Kenya’s largest telecommunications company, Safaricom, has responded to allegations that it provided Kenyan security agencies with real-time access to customer data. Safaricom CEO Peter Ndegwa dismissed the claims as inaccurate, asserting that the company strictly adheres to data protection protocols and denies sharing sensitive customer information without legal authority. Ndegwa emphasized that if Safaricom were engaging in such practices, it would have caused significant disruptions within the company and among its 36 million customers.
The allegations stemmed from a publication that claimed Safaricom had granted security agencies access to critical customer data, including call detail records (CDRs) and location data. Safaricom clarified that CDRs do not contain live location data; rather, they are generated post-call for billing purposes and do not track customer movements in real time. The telco also noted that Neural Technologies, a British company mentioned in the publication, was contracted to implement fraud detection systems, not for surveillance purposes.
Under Kenyan data protection laws, companies must secure explicit consent or court orders to share customer data. Safaricom reiterated its commitment to safeguarding customer privacy, only releasing data when legally mandated.
The response highlights Safaricom’s adherence to data privacy laws in Kenya and the company’s strict internal policies on information handling.