Safaricom PLC headquarters in Westlands, Nairobi.
Safaricom has found itself in the eye of a storm over allegations of breach of confidential subscriber data with MPs hot on the telco’s heels.
The lawmakers have also accused the telco giant of aiding State agents to track and abduct citizens, coming at a time when cases of abductions are on the rise in the country.
Raising the storm in the Senate, Migori Senator Eddy Oketch hard-pressed Safaricom to explain whether it has a data-sharing agreement with the government and whether subscribers were informed and consented to the agreement.
The legislator further wants the Senate’s Committee on Information, Communication and Technology (ICT) to establish whether it is mandatory for Safaricom to collect and store subscriber data, such as location and to monitor calls to provide its services and clarify why similar practices are not required for other telecom providers.
Taking to task the Telco, Senator Oketch wants the committee to assess the security of subscriber data considering that Subscriber Identity Module (SIM) card installation on Safaricom lines is handled by an international company by the name Neural Technologies.
Further, the committee led by Trans Nzoia Senator Allan Chesang’ is to provide a copy of the agreement between Safaricom and the said company.
The first-term senator decried that Kenyans have in the past raised concerns about alleged data breaches by Safaricom.
“We want the committee to explain the discrepancy in access to subscriber data by the government and its agencies when tracking suspects but the same is not made available to assist subscribers in tracing lost phones,” said Mr Oketch.
“It should also detail the safeguards Safaricom has in place to protect subscriber data when shared with third parties, either with or without court orders and determine why Safaricom receives a higher volume of data breach complaints compared to other service providers,” he added.
Busia Senator Okiya Omtatah said Safaricom must be called to the House to account for its activities, adding that it is high time the government took the question of data protection seriously.
“The question of data is a matter of life and death. Our data cannot be handled in the manner it is being handled. Safaricom was accused of aiding state agents to track and abduct citizens. However, up to this time, it has not responded,” said Mr Omtatah.
“Which mechanism are they using? Why should the government snoop and spy on us? We cannot allow it. We are not negotiating. It has been implicated in so many crimes. We cannot allow this one to pass,” he added.
Nandi Senator Samson Cherargei said he expected the Communications Authority of Kenya would have already punished Safaricom for alleged infringement on the right to privacy.
“What Safaricom is doing is illegal, unconstitutional and must be punished heavily,” said the senator.
Narok Senator Ledama Olekina wanted to know why Kenyans’ data is being managed by another international company and whether Safaricom has disclosed the same in their disclosures to its clients, saying its operations must be guided by the Data Protection Act.
He said the biggest problem is where the telco harvests people’s data while they are changing or registering their Siim cards or when sending money.
ID number
“This system, where you write your ID number in books, people will buy them, politicians will use them if they are seeking office independently and they are not sponsored by a political party or perhaps when you want to create fake IDs,” said Mr Olekina.
Vihiga Senator Godfrey Osotsi called for the repeal of the data protection law to conform to international standards.
He pointed out that the Data Protection Act is inhibiting as it lacks security, accountability, integrity and confidentiality.
“The problem we are having in this country on the matter of data protection is the law. Our data protection law must be aligned with the General Data Protection Regulations, a global standard with eight principles that must be adhered to. As it is now, it cannot guarantee data privacy and protection in this country,” said Mr Osotsi.
The senator also argued that the Office of the Data Protection Commissioner must be independent and not be domiciled as a department within the Ministry of Information, Communication and the Digital Economy.
He also observed that the holder of the office should be an individual with a background in information technology.
“It is high time we stopped giving all the jobs in this organisation to lawyers and give them to other professionals who understand the job. This is a person who will need to understand the challenges we have with our telecoms and how our telecoms are being used to interfere with data privacy,” he said.
