Senators demand audit of Safaricom, Airtel over claims of data sharing with security agencies
The legislators are calling for a comprehensive audit of all data access requests made to Safaricom and Airtel Kenya since 2020, including details on how many were approved and whether each was backed by a court order.
Senators are demanding answers over how telecommunication companies share subscriber data with security agencies, raising concerns about potential violations of privacy rights.
The legislators are now calling for a comprehensive audit of all data access requests made to Safaricom and Airtel Kenya since 2020.
More To Read
- Safaricom enables direct PayPal withdrawals via M-Pesa app for Kenyan users
- Safaricom ordered to pay Sh55 million to 17 ex-employees for unfair dismissal
- Airtel subscriber numbers surge by three million in three months
- Court upholds freeze on Safaricom's Bonga points expiry
- Safaricom Ethiopia hits 10 million active users, driving digital growth after Sh281 billion investment
- CA cracks down on landlords blocking internet providers in estates
They want details on how many of those requests were approved and whether each was accompanied by a court order.
Marsabit Senator Mohamed Chute, while seeking a statement from the Senate Standing Committee on Information, Communication and Technology, questioned the legal and procedural frameworks that guide access to subscriber data by security agencies.
In his statement, Senator Chute asked whether such data sharing requires a court order or any statutory authorisation, and what laws currently govern the process.
He further urged Trans-Nzoia Senator Allan Chesang, who chairs the ICT Committee, to obtain and present data on the number and nature of access requests submitted to Safaricom PLC and Airtel Kenya Ltd by security agencies, how many were granted, and the legal basis for their approval.
Chute also sought clarity on whether the Office of the Data Protection Commissioner (ODPC) has investigated any incidents of unlawful data sharing, either due to public concern or on its own initiative.
Enforcement actions
“The role of the Communications Authority of Kenya (CA) and other government agencies in ensuring lawful and responsible access and use of subscriber data must be clearly defined. The Committee should report to this House details on any enforcement actions taken against a telecommunication service provider for data breach or non-compliance,” he said.
The committee is now expected to probe the matter and report back to the Senate with its findings, including what safeguards exist to prevent unauthorised access or misuse of subscriber information, especially in the face of advancing surveillance technologies.
Safaricom has come under public scrutiny multiple times over concerns that it is sharing customer data with security agencies linked to increasing cases of abductions across the country.
Location tracking
Responding to the criticism, the telco clarified that call data records (CDRs) are not used for real-time location tracking but are instead generated after a call ends, mainly for billing purposes.
“We respect our customers’ privacy and strictly adhere to Kenya’s data protection laws. We only share customer data when required by a court order,” Safaricom said last year.
Following a media report alleging that the company provides real-time location data to security agencies such as the Directorate of Criminal Investigations (DCI) without proper legal authorisation, Safaricom reassured customers of its transparency and commitment to data privacy.
The company also highlighted its recent certification under the ISO 27701 Privacy Information Management System (PIMS) from the British Standards Institute (BSI), which affirms that its IT systems are secure and protected from unauthorised access.
Top Stories Today
