Kenya’s data protection regulator has fined Wananchi Group’s Zuku, a leading television and internet provider, KSh 500,000 (US$ 3,200) for failing to erase a former customer’s personal data and continuing to send him promotional messages despite multiple requests to opt out.
- The Office of the Data Protection Commissioner (ODPC) ruled that Zuku had violated the country’s data laws by improperly retaining and using the personal information of Yasin Abukar, a former client.
- The ruling ordered the company to permanently delete Abukar’s data and provide proof of compliance within seven days.
- The ODPC commissioner also recommended that Zuku’s director be prosecuted for obstruction after ODPC officers conducted an on-site visit to Zuku’s offices but were blocked from accessing relevant records.
According to the ODPC, Abukar made repeated efforts—via phone calls and emails—to request the deletion of his personal data from Zuku’s records, but the company failed to act. Zuku argued that there was no evidence of such a request, maintaining that it would have complied had a formal deletion request been received.
However, the data watchdog determined that an official email address provided by Zuku was defective, preventing the successful delivery of Abukar’s request. Kassait noted that this amounted to an obstruction of Abukar’s right to have his personal data erased.
“The respondent’s (Zuku) actions of refusing to abide by the search warrant and refusing to cooperate with the data commissioner obstructed the data commissioner in relation to the exercise of her powers,” Kassait stated in the determination.
Zuku, a subsidiary of Wananchi Group, is one of Kenya’s largest home internet and pay-TV service providers. The ruling underscores the increasing scrutiny companies face under Kenya’s evolving data protection regime, which was enacted in 2019 to safeguard consumers against misuse of personal data.
