Digital lender, Azura Credit Limited, has been ordered to pay Sh250,000 to a man who harassed him over a loan he allegedly guaranteed on behalf of a borrower.
A loan guarantor is a third party that agrees to repay the loan if the borrower defaults.
In a new ruling, the Office of the Data Protection Commissioner (ODPC) said Azura violated Maxwell Okoth’s rights by constantly calling on him to repay a loan he did not take out or know about.
Investigations by the ODPC established that the digital lender collected Mr. Okoth’s phone number from a third party from whom it borrowed money, and listed the complainant as a referee or emergency contact.
However, Azura, which insisted that Mr Okoth was its borrower, did not notify him at the time of its data collection, nor did it inform him why this was necessary. The digital lender also ignored his repeated requests to stop contacting him.
“The defendant (Azzurra), by failing to inform the complainant of the use to which his personal data would be put, at the point of collecting the personal data, breached his right to information,” said Data Commissioner Immaculate Cassette.
But although Azura insisted that Okoth personally obtained a loan from it and defaulted, the company did not provide any evidence.
Attempts by ODPC to verify the allegations against Mr Okoth in the Azura ICT database were unsuccessful. ODPC and Azura agreed on a date to check the database, but on the day of the visit, Azura claimed that the personnel responsible for the database were absent.
“This act amounts to obstruction of the Data Commissioner in contravention of section 61 of the Act,” Ms Cassette said.
As such, in addition to the penalty to be paid to the victim of the violation, the ODPC said it also recommended that Azura’s directors be prosecuted for violating the law.
Data privacy breaches of this kind had been rampant for about two years before the Central Bank of Kenya (CBK) stepped in to rein in digital credit providers (DCPs), who were constantly contacting the contacts of defaulters who had nothing to do with the loans. .
As part of the licensing requirements, the Central Bank of Kuwait requires data centers (DCPs) to provide, among other things, their own data protection policies and procedures, and a consumer redress mechanism.
The Central Bank of Kuwait has so far licensed 58 digital banks, including Azura, which received a license in March this year.