averred that they were in the process of improving their data practices and training their staff on data protection.
The Data Commissioner found that the Complainant's contact was not obtained from her directly, she was unaware of the collection of her personal data and she was never informed of its intended use by the Respondent, which were in violation of the provisions of the data protection law.
The ODPC held that: