Wednesday, February 19, 2025 - Kenya’s Office of the Data Protection Commissioner (ODPC) has ruled against Wananchi Group Limited (Zuku) for violating a former customer’s data privacy rights.
The regulator ordered Zuku to pay Ksh500,000 in compensation
after repeatedly sending promotional messages despite multiple requests to
stop.
According to ODPC, Zuku failed to erase the complainant’s
personal data after he terminated his subscription, violating Section 26(a) and
Section 26(e) of the Data Protection Act, 2019.
The company also ignored his right to object to receiving
marketing messages and lacked a functional system for data deletion requests.
The complainant revealed that despite ending his
relationship with Zuku years ago, he continued to receive unsolicited messages.
His attempts to have his data deleted - including phone
calls, emails, and verbal requests - were ignored.
A formal email sent on November 16th, 2024, to
Zuku’s listed contact bounced back, proving the company’s lack of
responsiveness.
Even after filing a complaint with ODPC, he continued
receiving messages, including a service suspension notification on December 15th,
2024.
In its ruling, ODPC ordered Zuku to:
1.
Pay Ksh500,000 in compensation
2. Delete
the complainant’s personal data
3. Stop
all communication with him
4. Provide
proof of compliance within seven days
This landmark ruling reinforces Kenya’s data protection
laws, urging companies to establish functional opt-out mechanisms or face legal
and reputational consequences.
The Kenyan DAILY POST
 ordered to pay a former client Ksh 500,000 in precedent-setting ruling – DETAILS!){kind=link}
0 Comments