Safaricom and deficit are two words you would rarely find in one sentence, yet that seems to be the case given the recent conversations dominating online spaces. The deficit that Safaricom seems to bear, is a lack of trust – the same deficit that the Kenyan government has been accused of.
Recent developments in Kenya’s digital financial landscape have brought the intersection of tax compliance and data privacy into sharp focus. A case reported to Techweez has raised questions about whether Safaricom is sharing Mshwari data with the Kenya Revenue Authority (KRA), this is set against a recently scrapped Finance Bill that would have significantly altered the country’s data protection framework.
The incident reported to Techweez, involved a Safaricom subscriber we’ll refer to as Sifuna. When attempting to deposit funds into their Mshwari account, Sifuna was informed via text from Mshwari, that they had reached their account limit of 250,000 Kenyan shillings. Sifuna was requested to visit a Safaricom shop with their ID for the limit of their savings to be adjusted. Surprisingly, Sifuna was told that providing a KRA PIN (Personal Identification Number) was necessary to increase this limit, a requirement not listed in Safaricom’s public Mshwari FAQ.
An enquiry to the Safaricom customer care centre by Techweez got a response that, the limit for an Mshwari account was 1,000,000 Kenyan shillings and a KRA PIN wasn’t required. This response was in contrast to that given to Sifuna.
This incident continues to pile negative effects on Safaricom who were recently accused of disrupting internet access during protests against planned tax hikes. Several social media influencers and celebrities publicly announced they were cutting ties with the telecom giant, over what has been purported to be a dalliance with the government.
This episode gains additional significance in light of recent legislative developments. The Finance Bill 2024, which was entirely scrapped following massive protests across the country, contained clauses that would have allowed the KRA to bypass existing data privacy laws. Specifically, Clause 63 of the bill proposed to amend Section 51(2) of the Data Protection Act, adding an exemption for data disclosure “necessary for the assessment, enforcement or collection of any tax or duty under written law.”
The proposed changes in the now-scrapped bill would have given the KRA broad latitude to process personal data for tax-related purposes, overriding existing data protection principles such as confidentiality, purpose limitation, and transparency. The amendments targeted individual Kenyan citizens rather than organizations, potentially allowing the KRA to process any information about any person to assess and enforce tax obligations.
The controversy surrounding these proposed changes, which contributed to the bill’s ultimate rejection, underscores the ongoing tension between the government’s push for increased tax compliance and citizens’ concerns about financial privacy. Caroline Rotich, chief manager in the KRA’s Domestic Taxes Department, has acknowledged that the authority is developing strategies to address businesses abandoning mobile payment systems in favour of cash transactions, presumably to evade taxes.
However, Safaricom has publicly denied any current data-sharing arrangement with the KRA. Esther Waititu, Safaricom’s Chief Finance Services Officer, emphasized that KRA and M-Pesa are separate entities governed by the Data Protection Act, which currently prohibits the sharing of customer data between distinct business entities.
Kenya’s data protection commissioner, Immaculate Kassait, previously stressed that data protection regulations apply to both government agencies and private organizations. The scrapping of the entire Finance Bill 2024 following public protests indicates the strong public sentiment regarding data privacy and the potential overreach of tax authorities.
As the debate over data privacy and tax compliance continues, how companies especially those that handle massive data navigate this maze will continue to be in focus. The Mshwari incident and the subsequent rejection of the Finance Bill highlight the delicate balance required in gathering digital financial data for tax purposes and protecting individual privacy rights.