The Casa Vera Lounge, a restaurant on Nairobi’s Ngong Road, has been fined Ksh.1.85 million for displaying an image of a reveler on their social media platform without the person’s consent.
The fine, announced by the Office of the Data Protection Commissioner (ODPC) on Tuesday, is based on the restaurant’s violation of data privacy rights and failure to comply with the Data Protection Act.
According to the ODPC, the penalty will serve as a message to other bars and clubs to always obtain permission from their clients before putting their photographs online.
Similarly, the ODPC penalized Roma School mixed day and boarding primary school in Uthiru a total of Ksh.4.55 million for uploading photos of minors without parental approval.
“This being the first and the highest penalty to an educational facility sends a message to schools and other facilities handling minors’ personal data to obtain consent from parents/guardians prior to processing minors’ data,” read part of the statement.
Mulla Pride Ltd, a Digital Credit Provider (DCP) which operates KeCredit and Faircash mobile lending Apps, was also fined a penalty of Ksh.2.975.000.
They were found to have used names and contact information of complainants which were obtained from third parties, and subsequently used to send threatening messages and phone calls.
Meanwhile, Naivas Supermarket and digital credit lender WhitePath are awaiting their fate after a compliance audit was conducted on them over data breach reports.
“The findings will be shared with the Data Controllers for their swift action,” said ODPC.
Different entities have been urged to comply with the Data Protection Act by implementing data protection principles to ensure that the identity of citizens is safeguarded.
“Failure to comply with the Act will result in instituting enforcement procedures.”
ODPC also seeks to embarking on conducting 40 compliance audits on various data controllers and in various sectors this year.