A company in Kenya has faced a Ksh 1 million fine for using a woman’s image without her consent in a Mother’s Day Marketing campaign. A statement in the socials revealed that the Office of the Data Protection Commissioner (ODPC) ordered Grain Company Limited to pay the stipulated amount as compensation for violating her rights per the Data Protection Act (DPA). The High Court upheld the ruling, thus dismissing the company’s appeal.
It is reported that in August 2023, Mbuvu discovered her image on the billboards and in the YouTube Promotions in a campaign captioned “Tunashukuru Mama wa Ajabu,” which was created by Grain Industries in celebration of Mother’s Day.
According to Mbuvi, she alleges that she was not asked for permission for the use of her image on the billboards that were displayed on Nyali, Kibarani and Likoni major highways.
Grain Industries Limited
Despite the company’s explanation of how it obtained the image of Mbuvu, it could not alleviate itself from the penalty. The company noted that her image was submitted to them by one of its marketing agencies namely Brainwave Communications, who participated in a given campaign.
Furthermore, the company elaborated that the image was uploaded by the complainant’s daughter who is alleged to have given consent for its use.
Moreover, the complaint was filed in March 2024, whereby she argued that the company breached her data privacy by failing to ask for consent from her. Subsequently, she asked for the billboards to be removed and for the company to publicly acknowledge the violation as well as offer compensation.
Also Read: Casa Vera Lounge Fined Ksh1.8 M for Posting Reveler’s Photo
Notably, according to the media reports, the company faced various allegations. The allegations included using the complaint image without her consent. Two, the use of the woman’s date for marketing purposes amounted to a breach of privacy by DPA. The complainant asked ODPC to impose a fine on the company. In addition, she sought damages for the inconvenience caused by using her image without her permission.
Owing to the above-outlined allegations, the High Court Justice Nga’ngar dismissed the appeal and ruled in favour of the complainant.
Data Protection Act Violated the Case of Mbuvu
Section 26 of the Data Protection Act provides as follows: –
“A data subject has a right —
(a)to be informed of the use which their personal data is to be put;
(b)to access their personal data in the custody of the data controller or data processor;
(c)to object to the processing of all or part of their personal data;
ADVERT
(d)to correction of false or misleading data; and
(e)to deletion of false or misleading data about
them.”
Moreover, section 28 of The Act also, provides that: –
“A data controller or data processor shall collect personal data directly from the data subject.”
At the same time, section 28 (2) further states that: –
A data controller or data processor shall collect personal data directly from the data subject.
Also Read: Meta Fined $275 Million for Breaching Data Security
Similarly, section 28 (2) further states that: –
“Despite sub-section (1), personal data may be collected indirectly where —
(a) the data is contained in a public record;
(b) the data subject has deliberately made the data public;
(c) the data subject has consented to the collection from another source;
(d) the data subject has an incapacity, the guardian appointed has consented to the collection from another source;
(e) the collection from another source would not prejudice the interests of the data subject;
(f) collection of data from another source is necessary —
(i) for the prevention, detection, investigation, prosecution and punishment of crime”
Conclusively, the incident serves as an eye-opener to all companies involved in various promotions of their products. It is a call to follow the correct procedure required in the use of data for their campaign to avoid getting into such related entanglements.
Follow our WhatsApp Channel and join our WhatsApp Group for real-time news updates.