NAIROBI, Kenya – Kenya’s internet and TV service provider, Zuku, is in hot water after failing to respect a former customer’s right to data privacy.
The Office of the Data Protection Commissioner (ODPC) has slapped Wananchi Group’s Zuku with a Sh500,000 fine for refusing to delete ex-customer Yasin Abukar’s personal data and continuing to flood him with promotional messages—despite his repeated opt-out requests.
Zuku hit with Sh500,000 fine for spamming customer with messages ow.ly/xKZv50V2xyg
Ignoring Requests? That’ll Cost You.
According to the ODPC ruling, Zuku violated Kenya’s data protection laws by failing to erase Abukar’s details after multiple complaints.
The watchdog found that Abukar made several attempts—via phone calls and emails—to request data deletion, but the company simply shrugged off his concerns.
Zuku, however, defended itself, claiming it never received an official deletion request and would have complied if it had.
But here’s the catch—the email address Zuku provided for such requests wasn’t working, meaning Abukar’s request never even reached them.
The ODPC wasn’t buying that excuse, ruling that technical issues didn’t absolve the company from responsibility.
Obstruction Allegations and a Possible Court Case
The case took a turn when ODPC officers attempted an on-site visit to Zuku’s offices to review relevant records—but were blocked from accessing them.
As a result, Zuku’s director may now face prosecution for obstruction, according to Data Commissioner Immaculate Kassait.
Kassait stated that Zuku’s refusal to cooperate interfered with the regulator’s ability to enforce Kenya’s data laws, an offense that could lead to further legal action.
The company has now been ordered to permanently delete Abukar’s data and provide proof of compliance within seven days.
Why This Matters for Kenya’s Digital Privacy
Zuku, a major player in Kenya’s home internet and pay-TV market, is the latest company to come under scrutiny under the 2019 Data Protection Act—a law designed to safeguard consumers from misuse of their personal information.
This ruling sends a clear message to companies: ignoring data privacy laws isn’t just bad PR—it’s also bad for business.
With Kenya’s data protection framework evolving, businesses will need to tighten compliance to avoid hefty fines and potential lawsuits.
As more consumers become aware of their data rights, cases like Abukar’s could set important precedents for how companies handle personal information in the digital age.
