Safaricom, Kenya’s leading mobile network operator, has firmly denied accusations of providing government agencies with direct access to customer data. The denial follows a recent report alleging that Kenyan security agencies were granted real-time access to sensitive customer information by the telecommunications giant.
Addressing the matter during Safaricom’s half-year financial results presentation, CEO Peter Ndegwa clarified the company’s stance, emphasizing the inaccuracy of these reports. “There have been some reports on this matter that, in my view, are not accurate, and we have made our position clear to those who have misreported it,” Ndegwa stated. He stressed that Safaricom’s commitment to customer privacy is central to its operations, which include serving 36 million users on its mobile network and 33 million M-PESA customers. “If we were sharing customer data, it would lead to a crisis and chaos in our business,” he added.
The controversy arose after claims that Safaricom’s systems allegedly provided security agencies with access to customers’ call data records (CDRs) and location information. Safaricom, however, dismissed these assertions on October 31, clarifying that CDRs are solely used for billing purposes and do not contain live location data. “CDR does not show any live location and movements of customers but is generated after a call is terminated or a message sent or received,” the company explained.
Further allegations centered on a reported partnership with UK-based company Neural Technologies to implement software purportedly allowing Kenyan authorities to monitor individuals in real-time. The tool, which supposedly included predictive profiling capabilities, allegedly enabled authorities to trace individuals’ movement patterns and their contacts. However, Safaricom clarified that its relationship with Neural Technologies dates back to 2012 and is strictly related to fraud detection. The company underscored that the partnership was solely aimed at implementing a Fraud Management System (FMS) to protect its services, including M-PESA.
Kenya’s data protection laws mandate strict guidelines for data sharing, requiring companies to obtain consent from customers before sharing any personal data with third parties, except under specific conditions, such as a court order. Safaricom reaffirmed its adherence to these regulations, with Ndegwa adding, “We do not share any customer data unless explicitly required of us via a court order.”
As concerns over data privacy rise globally, Safaricom’s response aims to reassure its customers of the company’s commitment to data protection and compliance with Kenya’s data privacy laws.