The Office Of The Data Protection Commissioner (ODPC) has penalized Roma School, a learning institution in Uthiru, Kes 4.6 million for posting minors’ pictures without parental consent.

In a statement, the Regulator says the penalty is a warning to learning institutions to seek parental consent before sharing images of minors on social media.

“This being the first and the highest penalty to an educational facility sends a message to schools and other facilities handling minors’ personal data to obtain consent from parents/guardians prior to processing minors’ data,” read the statement.

Casa Vera Lounge in Nairobi has also been fined Kes 1.8 million for posting a reveler’s image on its social media pages without consent.

The Data Commissioner says the heavy penalty will ensure that going forward, social joints will seek consent before using customers’ photos.

Did you read this?

  1. Trident Insurance Fined Kes 1.8M Over Non-Compliance With Data Law
  2. Casa Vera Lounge Fined Kes 1.8M For Posting Reveler’s Image Without Consent

“The establishment was fined Kes 1,850,000 for posting a reveller’s image on their social media platform without the Data Subject’s consent. This penalty seeks to ensure that other lounges, clubs seek consent from their customers prior to posting,” the statement read.

Casa Vera Lounge was among three organizations penalized for using images without consent.

Others are Mulla Pride Ltd., a digital credit provider (DCP) that operates KeCredit and Faircash mobile lending apps, which has been penalized Kes 2.98 million for sharing complainants' contact information and names with third parties where threatening messages and phone calls were sent later.

“This Penalty will ensure that Digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data,” ODPC said.

“It will further ensure that the data controllers are limited to strictly dealing with data subjects who have consented to the collection and processing of their data,” read part of the statement.

Under Kenyan law, firms are required to comply with the Data Privacy Rights Act and the Data Protection Act.

Data Commissioner Immaculate Kassait urged data controllers and processors to ensure that the processing of personal data is in accordance with the provisions of the Act.

“The office has also conducted a compliance audit on WhitePath, (a digital credit provider) and an inspection on Naivas Supermarkets on recent Data Breach,” ODPC stated.