BY SAM ALFAN.

Kenya Human Rights Commission (KHRC) and Muslims for Human Rights (MUHURI) have written to Safaricom PLC over alleged breaches of customer’s data privacy.

The two civil society organisations said they were concerned that Safaricom is alleged to have, for years, given security agents’ virtually unfettered access to its customers’ data.

The access has in turn assisted in the tracking and capture of suspects, despite Kenyan security forces’ reputation for using unlawful tactics, including enforced disappearances, renditions, and extra-judicial killings of suspects.

The letter stated that an investigation conducted by Namir Shabibi, Claire Lauterbach, and Kenya’s Daily Nation newspaper, published on October 29, 2024, revealed criminal and unconstitutional practices the telco is alleged to have engaged in, for several years.

Although Safaricom PLC attempted to address these malfeasances in a public statement released on October 31, 2024.The human rights organizations said Safaricom conveniently ignored to respond to key findings presented in the investigation, in its statement.

KHRC and MUHURI added that as a result of the telco’s selective response to grave human rights violations captured in the investigation.

The organisations urged Safaricom to adequately and comprehensively address the allegations that when presented with a court order authorizing the release of call data records (CDRs) that could implicate Kenyan security forces in crimes of murder or enforced disappearance.

Safaricom, it was noted, routinely passed responsibility for extraction and handling of that data to police attached to its Law Enforcement Liaison Office.

“This poses a serious conflict of interest by offering officers of the accused security forces an opportunity to handle the data and conceal evidence of state crime, as well as the fate of the victim,” says the lobby groups.

Further that Safaricom PLC released CDRs it certified as authentic, despite bearing signs of manipulation and falsification. Safaricom PLC released these records in response to court orders arising from legal cases involving suspected state-enforced disappearances.

The lobby groups accuses Safaricom PLC for failing to hand over data potentially vital to the investigation of state crime in Kenya, by habitually declining to provide full CDRs despite court orders to do so. In doing so, Safaricom PLC may have frustrated the course of justice.

“That Safaricom PLC allowed security agencies routine access to consumer data (including but not limited to CDRs and other location data) without court order, assisting in the tracking and capture of suspects. This is despite Kenyan security forces’ reputation for using unlawful tactics, including enforced disappearances, renditions, and extrajudicial killings of suspects,” state the open letter.

They adds that Safaricom PLC retained ‘old’ consumer data it claimed had been deleted, including data that could potentially aid the investigation of state crime. In doing so, Safaricom PLC may have frustrated the course of justice. Safaricom PLC, in concert with Neural Technologies Limited, developed software granting security agencies in Kenya virtually unfettered access to private consumer data, which assisted in the tracking and capture of suspects in operations, despite Kenyan security forces’ reputation for conducting enforced disappearances, renditions, and extrajudicial killings of suspects.

The two human rights organizations also add that, in concert with Neural Technologies Limited, police attached to Safaricom PLC used such software to predictively and preemptively profile Kenyan citizens, which would constitute invasive breaches of customers’ private data rights.

“Safaricom alleged weighty and disturbing issues highlighted above make Safaricom PLC potentially liable for violating Chapter 4, Part 2, Sections 26, 27, 28, 29, 31, 37, 46, 47, 48, 49, 50, and 51 of the Constitution of Kenya, and Part 4, Sections 25, 26, 27, 28, and 29 of the Data Protection Act, 2019,” says the two lobby group.

KHRC and MUHURI urge Safaricom PLC to address the substance of the allegations with haste and clarify what steps Safaricom PLC will take to ensure that its data is not used unlawfully, whether by Safaricom staff, Kenyan security forces, or any other third party.