NAIROBI, Kenya — The Employment and Labour Relations Court has issued interim orders restraining Safaricom PLC from sharing personal data linked to several former employees, pending the hearing of a case alleging violations of privacy and data protection laws.
In orders dated April 27, 2026, the court directed the telecommunications firm to immediately cease any further dissemination of the petitioners’ personal information, including digital identity details and M-Pesa transaction records.
The petitioners accuse Safaricom and a senior human resources official of unlawfully accessing and exposing sensitive personal data during internal investigations and disciplinary processes.
The court further ordered the company to file its response within 14 days, with all parties scheduled to appear for a hearing on May 11, 2026.
At the centre of the dispute are claims that the employees’ constitutional rights were infringed, particularly the right to privacy under Article 31 of the Constitution of Kenya 2010, alongside protections under the Data Protection Act 2019.
While employers may rely on internal audits and compliance checks, the law requires that personal data be handled lawfully, transparently, and for specific, legitimate purposes.
Any breach may expose organisations to legal liability, including damages and regulatory sanctions.
The outcome of the case is expected to set a precedent on how far companies can go in scrutinising employee data, particularly in sectors like telecommunications, where vast amounts of personal and financial information are processed.
