The Office of the Data Protection Commissioner in Kenya has imposed a fine of KES 250,000 on a digital lender, Whitepath, for breaching data privacy laws. This is the second fine issued to Whitepath in two years, signaling increased regulatory scrutiny on Kenyan digital lenders for their debt collection practices and mishandling of customer data.
The regulator found Whitepath guilty of listing an individual as a guarantor without their consent and harassing them with debt collection calls after the borrower defaulted. Despite the lack of response from Whitepath to the regulator’s inquiries, enforcement actions were taken based on the Data Protection Act of Kenya.
In a similar incident in April 2023, Whitepath was fined KES 5 million for unauthorized access to borrowers’ contact lists and sending unsolicited messages, indicating a pattern of data privacy violations by the company.
The case underscores the ongoing regulatory efforts to address unethical data practices by digital lenders, such as extracting contact details from borrowers’ phones and using aggressive debt collection methods. While penalties are being imposed, concerns persist about their effectiveness in deterring repeated offenses. Stronger regulatory measures, including larger fines and potential criminal liability for repeat offenders, may be necessary to ensure compliance and safeguard consumer rights.