Contents

1. Summary
   1. Facts
   2. Holding
2. Comment
3. Further resources
4. The Decision

Summary

Creditwatch Investment Ltd (the “Respondent”) a digital credit provider and proprietor of CloudLoan was found liable for breaching the Complainant’s rights to privacy and the provisions of the DPA19 by listing them as guarantors of loans by third parties, without their knowledge or consent.

Facts

Peter Mbugua, Timothy Ngome & Aggrey Timothy (the “Complainants”) filed diverse complaints with the Office of the Data Protection Commissioner alleging that Creditwatch Investment Ltd (the “Respondent”) a digital credit provider and proprietor of CloudLoan, listed them as guarantors of loans by third parties, without their knowledge or consent.

The Respondent theafter contacted the Complainants on different occassions asking them to impose upon the third parties to regularise their outstanding facilities.

In responce the Respondent confirmed that the Complainants were indeed contacted over the outstanding third party loans, but avers that they did so because the Complainants were nominated by the loanees whose duty it was to confirm their acceptance to act as emergency contacts.

The ODPC found that the Respondent violated section 26 by not informing the Complainants of the use of their personal data. They also did not obtain the Complainant’s consent before so doing. The Respondent did not therefore process the personal data for legitimate purposes (to wit, emergency contacts). Further their systems were not designed to protect or promote DPA19 principles.

As a result of the foregoing the ODPC found that the Respondent violated the Complainant's rights to privacy and there was non compliance withe the DPA19.

Holding

The ODPC held that:

• The Respondent violated the rights of the complainants and the provisions of the DPA19.
• An enforcement notice to issue.
• Compensation in the sum of KES.300,000/= to each Complainant to issue.

Comment