Safaricom PLC headquarters in Westlands, Nairobi.
Two lobby groups have written to Safaricom expressing their concerns over the allegations that the telco giant has over years been giving security agents access to its customers’ data, assisting in the tracking and capture of suspects.
In their letter to the company’s Head of Regulatory and Public Policy, Fred Waithaka, the Kenya Human Rights Commission (KHRC) and the Muslim for Human Rights (Muhuri) cited an investigation done by the Daily Nation late October that revealed unconstitutional practices allegedly conducted by the country’s leading telco.
The civil society organisations questioned the company for sharing its customers’ data with Kenya’s security forces who they said have a “reputation for using unlawful tactics, including enforced disappearances, renditions and extrajudicial killings of suspects”.
Whereas Safaricom released a public statement dated October 31, 2024 to address the allegations, KHRC and Muhuri said the details of the statement ignored responding to the key findings presented in the investigation.
As such, the advocacy groups want Safaricom to address a list of seven “disturbing allegations” that were highlighted by the Daily Nation article.
For starters, they said that when the telco is issued with a court order to release call data records (CDRs) that could implicate security agencies in crimes of murder or enforced disappearances, it usually passes responsibility for extraction and handling of call data records to police attached to its Law Enforcement Liaison Office.
“This poses a serious conflict of interest by offering officers of the accused security forces an opportunity to handle the data and conceal evidence of state crime, as well as the fate of the victim,” they said.
Also, they question whether Safaricom released CDRs it certified as authentic despite bearing signs of manipulation and falsification. The lobby groups want the telco to ascertain that it released these records in response to court orders arising from legal cases involving suspected state-enforced disappearances.
By habitually refusing to hand over data vital to the investigation of state crime in Kenya even after being issued with court orders, KHRC and Muhuri have accused the telco of “frustrating the course of justice”.
They also want Safaricom to elucidate issues on the allegation that it allowed security agencies routine access to consumer data without court order, assisting in the tracking and capture of suspects.
KHRC and Muhuri also want the telco to address the allegation that it retained “old” customer data that it claimed had been deleted, including data that could potentially aid the investigation of state crime.
These two CSOs also want Safaricom to come clear on the allegation that it, together with Neural Technologies Limited, developed software granting security agencies in Kenya access to private consumer data that assisted in the tracking and capture of suspects in operations.
Further, they want the mobile telco to explain the role that itself, Neural Technologies Limited and police attached to Safaricom used this software to predictively and pre-emptively profile Kenyan citizens since this “would constitute invasive breaches of customers’ private data rights”.
These alleged issues, the lobby groups said, make Safaricom potentially liable for violating several sections in Part of Two of Chapter 4 of the constitution as well as several sections in Part 4 of the Data Protection Act, 2019.
“KHRC and Muhuri urge you to address the substance of the allegations with haste and clarify what steps Safaricom will take to ensure that its data is not used unlawfully, whether by Safaricom staff, Kenyan security forces or any other third party,” the letter signed by KHRC’s Executive Director, Davis Malombe, on behalf of the CSOs concluded.
