The Office of the Data Protection Commissioner has fined Whitepath Company Limited Sh5 million for breaching the data protection law.
Through a statement, ODPC said Whitepath failed to comply with the enforcement notice dated January 10, 2023.
"The ODPC received close to 150 complaints against Whitepath alleging that their applications have accessed their mobile phone contacts and are sending unwarranted and unsolicited text messages to the said contacts," the statement read.
The statement says Whitepath staff have been harassing the complainants and their contacts irregularly obtained from the complainant's phone books.
"Whitepath will have to pay the ODPC a penalty of Sh5 million pursuant to Section 63 of the Data Protection Act, and Regulation 20 of the Data Protection (Complaints Handling Procedure and Enforcement)," it says.
Another company that has been fined the same amount is Regus Kenya which generally deals with co-working spaces in Nairobi.
ODPC says Regus Kenya was non-cooperative and failed to respond to a Notification of Complaint dated October 27, 2022, sent to the company.
Complaint against Regus alleged frequent spamming of automated improper information to the complainant despite attempts to make the respondent stop.
Commissioner Immaculate Kassait said Data protection is the responsibility of every data controller and processor and it must be the company's top priority whenever they collect, process, or store personal information.
"I challenge businesses to protect personal data by design and by default and cooperate with the ODPC to avoid penalties," she said.
