| Authority: | ODPC - Kenya |
|---|---|
| Jurisdiction: | Kenya |
| Relevant law: | Section 29, 28 of the Data Protection Act, 2019; Article 31 of the Constitution of Kenya |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | 13 & 14 June 2023 |
| Decided: | 8 September 2023 |
| Published: | Yes |
| Fine: | N/A |
| Parties: | AnneSalome Wangari & Anor vs. Zerox Technology Company Ltd |
| Case No.: | 974, 988 & 1006 of 2023 |
| Appeal: | N/A |
| Original Source: | ODPC |
| Original contributor: | MZIZI Africa |
Zerox Technology Company Ltd (the “Respondent”), a digital credit provider, was found liable for violating the Applicants' rights by using their personal information to demand repayment of loans issued to third parties. The Applicants were neither aware of the collection of their data nor informed of its intended use.
Zerox Technology Company Ltd (the “Respondent”), a digital credit provider lender operating the name AsapCash separately sent multiple messages to the Applicants demanding that they repay loans taken by third parties either as guarantors or as persons known to those third parties.
The Respondent confirmed that none of the Applicants were beneficiaries of credit facilities from them but averred that their contacts were provided as alternate/referee/emergency contacts by the third parties/customers.
The Data Commissioner found that the Applicants contacts were not obtained from them directly, they were unaware of the colllection of their personal data and they were never informed of its intended use by the Respondent, which were in violation of the provisions of the data protection law.
The ODPC held that:
The full text of the ruling is available below.
Share blogs or news articles here!