Safaricom is set to introduce an additional layer of data minimization on its M-Pesa platform, extending privacy controls to person-to-person (P2P) transactions effective 24 March 2026.
- •The update will reduce the amount of personal information shared during “Send Money” transactions.
- •Recipients will no longer see full customer names or complete phone numbers.
- •Instead, only partial identifiers- such as two names and a masked mobile number- will be visible, while core transactions details like amount, date, and transaction ID remain unchanged.
The change builds on a series of earlier data minimization measures rolled out across the M-Pesa ecosystem over the past few years. These have included reduced data visibility in M-Pesa statements and in merchant transactions such as Buy Goods and PayBill services. With the inclusion of P2P transfers, Safaricom is effectively standardizing its approach to data privacy across all major transaction types on the platform.
The shift reflects growing concern around the exposure of personally identifiable information in digital payments. Historically, M-Pesa transactions displayed full names and phone numbers, which, while useful for verification, also created potential risks such as unsolicited contact, data harvesting, and fraud. By limiting what is visible to transacting parties, the new framework reduces the likelihood of misuse while preserving transactional transparency.
The update aligns with Kenya’s the principle of data minimization under the Data Protection Act (Kenya). This principle requires that only data strictly necessary for a given purpose be processed or shared. The move also reflects broader oversight trends by the Central Bank of Kenya, which has increasingly emphasized consumer protection and data governance in digital financial services.
Operationally, the payments process itself remains unchanged. Transactions will continue to be processed in real time, and users will still receive full transaction details on their own devices. The key adjustment is in third-party visibility- whether by recipients or merchants- which is now restricted to a minimum dataset sufficient for confirmation.
More broadly, the rollout signals a gradual shift toward “privacy by design” in Kenya’s digital financial ecosystem. Rather than relying on user discretion or post-transaction controls, platforms are increasingly embedding data protection into the structure of the service itself. For M-Pesa, which remains central to retail payments in Kenya, the update represents a measured and at the same time, a consequential change in how user identity and transaction data are handled at scale.
