Kenya’s biggest telecoms firm, Safaricom, plans to monetize data from its over 35 million active customer databases.
However, the Ministry of Information and Communications Technology says this will not be possible, as it would be infringing on customers’ rights if they sold their location-based data to third parties without their consent.
This follows the telco’s announcement to pre-qualify suppliers of a location tracking and intelligence platform.
In its bid notice, the telco said: “Safaricom has enjoyed rapid growth since its inception, largely driven by the innovation and delivery of new and sophisticated services riding on telephony and data services.”
“The growing ecosystem of electronic devices and machines communicating with each other from all corners of the world via mobile networks has prompted the development of the embedded SIM (eSIM or eUICC) technology, which represents the major evolution of the SIM card technology in the last 20 years.”
Embedded Universal Integrated Circuit Card offers users the ability to change service provider over-the-air (OTA), without needing to physically change the embedded SIM card itself
“Consequently, the evolution of the mobile network and devices has enabled Safaricom to gather information from the connected devices. At the core of any reliably connected device is an accurate location intelligence system.”
Government Raises Concerns
ICT Cabinet Secretary Joe Mucheru, who spoke to GBR said all location-based data is given to Safaricom and other platforms willingly when users sign up for certain services, and that on that count alone, the companies collecting user data do not infringe on individual’s rights.
“If (the data collected) is a part of the service you have asked for, then Safaricom cannot be said to have infringed on your rights, but if they are selling to third parties, then that is not allowed. They would be infringing,” said the CS.
Safaricom Defends its Position
Currently, Safaricom collects and stores personal data, but it is not limited to:
“Your identity and SIM-card registration information, including your name, photograph, address, location, phone number, identity document type and number, date of birth, email address, age, gender, and mobile number portability records,” as per Safaricom Data Privacy Statement and much more.
When it comes to the disclosure of one’s information, Safaricom does so under applicable laws and regulations.
However, in Disclosure of Information subsection 4.2(h), the telco says it can disclose one’s information to “Any other person that we deem legitimately necessary to share the data with.”
If personal data is involved and no consent then it's illegal to deal in such data
— Olé (@Olez) January 7, 2020
The Data Protection Act Takes Center Stage
The Data Protection Act, 2019 creates a legal framework for the use of personal data processed on or related to individuals and both public and private entities.
The law gives effect to Article 31(c) of the Constitution, which outlines the right of every person not to have “information relating to their family or private affairs unnecessarily required or revealed” and Article 31(d), the right not to have “the privacy of their communications infringed.”.
The law establishes the office of a Data Protection Commissioner, which will oversee the implementation of and be responsible for the enforcement of the legislation.
The role of the office of the Data Protection Commissioner includes overseeing the implementation of the Act, establishing and maintaining a register of data controllers and data processors, exercising oversight on data processing operations, and receiving and investigating any complaint by any person on infringement of the rights under the Act.
Khusoko is now on Telegram. Click here to join our channel and stay updated with the latest East African business news and updates.