Oppo Kenya fined Sh5 million for using client’s photo without consent
The Office of the Data Protection Commissioner (ODPC) has issued its first penalty notice against Oppo Kenya as a result of neglect and/or default to comply with an enforcement notice issued against it.
According to the announcement, ODPC shared that Oppo infringed on the privacy of a complainant by using their photo on the company’s Instagram account (stories) without consent.
“Oppo Kenya has refused to co-operate with ODPC by among others; failing to adduce and/or develop a policy for compliance with Sections 37 of the Act, which provides that a person shall not use, for commercial purposes, personal data obtained pursuant to the provisions of the Act, unless the person has sought consent from a data subject or is authorized to do so under any written law.”
The penalty notice on Oppo has been issued pursuant to Section 62 and 63 of the Data Protection Act 2019 and Regulation 20 and 21 of the Data Protection (Complaints Handling Procedure and Enforcement) Regulations, 2021.
As a result, Oppo is required to pay to the ODPC a penalty of Sh5 million.
In her remarks, the Data Commissioner Immaculate Kassait urged entities to comply with the Data Protection Act by implementing data protection principles and safeguards to all processing activities that relate to the collection, storage and other processing of personal data and sensitive personal data.
“ODPC urges Data Controllers and Data Processors to ensure that the processing of personal data is in accordance with the provision of the Act. Failure to comply with the Act will result in instituting enforcement procedures,” she added.
With the onset of digital space, organizations have been asked to ensure that they invest in the protection of their customers’ data. ODPC has set out laws and regulations that would see the organizations ensure that their customers’ data is safe.