| Authority: | ODPC - Kenya |
|---|---|
| Jurisdiction: | Kenya |
| Relevant law: | Section 2, 26 of the Data Protection Act, 2019 |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | 29 March 2023, 25 & 26 May 2023. |
| Decided: | 26 June 2023 |
| Published: | N/A |
| Fine: | N/A |
| Parties: | Shillah TMK & 2 Others vs. Platinum Credit Ltd |
| Case No.: | 0456 of 2023, 0862 of 2023 and 0868 of 2023 |
| Appeal: | N/A |
| Original Source: | ODPC |
| Original contributor: | MZIZI Africa |
A lender who unleashed a barrage of promotional messages to unimpressed members of the public, against its own data protection policies was found liable for breaching the DPA19.
Platinum Credit Ltd (the “Respondent”) acquired the contact details of the Complainants through its Web and other assets, and subjected them to a constant barrage of promotional messaging inviting them to participate in the Respondent company’s product offerings. The Complainants became frustrated with the incessant messages and requested the Respondent to cease all further communication to no avail, prompting the filing of the complaint.
The Respondent did not provide specific responces to each of the complaints filed against it notwithstanding the ODPC's request to do so. The Respondent instead limited its responce to outlining its existing data governance practices.
The ODPC held that the Respondent violated the DPA19 by failing to implement its data protection policies, frameworks, procedures and plans. An enforcement notice to issue.
The full text of the ruling is available below.
Share blogs or news articles here!