AUSTINE OPALLA vs. MULLA PRIDE LIMITED T/A KE-CREDIT
1. Introduction
The case is in respect to the complainant, Austine Opalla against Mulla Pride Limited t/a Ke-Credit, on the continuous sending of threatening messages even after having settled his loan and contacting his employer despite the employer not being listed as a referee. This action is against the Data Protection Act, 2019 provisions.
Table of Contents
2. Nature of Complaint
The complainant settled his loan but continued receiving threatening messages. The complainant alleged that the respondent continuously sent him threatening messages even after having settled his loan, contacted his employer despite the employer not being listed as a referee, and obtained his employment details unlawfully from LinkedIn without his consent.
3. Analysis of Evidence
Complainant’s Position
- Produced a screenshot of a WhatsApp message sent to him as proof of harassment
- Provided a screenshot of an email sent to his employer as proof of unauthorized contact
- Stated that the employer was not listed as a referee
Respondent’s Defense
- Claimed the Complainant was contacted as his loan was overdue and he had not responded
- Explained that messages after repayment arose from a customer error in providing the correct account details
- Admitted their agent contacted the Complainant’s employer using LinkedIn and disciplinary action was taken by terminating the agent’s employment
- Stated they had deleted the Complainant’s data and issued an apology
4. Issues for Determination
- Whether there was a violation of the Complainant’s rights under the Act
- Whether the Respondent fulfilled its obligations under the Act
- Whether the Complainant is entitled to any remedies under the Act and the attendant Regulations
5. Final Determination
The Data Commissioner found:
- The Respondent sent threatening messages to the Complainant even after he had settled his loan.
- The Respondent contacted the Complainant’s employer despite the employer not being listed as a referee.
- The Respondent obtained the Complainant’s employment details from LinkedIn without his consent.
Orders:
- An Enforcement Notice is issued against the Respondent.
- Right of appeal to the High Court within 30 days.
6. Significance and Impact
Unauthorized Contact of Employer
- Prohibits data controllers from contacting employers or referees who were not listed by the data subject
- Establishes that obtaining employment details from social media without consent constitutes unlawful processing
Repeat Offender Consequences
- Demonstrates that repeated violations attract stricter enforcement
- Willful obstruction of ODPC investigations will be treated as non-cooperation
Broader Impact: This determination addresses a growing problem in Kenya’s digital lending sector, where lenders use social media platforms like LinkedIn to harvest employment information and contact employers without consent. It establishes that such practices constitute unlawful processing, setting a critical standard for protecting borrowers’ privacy in the digital lending ecosystem.

