Kenya telecom data breach case sparks scrutiny of gambling operators
Petitioners argue that the information may have been used for gambling-related marketing and customer profiling.
Kenya.- A legal battle in Kenya over an alleged telecom data breach is drawing scrutiny on the gambling sector after court filings claimed that confidential subscriber data was shared with betting firms without user consent.
The case before Kenya’s High Court involves allegations that former employees of Safaricom PLC accessed subscriber records between 2018 and 2019 and distributed the information to third parties, including betting operators, for commercial purposes. The court is expected to deliver its ruling on May 13.
According to court documents filed by a group of subscribers, the alleged data exposed included personal and financial information linked to mobile phone and mobile money accounts. Petitioners argue that the information may have been used for gambling-related marketing and customer profiling.
The case has raised broader questions about how betting companies obtain customer data for promotional campaigns and whether telecom and digital payment systems are sufficiently protected against internal misuse.
Kenya’s betting industry has expanded rapidly over the past decade, with operators relying heavily on mobile payments and SMS-based advertising to reach users. Consumer groups and privacy advocates have previously raised concerns over unsolicited betting messages sent to mobile subscribers.
The petitioners argue that the alleged breach was not an isolated incident but the result of weak internal controls that gave employees broad access to customer databases. They claim the company failed in its obligations as a data controller under Kenya’s privacy and consumer protection laws.
Safaricom has denied the allegations and asked the court to dismiss the petition. The company argues that there is no verified evidence proving that a database containing information from 11.5 million subscribers was created or shared. It also maintains that any employees involved acted independently and outside the scope of their duties.
The telecom operator further argued that related disputes are already being handled in separate legal proceedings, including criminal and civil cases connected to the alleged breach.
The upcoming judgment could influence how telecom companies, payment providers and gambling operators handle customer information in Kenya, especially where betting-related marketing data is concerned. Privacy and compliance experts say the ruling may also affect the future enforcement of corporate data protection obligations in sectors that process large volumes of consumer data.
