The Office of the Data Protection Commissioner has fined Casa Vera Lounge, a popular club located along Ngong Road, Nairobi Ksh1,850,000 for sharing a reveler’s photo without consent.
In a statement released on Tuesday, September 26, the Data Commissioner confirmed that the club will pay the amount as determent for clubs posting photos without consent.
The fine, according to the statement, will help to ensure that other clubs exercise restraint while dealing with revelers’ photos.
“The establishment was fined Ksh1,850,000 for posting a reveler’s image on their social media platform without the data subject’s consent,” the statement read in part.
School fined Ksh4.5 M
Further, the Commissioner fined an Uthiru-based school Ksh 4.5 million for sharing minor’s photos without consent from parents.
According to the statement, the fine is the biggest ever handed to an education institution and will, as such, serve as an example to others.
Additionally, the Commissioner announced that a digital credit provider was fined after it was found culpable of sharing threatening messages.
The company, which according to the statement operates as KeCredit and Faircash, was accused of using names and phone numbers obtained through third parties to send the messages and make calls.
Also Read: Meta Fined €390m Euros for Breaking EU Data Rules
Further, the Commissioner noted that the fine will ensure that data controllers are limited to strictly dealing with people who have consented.
“This penalty will ensure that digital lenders and financial institutions notify data subjects before when collecting and processing their data,” the commissioner noted.
Further in the statement, the office announced that investigations into the alleged data breach involving Naivas Supermarket was underway.
Also under investigation is a digital lender accused of similar breaches.
In his remarks, Data Commissioner Immaculate Kassait urged all entities handling data to ensure compliance in their operations.
Club photography concerns
Cases of clubs sharing photos of revelers without consent and thereby infringing on their privacy are not new.
Also Read: We Gave Worldcoin Certificate Not Lisence- Data Commissioner
However, the Data Protection Act has lately helped to operations of data processors in abid to protect data subjects.
The Data Protection Act was passed in 2019 to create a framework for the regulation of data processing in Kenya.
According to the Act, the Data Commissioner is tasked with the role of ensuring, among others, self-regulation among companies handling data and compliance with international standards on data.