Platinum Credit Ordered to Pay Sh400,000 After Spamming Customer With Unsolicited Loan Messages
A Kenyan mobile subscriber has been awarded Sh400,000 in compensation after the Office of the Data Protection Commissioner (ODPC) ruled that micro-lender Platinum Credit repeatedly sent him unsolicited loan offers in breach of the country’s data protection laws.
The case, filed by Samuel Waweru on 27 November 2024, accused the lender of persistently contacting him with promotional loan messages and alerts despite never granting consent. Following its investigation, the ODPC concluded that the company had infringed the complainant’s right to privacy and violated key provisions of the Data Protection Act, which governs how organisations collect and process personal information.
In a decisive ruling, Data Protection Commissioner Immaculate Kassait ordered the lender to compensate the complainant and issued a formal enforcement notice against the firm.
“The Respondent is hereby ordered to pay the Complainant Sh400,000 as compensation; an enforcement notice is hereby issued to the Respondent,” Ms Kassait said.
Possible Prosecution for False Information
In a further blow to the lender, the ODPC recommended the prosecution of Platinum Credit’s directors for supplying investigators with inaccurate information during the inquiry. According to the Commissioner, the directors may have knowingly provided false or misleading responses — an offence under the Data Protection Act.
“A recommendation for prosecution is hereby made against the Respondent’s directors for furnishing to the Data Commissioner information which they knew to be false or misleading, an offence under Section 57(3) as read with Section 73 of the Act,” she added.
If prosecuted, the directors could face penalties of up to Sh3 million, imprisonment of up to 10 years, or both.
Rising Complaints Over Mobile Spam
The ruling comes amid widespread frustration among Kenyans over the surge in unwanted mobile spam — ranging from betting alerts to digital loan advertisements — often sent without user permission.
In November, the Communications Authority of Kenya (CA) acknowledged the escalating problem and pledged stronger enforcement of consumer protection rules.
In a recent statement, the regulator said:
“We have also noted consumer frustration over spam messages, unsolicited subscriptions, unauthorised use of phone numbers and unauthorised premium services. These concerns are a priority for the Authority, and the improved SIM card registration processes are part of the larger strategy to safeguard consumer interests.”
What the Law Requires
Kenya’s data protection framework stipulates that companies may only send promotional messages if personal data is obtained lawfully, explicit consent is granted, and recipients are provided with a free and effective opt-out mechanism. All marketing communications must also include clear sender information.
The law further empowers individuals to instruct a data controller or processor to stop using their personal information for specific purposes — including direct marketing.
The ODPC’s ruling is expected to serve as a warning to digital lenders and marketers who have historically relied on aggressive SMS-based advertising, signalling a shift towards stricter enforcement of data privacy rights in Kenya.
Platinum Credit Ordered to Pay Sh400,000 After Spamming Customer With Unsolicited Loan Messages