insights

DIGITAL LENDING AND DATA PRIVACY IN KENYA

All Insights / By Alakonya Law LLP
DIGITAL LENDING AND DATA PRIVACY IN KENYA

Digital lending involves the utilization of technology and online platforms to streamline and expedite the loan approval and disbursal procedures.
With the advent of digital lending, the financial landscape has undergone a transformative shift, bringing about increased efficiency and accessibility in the loan application process.

Unlike traditional lending methods that heavily rely on credit scores and extensive documentation, digital lending leverages a broader set of data points for assessing the creditworthiness of borrowers. In addition to traditional metrics such as credit history, income, and financial statements, digital lenders may incorporate alternative data sources. These alternative sources can include online transaction histories, social media activity, and other non-traditional indicators, providing a more comprehensive and real-time view of an individual's financial behavior.
However, it is essential to note that the shift towards digital lending also introduces new considerations, such as data security and privacy concerns. As personal and financial information is exchanged online, ensuring robust cybersecurity measures and compliance with data protection regulations become paramount for both lenders and borrowers.

The use of non-financial data, such as mined phone data, for debt collection purposes is a clear invasion of privacy. Debt shaming practices, where lenders inform a borrower's family, friends, and employers about their debts, not only violate personal boundaries but can also lead to severe emotional distress and harm to an individual's reputation. The public outcry and accusations from debtors in Kenya underscore the negative impact of such practices on individuals' lives.

To mitigate these concerns, it is essential for regulators to establish and enforce robust data protection and privacy regulations. Digital lenders must adhere to strict guidelines to ensure the responsible and ethical use of customer data. This includes obtaining explicit consent for data collection, clearly communicating how the data will be used, and implementing stringent security measures to protect the information from unauthorized access.

The office of the Data Protection Commissioner (ODPC) is tasked with the below mandate:
1. Regulate the processing of personal data
2. Protect privacy of individuals
3. Establish the legal and institutional mechanism to protect personal data; and
4. Provide data subjects with rights and remedies to protect their personal data from processing that is not in accordance with the Act
In establishing the legal and institutional mechanism, the following were the issues for determination in ODPC COMPLAINT NO. 436 OF 2023 :
I. Whether the Respondent obtained contacts in its clients’ phonebooks and contacted the complainants regarding loans they had not consented to guarantee.
II. Whether the Respondent put the personal mobile number of one of its employees on the face of its Pesa Pay application without his consent.
III. Whether there was any infringement of the Complainants’ Rights as data subjects as provided for in the Data Protection Act, 2019.
In this case the Respondent collected mobile phone contacts of the Complainants from third parties without consent of the Complainants contrary to Section 28(1) of the Data Protection Act that states that a Data Controller or Data Processor shall collect personal data directly from the Data Subject.
Additionally, the Respondent put the mobile number of one of the Complainants on the face of its Pesa Pay application and by refusing to remove it despite requests by the Complainants violated the Complainants right to object to the processing of his personal data.

In making the decision, Section 26 of the Data Protection Act was highlighted as follows:
- The rights of data subjects are:
• To be informed of the use to which their personal data is to be put;
• To access their personal data in custody of data controller or data processor;
• To object to the processing of all or part of their personal data;
• To correction of false or misleading data; and
• To deletion of false or misleading data about them.

Further, it was re-affirmed that a data subject has a right to request for deletion of personal data that the Respondent processed without consent.
The key implications of the Data Protection Act for digital lending privacy include:
 Enhanced privacy protection
 Consent mechanisms
 Transparent data practices
 Data security measures
 Prohibition of debtor shaming

In Conclusion, the implementation of the Data Protection Act in Kenya is poised to bring about a transformative impact on digital lending privacy. This legislative framework is a significant step toward safeguarding individuals' personal data and curbing practices such as debtor shaming and the collection of data from undisclosed sources.

By Kate Odundo.
kodundo@alakonyalaw.co.ke
15th May 2024

Related Insights

Priority of Registration of a Trademark Vis-à-vis Registration of a Company or Business Name.
Learn More
Appointment and Removal of Directors Under the Companies Act 2015.
Learn More
Removal of Directors Under the Companies Act 2015.
Learn More
DEVELOPMENTS IN THE MERGERS AND ACQUISITIONS SECTOR IN KENYA
Learn More
ALIGNING HUMAN RESOURCE FUNCTIONS WITH THE DATA PROTECTION REQUIREMENTS IN KENYA
Learn More
COURT ANNEXED MEDIATION(CAM)
Learn More
DIVORCE PROCESS IN KENYAN COURTS.
Learn More
Leveraging Fintech: Using Financial Technology Products as Collateral
Learn More
DUE DILLIGENCE IN THE PROCESS OF LAND TITLE TRANSFER AND REGISTRATION IN KENYA
Learn More
ANTI-DOPING IN KENYA: INSTITUTIONS THAT UPHOLD RULES AND REGULATIONS FOR ATHLETES IN KENYA.
Learn More
DIGITAL LENDING AND DATA PRIVACY IN KENYA
Learn More
AN OUTLOOK ON THE JURISPRUDENCE SURROUNDING ESG
Learn More
THE NARUTO CASE; SHOULD ANIMALS OWN COPYRIGHT?
Learn More
TERMINATION ON MEDICAL GROUNDS; LAWFUL OR UNLAWFUL?
Learn More
AN ANALYSIS OF THE LEGAL FRAMEWORK GOVERNING ANTI-DOPING IN KENYA
Learn More
TERMINATION OF EMPLOYMENT ON THE GROUNDS OF SEXUAL HARASSMENT; BRITISH ARMY TRAINING UNIT KENYA -V- KAIRU MUTAHI (2023) KECA (1417) (KLR)
Learn More
REGULATION OF FINTECH IN KENYA
Learn More
PROTECTION OF CONSUMER RIGHTS: AN INSIGHT INTO THE HIGH COURT CASE OF MARK NDUMIA NDUNG’U – V – NAIROBI BOTTLERS LTD & ANOTHER [2018] eKLR
Learn More
NOTABLE TRENDS AND DEVELOPMENTS IN ENVIRONMENTAL SOCIAL AND GOVERNANCE IN KENYA
Learn More
FRACTIONAL AND TIMESHARE OWNERSHIP OF PROPERTY IN KENYA; MAKING LUXURY REAL ESTATE AFFORDABLE
Learn More
LANDOWNERSHIP IN KENYA
Learn More
DISPUTE AVOIDANCE IN THE NEW AGE OF CONSTRUCTION CONFLICT MANAGEMENT
Learn More