Whitepath Company Limited has been Sh5 million by the Office of the Data Protection Commissioner for violating the data protection law.
The digital lender is said to have disregarded the enforcement notification dated January 10.
The data commissioner said that the lender irregularly acquired phone numbers from their clients’ phonebooks and continued to harass them.
“The ODPC received close to 150 complaints against Whitepath alleging that their applications have accessed their mobile phone contacts and are sending unwarranted and unsolicited text messages to the said contacts,” said ODPC in a statement.
“Whitepath will have to pay the ODPC a penalty of Sh5 million pursuant to Section 63 of the Data Protection Act, and Regulation 20 of the Data Protection (Complaints Handling Procedure and Enforcement).”
Regus Kenya, a company that typically deals with co-working spaces in Nairobi, has also been fined the same amount.
Regus Kenya, according to the ODPC, was unresponsive to a Notification of Complaint issued on October 27, 2022.
It was accused of repeatedly bombarding the complainant with automated, inappropriate information despite requests for the respondent to stop.
Commissioner Immaculate Kassait stated that when a corporation collects, processes, or stores personal information, it is the duty of every data controller and processor to ensure that the information is protected.
“I challenge businesses to protect personal data by design and by default and cooperate with the ODPC to avoid penalties,” she said.