Wananchi Group Limited, which owns Zuku, has been fined KES 500,000 for persistently sending promotional messages to a former customer against his explicit requests.
The Office of the Data Protection Commissioner (ODPC) has also recommended the prosecution of Zuku’s directors for obstructing the investigation into the matter.
As reported by Business Daily, the case centers around a complaint filed on November 18, 2024, by Yasin Abukar, who alleged that despite terminating his services with Zuku years prior, the company continued to send him unsolicited promotional messages.
Mr. Abukar said that his repeated requests, made both by phone and through email, to have his personal data deleted were ignored.
He also reported that when he tried to escalate the issue, the email address listed on Zuku’s website turned out to be invalid, making it impossible to communicate directly with the company.
In response to the complaint, Zuku stated that a thorough review of its records revealed no data deletion requests from an individual named Abukar. To verify this claim, the ODPC conducted an on-site visit to Zuku’s premises on February 11, 2025.
However, Data Commissioner Immaculate Kassait reported that her officers were denied access to both digital and manual records pertinent to the investigation, despite possessing a court-issued search warrant.
“The respondent (Zuku) was uncooperative and refused to comply with the court order granting the Office (ODPC) access to search the respondent’s premises, digital and manual records, system(s), and database(s),” Ms. Kassait stated.
This lack of cooperation impeded the ODPC’s ability to verify Zuku’s assertions, leading to the conclusion that the company’s responses amounted to mere denials.
The ODPC’s determination, dated February 15, 2025, not only imposes a financial penalty on Zuku but also recommends the prosecution of the company’s directors for obstructing the investigation.
Parties involved in this case have been granted the right to appeal the decision at the High Court within 30 days, as stipulated by the ODPC.
