The Casa Vera Lounge, a restaurant on Nairobi’s Ngong Road, has been fined Ksh.1.85 million for posting an image of a reveller on their social media platform without the person’s consent.
The fine, announced by the Office of the Data Protection Commissioner (ODPC) on Tuesday, is based on the restaurant’s violation of data privacy rights and failure to comply with the Data Protection Act.
According to the ODPC, the penalty will serve as a warning to other lounges and clubs to always obtain permission from their customers before posting their images online.
Similarly, the ODPC fined Roma School mixed day and boarding primary school in Uthiru a total of Ksh.4.55 million for posting images of minors without parental consent.
“This being the first and the highest penalty to an educational facility sends a message to schools and other facilities handling minors’ personal data to obtain consent from parents/guardians prior to processing minors’ data,” read part of the statement.
Mulla Pride Ltd, a Digital Credit Provider (DCP) that operates the KeCredit and Faircash mobile lending Apps, was also fined Ksh.2.975.000.
They were discovered to have used complainants’ names and contact information obtained from third parties to send threatening messages and phone calls.
Meanwhile, Naivas Supermarket and digital credit lender WhitePath are awaiting their fate following a compliance audit over data breach reports.
“The findings will be shared with the Data Controllers for their swift action,” said ODPC.
Different entities have been urged to comply with the Data Protection Act by implementing data protection principles to ensure that the identity of citizens is safeguarded.
“Failure to comply with the Act will result in instituting enforcement procedures.”
This year, the ODPC also plans to conduct 40 compliance audits on various data controllers and sectors.