Safaricom under fire as Senators demand answers on alleged data breaches

Safaricom is facing a probe from Kenyan lawmakers who allege that the telecommunications giant has breached subscriber privacy and enabled state surveillance.

Accusations emerged during a heated Senate session this week, with the lawmakers questioning Safaricom's potential role in recent incidents of citizen abductions.

The debate centres on whether the company shares subscriber data with government agencies without consent.

Migori Senator Eddy Oketch, who raised the issue in the Senate, called on Safaricom to clarify whether it has an agreement with the government for data sharing and, if so, whether subscribers are informed.

Oketch urged the Senate's ICT Committee to determine if Safaricom's data collection practices such as tracking location and monitoring calls are essential for its operations or if they exceed requirements placed on other telecom providers.

He also raised concerns about subscriber data security, given that an international company, Neural Technologies, handles SIM installations for Safaricom.

The Senate's ICT Committee, led by Trans Nzoia Senator Allan Chesang', is now tasked with reviewing Safaricom's data management practices.

Senators during a recent session. (Photo: Senate)

They plan to assess the company's agreement with Neural Technologies and investigate potential safeguards to protect subscriber data from unauthorized third-party access.

"We want the committee to explain why subscriber data is readily accessible to government agencies for tracking suspects but not for tracing stolen phones," Senator Oketch said.

He also questioned the surge in data breach complaints associated with Safaricom compared to other service providers.

Other senators voiced concerns about data privacy. Busia Senator Okiya Omtatah urged the government to take data protection seriously, warning of the implications of mishandling personal information.

"Data privacy is a life-and-death matter. Our information cannot be handled recklessly. Safaricom is accused of aiding state agents in tracking and abducting citizens, yet no response has been given," Omtatah said.

He called for transparency around the tracking mechanisms employed by the telco and condemned unauthorised government surveillance.

Nandi Senator Samson Cherargei also criticised Safaricom, stating that the company's practices potentially infringe on constitutional privacy rights.

"What Safaricom is doing is illegal and unconstitutional, and it should be punished," he said.

Concerns over data management by foreign companies also arose.

Narok Senator Ledama Olekina questioned Safaricom's transparency regarding Neural Technologies' involvement in managing Kenyan subscriber data.

He pointed out that data collection practices, such as recording ID numbers when registering SIM cards or sending money, could expose citizens to risks like identity theft and fraud.

"This practice, where ID numbers are written in logbooks, could lead to their misuse, especially in elections or fraudulent activities," Olekina said.

Senator Godfrey Osotsi of Vihiga proposed a revision of Kenya's Data Protection Act to align with international standards, such as the General Data Protection Regulations (GDPR).

He argued that the current data protection law lacks sufficient security, accountability, and confidentiality standards to safeguard citizen information effectively.

Osotsi also suggested that the Office of the Data Protection Commissioner should be made independent and staffed with professionals trained in IT rather than solely in law.

"It's time we prioritised professionals with expertise in data privacy to oversee this critical area," he noted.