Lobby groups accuse Safaricom of data breach, call for accountability
By Maureen Kinyanjui |
While Safaricom issued a public statement on October 31, 2024, denying the claims, KHRC and MUHURI said the company failed to adequately address the findings presented in the investigation.
Two lobby groups, the Kenya Human Rights Commission (KHRC) and Muslims for Human Rights (MUHURI), have written to Safaricom demanding an explanation over allegations that the telco has for years facilitated security agencies' access to customers' private data.
The groups claim this access has been instrumental in tracking and apprehending suspects, often under questionable circumstances.
Keep reading
- Kenyans ditch bank cards in favour of cash and mobile payments - report
- Sh3.2 billion lie dormant in M-Pesa accounts as Kenyans fail to reclaim their wealth
- Kenya classified as 'repressed' due to police brutality during Gen Z protests
- Church leaders call for national convention to address Kenya's challenges
In their letter to Fred Waithaka, Safaricom's Head of Regulatory and Public Policy, the lobby groups referenced a detailed investigation by the Daily Nation published in late October.
The report accused the telecommunications giant of engaging in unconstitutional practices that potentially violate the privacy rights of its customers.
KHRC and MUHURI raised seven "disturbing allegations" stemming from the Daily Nation investigation.
Among these is the claim that Safaricom allows police officers, attached to its Law Enforcement Liaison Office, to handle call data records (CDRs).
The groups argue this creates a conflict of interest, as the same officers are allegedly implicated in crimes such as enforced disappearances, renditions, and extrajudicial killings.
"This poses a serious conflict of interest by offering officers of the accused security forces an opportunity to handle the data and conceal evidence of state crime, as well as the fate of the victim," reads the letter dated November 14, 2024.
The groups also question whether Safaricom certified manipulated or falsified CDRs as authentic and whether the telco shared these records in response to court orders involving suspected state-enforced disappearances.
Further allegations include Safaricom's purported refusal to release data vital for investigating state crimes, despite court orders.
They also accuse the company of granting routine access to consumer data without legal approval, facilitating the tracking and apprehension of individuals.
The advocacy groups alleged that Safaricom, in collaboration with Neural Technologies Limited, developed software that grants security agencies predictive and pre-emptive profiling capabilities.
This, they argue, constitutes invasive breaches of privacy and potentially violates constitutional provisions and Kenya's Data Protection Act, 2019.
Additionally, KHRC and MUHURI claimed that Safaricom retained "old" customer data, previously declared deleted, which could have been useful in investigating state crimes.
The groups urged Safaricom to address the allegations swiftly and clarify steps it is taking to prevent unlawful use of customer data.
"KHRC and MUHURI urge you to address the substance of the allegations with haste and clarify what steps Safaricom will take to ensure that its data is not used unlawfully, whether by Safaricom staff, Kenyan security forces, or any other third party," the letter, signed by KHRC Executive Director Davis Malombe, stated.
While Safaricom issued a public statement on October 31, 2024, denying the claims, KHRC and MUHURI said the company failed to adequately address the findings presented in the investigation.
Reader comments
Follow Us and Stay Connected!
We'd love for you to join our community and stay updated with our latest stories and updates. Follow us on our social media channels and be part of the conversation!
Let's stay connected and keep the dialogue going!