Kenya’s largest telecommunication service provider, Safaricom has vehemently denied accusations of sharing customer data with police without court orders, as controversy deepens over alleged surveillance during recent protests.
Safaricom CEO Peter Ndegwa. (Photo: Safaricom PLC)
The telecommunications giant, valued at over Ksh1.5 trillion on the Nairobi Securities Exchange, issued a detailed statement Thursday following explosive claims that it had granted security agencies unrestricted access to subscribers’ private information during protest periods.
“We do not share any customer data unless explicitly required of us via a court order,” Safaricom said, emphasising its strict adherence to the Data Protection Act 2019 and international privacy standards.
The allegations surfaced in a comprehensive Daily Nation investigative report which claimed police accessed real-time call data during Gen Z demonstrations where over 60 protesters lost their lives between March and April. The protests, which paralysed major urban centres including Nairobi, Kisumu, and Mombasa, had demanded government intervention on escalating living costs and tax burdens.
According to the exposé, Safaricom allegedly embedded Neural Technologies’ data management system into its core infrastructure in 2012, purportedly providing security services with unprecedented access to customer information including call records, location data, mobile money transactions, and internet usage patterns.
The newspaper further alleged that this system enabled real-time surveillance of protest organisers and participants, leading to numerous arrests and what human rights organisations have termed “targeted harassment.”
However, Safaricom’s Chief Corporate Security Officer, Nicholas Mulila, disputes these claims. “Neural Technologies has been our trusted partner since July 2012, serving exclusively as an internal fraud management system across all our business lines, including M-Pesa,” he explained during a hastily convened press briefing at Safaricom House.
“Neural Technologies is a global brand operating in over 30 countries providing support to telcos and utility companies to prevent and detect fraud with no third-party access,” the company elaborated in its written statement.
The Directorate of Criminal Investigations (DCI) has also moved to counter the allegations, providing unprecedented detail about their investigative methodologies.
“We don’t entirely rely on mobile phones. The mobile phone analysis only contributes to one per cent of our investigations,” said DCI Director Mohamed Ibrahim Amin at a press conference held at DCI headquarters along Kiambu Road.
He outlined the legal procedure for accessing telecommunications data: “If we are interested in getting information from service providers, we do so through lawful means. We go to the courts, swear affidavits, and serve that order to the service providers.”
Amin revealed that successful investigations primarily rely on forensic analyses, witness statements, and physical evidence collection rather than electronic surveillance.
Digital rights activists, however, remain unconvinced. The Kenya Human Rights Commission’s Executive Director Davis Malombe has called for an independent audit of telecom companies’ data protection measures.
“We’ve documented numerous cases where activists and protesters appeared to have been tracked through their mobile phones,” Malombe said during a forum on digital rights in Nairobi.
The controversy has attracted international attention, with Privacy International, a London-based surveillance watchdog, expressing concern about Kenya’s digital surveillance capabilities.
Safaricom, which controls over 65% of Kenya’s mobile market with 32 million subscribers and processes transactions worth Ksh15 billion daily through M-Pesa, has pledged continued transparency.
“We have always been transparent and honest in how we engage with our stakeholders, and we will continue to do so to maintain the trust that we have built over the years,” said Peter Ndegwa, Safaricom’s CEO, in a separate media briefing.
The Office of the Data Protection Commissioner, Immaculate Kassait, announced the launch of investigations into the allegations. “We take these claims seriously and will conduct a thorough audit of all telecommunications companies’ data handling practices,” she stated.
The Communications Authority of Kenya (CA) has also waded into the controversy, announcing plans to review existing regulations governing telecommunications data access by security agencies.
“We will be publishing new guidelines on lawful interception of communications by the end of the month,” said Ezra Chiloba, CA’s Director General.
Industry experts suggest this controversy could herald stricter regulations in Kenya’s telecommunications sector, potentially affecting how service providers interact with law enforcement agencies.
The Law Society of Kenya has announced plans to file a public interest litigation seeking clearer guidelines on police access to telecommunications data.
This development comes amid growing global concerns about government surveillance and data privacy, particularly in emerging economies where regulatory frameworks are still evolving.
