Open letter to Safaricom PLC on alleged breaches of customers’ data privacy
KHRC and MUHURI are concerned that Safaricom PLC is alleged to have, for years, given security agents virtually unfettered access to its customer’s data, assisting in the tracking and capture of suspects, despite Kenyan security forces’ reputation for using unlawful tactics, including enforced disappearance, renditions, and extrajudicial killings of suspects. An investigation conducted by Namir Shabibi, Claire Lauterbach and Kenya’s Daily Nation newspaper... revealed criminal and unconstitutional practices Safaricom PLC is alleged to have engaged in for several years.
Although Safaricom PLC attempted to address these malfeasances in a public statement released on October 31, 2024, we recognize that this statement... [c]onveniently ignored to respond to key findings presented in the investigation.
... KHRC and MUHURI urge Safaricom PLC to adequately and comprehensively address the following disturbing allegations:
- That, when presented with a court order authorizing the release of call data records (CDRs) that could implicate Kenyan security forces in crimes of murder or enforced disappearance, Safaricom PLC routinely passes responsibility for extraction and handling of that data to police attached to its Law Enforcement Liaison officer...
- That Safaricom PLC released CDRs it certified as authentic, despite bearing signs of manipulation and falsification...
- That Safaricom PLC failed to hand over data potentially vital to the investigation of state crime in Kenya, by habitually declining to provide full CRDs despite court orders to do so...