The Office of the Data Protection Commissioner (ODPC) has slapped three data controllers for failing to observe data privacy rights and failure to comply with the Data Protection Act.
The three data controllers have been penalized Ksh9,375,000 in total for the data breach.
Popular restaurant Casa Vera Lounge has been fined Ksh1,850,000 for failing to comply with data privacy rights.
The Ngong-road-based restaurant, according to the ODPC, posted images of revelers on its social media platforms without seeking consent from the revelers.
“This Penalty seeks to ensure that other lounges, clubs etc. seek consent from their customers prior to posting their images online,” warned Data Commissioner Immaculate Kassait.
Roma School in Uthiru has also been fined a whooping Ksh4,550,000 for posting photos of its pupils who are minors without first seeking consent from their parents.
This is the first education institution to be slapped with a fine by the ODPC and the highest fine an institution of learning has received.
The OPDC has sent a stern warning to schools to first obtain permission from parents especially when dealing with minors before flashing their images on social media.
Digital Credit Provider (DCP) Mulla Pride Ltd which operates KeCredit and Faircash mobile lending Applications has also been penalized Ksh2,975,000 for sharing the names and contact details of its customers with third parties.
After receiving the details from the mobile lender, the third parties then reached out to the customers with threatening messages and calls.
“This Penalty will ensure that Digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data,” stated ODPC.
“It will further ensure that the data controllers are limited to strictly dealing with data subjects who have consented to the collection and processing of their data.”
The penalties have been issued under Sections 62 and 63 of the Data Protection Act, 2019 (Act) and Regulations 20 and 21 of the Data Protection (Complaints Handling Procedure and
Enforcement) Regulations, 2021.
Data Commissioner Immaculate Kassait has further called upon Data Controllers and Data Processors to ensure that the processing of personal data is in accordance with the provision of the Act.
Some clubs and restaurants are notorious for flashing images of their clients on social media as content for their pages and also for marketing purposes.
The trend is also common in most city churches as they flood images of their congregants on social media during their services.