Human rights groups slam telcos over alleged data sharing with security agencies

The Kenya Commission of Human Rights and Independent Medico-Legal Unit on Thursday called out Safaricom and other telecommunications companies over the alleged sharing of data in a manner that has compromised the security of Kenyans.

The Davis Malombe-led human rights lobby has accused Safaricom and other telcos of giving out contacts and locations of persons who are a target of harassment, abductions and forced disappearances.

"Safaricom and other telecommunications companies must immediately cease unlawful data-sharing practices. We demand an independent audit of corporate compliance with data protection laws and sanctions for violations," wrote the lobby in a statement obtained by The Eastleigh Voice.

The two organisations want the immediate release of all individuals abducted and the disclosure of their whereabouts. They too expect the disbandment of rogue police units involved in unlawful arrests, enforced disappearances, and extrajudicial killings.

"We call for immediate and transparent investigations into all cases of enforced disappearances, extrajudicial killings, and police brutality. Culpable security officers and government officials must be prosecuted for these human rights violations, and families of the victims and survivors must be compensated," noted the lobbies.

The list of their numerous demands also calls for the resignation of officials implicated in illegal activities, including President William Ruto, if their leadership cannot achieve accountability. They also want Ruto's administration to cease cooperation with foreign governments in abducting or deporting opposition figures and activists without due process.

"We call for urgent support for all victims of atrocities committed by state officers, including compensation and rehabilitation, to ensure justice, healing, and restoration of their dignity," they added.

A month ago, KHRC and Muslims for Human Rights (MUHURI), wrote to Safaricom demanding an explanation over allegations that the telco has for years facilitated security agencies' access to customers' private data.

The groups claim this access has been instrumental in tracking and apprehending suspects, often under questionable circumstances.

In their letter to Fred Waithaka, Safaricom's Head of Regulatory and Public Policy, the lobby groups referenced a detailed investigation by the Daily Nation published in late October.

The report accused the telecommunications giant of engaging in unconstitutional practices that potentially violate the privacy rights of its customers.

"Disturbing allegations"

KHRC and MUHURI raised seven "disturbing allegations" stemming from the Daily Nation investigation.

Among these is the claim that Safaricom allows police officers, attached to its Law Enforcement Liaison Office, to handle call data records (CDRs).

The groups argue this creates a conflict of interest, as the same officers are allegedly implicated in crimes such as enforced disappearances, renditions, and extrajudicial killings.

"This poses a serious conflict of interest by offering officers of the accused security forces an opportunity to handle the data and conceal evidence of state crime, as well as the fate of the victim," reads the letter dated November 14, 2024.

The groups also question whether Safaricom certified manipulated or falsified CDRs as authentic and whether the telco shared these records in response to court orders involving suspected state-enforced disappearances.

Further allegations include Safaricom's purported refusal to release data vital for investigating state crimes, despite court orders. They also accuse the company of granting routine access to consumer data without legal approval, facilitating the tracking and apprehension of individuals.

The advocacy groups alleged that Safaricom, in collaboration with Neural Technologies Limited, developed software that grants security agencies predictive and pre-emptive profiling capabilities.

This, they argue, constitutes invasive breaches of privacy and potentially violates constitutional provisions and Kenya's Data Protection Act, 2019. Additionally, KHRC and MUHURI claimed that Safaricom retained "old" customer data, previously declared deleted, which could have been useful in investigating state crimes.

The groups urged Safaricom to address the allegations swiftly and clarify steps it is taking to prevent unlawful use of customer data.

"KHRC and MUHURI urge you to address the substance of the allegations with haste and clarify what steps Safaricom will take to ensure that its data is not used unlawfully, whether by Safaricom staff, Kenyan security forces, or any other third party," the letter, signed by KHRC Executive Director Davis Malombe, stated.

While Safaricom issued a public statement on October 31, 2024, denying the claims, KHRC and MUHURI said the company failed to adequately address the findings presented in the investigation.