Azura Credit, operating under the brand TruePesa, has once again found itself in trouble for violating Kenya’s data privacy laws, sparking serious concerns over its commitment to data protection regulations.
This fresh controversy comes just a little over a month after the company was fined Ksh 250,000 for a similar infraction, underscoring a recurring issue in how it handles sensitive personal data.
In a recent probe, the Data Protection Commissioner, Immaculate Kassait, issued a directive ordering Azura Credit to cease its reported harassment of Musa Wesutsa, along with the senior management team of his organization, over a loan taken out by a subordinate at an undisclosed company.
This case highlights significant challenges in the enforcement of Kenya’s data privacy laws, especially as more digital lending firms emerge.
In this particular instance, Mr. Wesutsa filed a formal complaint with the Office of the Data Protection Commissioner (ODPC), describing persistent harassment from Azura Credit representatives.
According to Wesutsa, both he and the senior officials in his organization were contacted by Azura representatives who were pressuring them to settle the debt, even though it was incurred by another staff member.
Azura Credit’s actions have drawn attention because they raise questions about the company’s adherence to privacy regulations, and this is not the first time the company has been called out for similar practices.In response to Wesutsa’s complaint, the ODPC launched an investigation to determine the legality of Azura’s actions.
Their findings revealed that Wesutsa had been identified by the borrower as a guarantor or referee.
However, crucially, Azura collected his contact details both his phone number and email address without his knowledge or consent.
This lack of notification and absence of any clear explanation regarding why his data was being collected goes against Kenya’s Data Protection Act of 2019, which mandates that individuals must be informed whenever their data is collected.
Additionally, individuals have the right to request that their data be deleted if it is deemed irrelevant to the transaction.
Section 26(a) of the Data Protection Act specifically outlines the rights of data subjects, which include the right to be informed about the processing of their data, the purpose of such data collection, and the option to opt-out.
Commissioner Kassait confirmed that Azura Credit’s actions violated these rights, highlighting that the company failed to meet its legal obligations.
The violation has once again called attention to the company’s poor record on data privacy and transparency, with its recent fine seen as insufficient to deter similar misconduct.
This recent investigation and ruling mirror an earlier case in July where complaints against Azura Credit first surfaced in June.
The earlier complaints alleged similar privacy violations, prompting the ODPC to initiate an inquiry that resulted in the Ksh 250,000 penalty.
At that time, the ODPC also recommended prosecuting the directors of Azura Credit for obstructing the data commissioner’s investigation.
This earlier case suggested a pattern of non-compliance with Kenya’s data protection laws that has only intensified in light of the current complaint.
Compounding this situation is the fact that Azura Credit was recently licensed by the Central Bank of Kenya (CBK) in March to operate in the country’s digital credit market.
Given the high standards typically associated with obtaining a CBK license, the public expects licensed institutions to adhere to rigorous compliance protocols, including upholding data protection laws.
However, Azura Credit’s actions have painted a different picture, casting doubts on its commitment to responsible data handling and raising concerns over the effectiveness of CBK’s licensing standards in ensuring consumer protection.
Azura Credit’s repeated violations also raise important questions for the digital lending industry as a whole, an industry that has grown rapidly in Kenya.
Digital lenders like Azura operate by collecting and analyzing vast amounts of personal data, from credit histories to contact details, in order to assess loan eligibility and manage credit risk.
However, without strict enforcement of data privacy laws, such practices can easily lead to exploitation and harassment of individuals, as seen in the cases involving Azura Credit.
The ODPC’s firm stance on these violations reflects Kenya’s growing resolve to protect citizens’ data rights.
Commissioner Kassait’s leadership has been instrumental in bringing such cases to light, and her office continues to signal that non-compliance with the Data Protection Act will carry serious consequences.
For companies like Azura Credit, repeated violations and disregard for data protection laws could result in further penalties, potential legal actions, and damage to their reputation.
Such outcomes might also prompt tighter regulations and greater scrutiny from the CBK, as well as stricter policies to guide digital lenders on data handling practices.
Azura Credit’s latest infraction is a cautionary tale for the digital credit sector.
It underscores the importance of adhering to Kenya’s data privacy standards, not only to avoid legal repercussions but also to protect consumer trust in digital financial services.
As Kenya’s digital economy continues to expand, the enforcement of data protection laws will be essential in ensuring that innovation in the lending industry aligns with respect for individual rights and transparency.
Add Comment