A few weeks ago, the Office of the Data Protection Commissioner (ODPC) issued a compliance audit notice to 40 Digital Credit Providers/loan apps.
As of the deadline for submission of documents for the audit, 18 of these companies had responded by submitting their documents for review.
The ODPC is currently reviewing these documents and has made some preliminary findings.It has also emerged that many of the Digital Credit Providers have multiple products registered under a single entity.
Of the 40 Digital Credit Providers that received the notice, 22 have not yet responded and notifications have been issued against them.
The ODPC will provide more information about the investigation once it is complete.In addition, the ODPC reports that Aga Khan Hospital, which received an enforcement notice in October 2022, has responded and is in compliance with data protection laws.
This announcement comes after the Office revealed it would fine phone maker Oppo for private data abuses.
The enforcement notice was issued because Oppo Kenya violated the privacy of a complainant by using their photo on the company’s Instagram account without the complainant’s consent.
The penalty notice was issued according to the Data Protection Act and related regulations in Kenya, and Oppo Kenya has been ordered to pay a fine of 5 million Kenyan shillings.
In addition to not paying the fine, Oppo Kenya has also failed to provide a data protection policy or evidence of an internal complaints mechanism, as required by the enforcement notice.