| Authority: | ODPC - Kenya |
|---|---|
| Jurisdiction: | Kenya |
| Relevant law: | Section 25(4), 26, 28, 29 of the Data Protection Act, 2019; Article 31 of the Constitution of Kenya |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | 25 December 2023 |
| Decided: | 4 March 2024 |
| Published: | Yes |
| Fine: | KES. 250,000/= |
| Parties: | Daniel Ndambuki vs. Aventus Technology Ltd |
| Case No.: | 2506 of 2023 |
| Appeal: | [Aventus Technology Limited vs. Daniel Ndambuki (Civil Appeal 1140 of 2024) KEHC 8211 (KLR) (Civ)](https://www.notion.so/Aventus-Technology-Limited-vs-Daniel-Ndambuki-Civil-Appeal-1140-of-2024-KEHC-8211-KLR-Civ-262a46d8343c8056adf3f3f794d31387) |
| Original Source: | ODPC |
| Original contributor: | MZIZI Africa |
Aventus Technologies Ltd, which owns the digital lending platform Lendplus, was found liable for violating the provisions of the DPA19. The company failed to implement appropriate technical measures to ensure privacy by design and by default, thereby failing to protect the privacy of the Complainant.
Aventus Technologies Ltd are the proprietor of the digital lending platform, Lendplus
The Complainant, Daniel Ndambuki, accuses the Respondent of calling him incessantly over a debt that he did not know about and which was extended by the Respondent to a third party.
He alleges that the Complainant has continued to call him over the debt notwithstanding his repeated request to them not to do so.
The Respondents alleged that their system request a person to confirm acceptance to be a contact person through a prompt (pop up message) sent to their phone. Further the contacts became colour coded once the request was accepted. The contacts would subsequently be used when the borrower defaulted on the loan and could not be traced.
The ODPC found that: