In September 2024, an online lender in Kenya, Azura Credit Limited, was ordered to pay a man KShs. 250,000/- The man had complained to the Office of the Data Protection Commissioner (ODPC) that Azura was harassing him as a guarantor for a loan that someone else took.
For those not familiar with the practice (though it has probably declined nowadays because of new laws and cases such as this) online lenders repeatedly call numbers listed as “guarantors” to pressure the loan recipients to repay the loans.
Azura responded by saying that the man himself was the loan recipient and he had defaulted. The ODPC asked for proof that he was the recipient. Azura said “Okay. Come to our office and we will show you our database.” On the day the ODPC went to Azura’s offices, Azura said that the guy in charge of the database was not in! Imagine that!
As you may imagine, the ODPC was not pleased. The Office told Azura to pay the man 250K and that the Office would recommend the prosecution of Azura’s directors.
In a separate case, in November 2024, Bolt, the taxi-hailing company, was ordered to pay a driver registered to it KShs. 500,000/- after he was apparently locked out of his account and someone used it to make trips valued at about KShs. 26,000/-.
The Office of the Data Protection Commissioner determined that Bolt did not adequately protect the driver’s account and also failed to grant him access to the account, in violation of the Data Protection Act of 2019.