Safaricom maintains that viral investigations alleging that the company provided the Kenyan government with unhindered real-time access to customer data, including confidential call records (CDRs) and location data, are false.
Presenting its first-half FY25 financial results on Thursday, Safaricom CEO Peter Ndegwa said, “We do not share any customer data unless explicitly required of us via a court order.” It has been alleged previously that Safaricom’s data was misused to facilitate extrajudicial killings and enforced disappearances, especially during times of civil unrest.
It is also alleged that Safaricom worked with British company Neural Technologies to develop software that gave Kenya’s security services real-time access to CDRs.
But Ndegwa said these allegations were inaccurate. He acknowledged that Safaricom had a contractual relationship with Neural Technologies, but said it was to develop anti-fraud tools.
“We do not share any customer data unless explicitly required of us via a court order”
Kenya’s Data Protection Act requires data controllers and processors to obtain the data subject’s consent before sharing personal data with third parties. Businesses must also comply with these laws by registering with the Office of the Data Protection Commissioner (ODPC) and following policies on the lawful processing and sharing of personal data.