DEBT RECOVERY -vis-à-vis- DATA PROTECTION
March 20, 2025DEBT RECOVERY -vis-à-vis- DATA PROTECTION Part 1C
March 20, 2025DEBT RECOVERY -vis-à-vis- DATA PROTECTION Part 1B
Author
Joy Ruguru Kabuchoru
Yet the year is still young, so we may say, the scope of Data Protection in Kenya as an emerging jurisprudence is still evolving. Recently, actually on the 19 th day of November 2024, marked five years after the enactment of the Kenya’s Data Protection Act.
Despite this fact, it is evident that the rope in terms of awareness and enforcement of the provisions of the 2019, Data Protection Act is still loose. Mobile lenders are on the for front in breaching the provisions of the said Act.
I bet you are still wondering why this article is as ‘legal insight 1b.’ Worry not as the reason is that the data processors or the data controllers in the legal insight 1a are yet again liable for the breach of personal data. This begs the big question in the room:-
The striking issues are:-
- on the awareness and the enforcement of the Data Protection Act, 2019; and/or
- comprehensiveness of the Data Protection Act, 2019 in curbing the breach of personal data.understood the privacy policy and accept all of the terms. Particularly consenting to the borrower collecting, using, storing, transferring, or otherwise processing their personal information.
The same data processors or data processors or data controllers in legal insight 1a were recently found liable for the breach of personal data as they were ordered to pay Kshs. 250,000/= as compensation. The breach of personal data arose as the data processor or the data controller harassed a data subject in loan recovery efforts. The claim was that in several occasions, the data processor or the data controller called the data subject regarding a loan that data subject had been listed as a guarantor without his consent.
The key concerns of the complainant revolved around issues to do with:-
- how the data processor or data controller had obtained his name and contact information; and
- the reason as to why he was not notified during the loan application process to seek his consent before the personal data could be processed.
From the foregoing information, the data processor or the data subject breached Section 26 of the Data Protection Act, 2019 which provided on the right to be informed of the use to which the data subject’s personal data is to be put. The data processor or the data controller was in breach of Section 32 of the Data Protection Act, as it failed to establish any lawful basis for processing the data subjects’ data as he had not consented to be a guarantor.
In conclusion, found in such predicament and you wish to pursue a legal claim. Don’t look any
further, you are in the right hands, just contact us.
