Mobile lender Mulla Pride Ltd has been slapped with a 2,975,000 shillings fine by the Office of the Data Protection Commission (ODPC) due to a privacy breach.
The Digital Credit Provider (DCP), which operates the KeCredit and Faircash mobile lending Apps, was found to have improperly utilized the names and contact information of individuals, which had been acquired from third-party sources.
According to a statement by the ODPC, the two apps owned by the mobile lender subsequently employed this information to send threatening messages and make phone calls to the borrower’s contacts.
“This penalty will ensure that Digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data,” the statement said.
The statement further emphasized that data protection is a fundamental responsibility for all data controllers and processors, and it should remain a top priority during the collection, processing, and storage of personal information.
ALSO READ: Casa Vera Lounge fined KSh 1.8M for using reveler’s photo
Moreover, the penalty aims to restrict data controllers to dealing exclusively with data subjects who have provided explicit consent for the collection and processing of their data, as stated by the ODPC.
According to section 72 of the Data Protection Act of 2019, a data controller who, without lawful justification, discloses personal data processed by the data processor without prior authorization from the data controller commits an offense.
In March 2022, the Central Bank of Kenya issued a ban on digital credit providers, their officers, or agents using obscene or profane language during debt collection interactions with customers or their contacts in order to prevent public humiliation.
This came as a result of a public outcry, with individuals sharing their documented experiences concerning the actions of these mobile lenders and appealing to the authorities to take action and rein them in.