Top 10 Entities Safaricom Shares Data With (Excluding KRA & Police)

Jack_Black · January 16, 2026, 9:47am

Entity	Role in Data Access/Use
Central Bank of Kenya (CBK)	Oversees mobile money operations, requires transaction data for compliance and systemic risk monitoring.
Communications Authority of Kenya (CAK)	Regulates telecoms, monitors subscriber records and transaction flows for licensing and compliance.
Financial Reporting Centre (FRC)	Receives suspicious transaction reports to combat money laundering and terrorism financing.
Office of the Data Protection Commissioner (ODPC)	Ensures Safaricom’s data handling complies with Kenya’s Data Protection Act.
National Intelligence Service (NIS)	Accesses metadata for national security surveillance under lawful requests.
Ethics and Anti-Corruption Commission (EACC)	Investigates corruption cases, often requiring transaction trails from M-Pesa.
Directorate of Criminal Investigations (DCI) (non-police units)	Accesses transaction records for fraud, cybercrime, and financial crime investigations.
Banks & Financial Institutions (e.g., Equity Bank, KCB, NCBA)	Linked through M-Pesa integrations; transaction data shared for reconciliation and compliance.
Credit Reference Bureaus (CRBs)	Receive customer repayment and transaction data for credit scoring.
Telecommunications Partners (Airtel, Telkom, international roaming partners)	Limited sharing for interoperability and settlement of cross-network transactions.

5 Court Cases Involving Safaricom’s Illegal Data Sharing

Case	Year	Data Shared	Recipient	Court Findings/Notes
David Oaga Mokaya v Safaricom (Ruto Social Media Case)	2025	University student’s subscriber details and call records	Kenya Police investigators	Safaricom admitted to sharing data without a court order during trial at Milimani Law Courts.
Safaricom v. Student (Ruto Coffin Story Case)	2025	Call data records (SMS logs, phone call duration)	Directorate of Criminal Investigations (DCI)	Safaricom’s security officer testified that data was handed over without judicial authorization.
Wachira v Safaricom Company Limited (Civil Suit E005 of 2022)	2024	Subscriber information allegedly leaked	Unknown third parties (claimed by plaintiff)	Plaintiff alleged illegal disclosure; case dismissed for lack of proof, but highlighted risks of weak safeguards.
Milimani Cybercrime Case (Unnamed Student)	2024	Transaction and subscriber data	DCI Cybercrime Unit	Court heard Safaricom provided records under informal requests, breaching Data Protection Act requirements.
High Court Petition on Data Protection (Multiple Plaintiffs)	2023	Bulk subscriber metadata	Government agencies (unspecified, including security services)	Petitioners argued Safaricom shared data without consent; case underscored systemic issues in lawful interception practices.

Key Observations

Pattern of Breach: Most cases involve students or activists, where Safaricom shared call/SMS records with police or DCI without court orders.
Legal Gap: Courts repeatedly flagged violations of the Data Protection Act (2019), but enforcement remains weak.
Dismissals: Some civil suits (e.g., Wachira v Safaricom) were dismissed due to insufficient evidence, showing the difficulty of proving illegal data transfers.
Transparency Issues: Safaricom often claims compliance, yet testimony from its own officers revealed informal cooperation with investigators.

I simply have no time for Kagege stupidity.

Jack_Black · January 16, 2026, 9:51am

Why involve the National Police Service/DCI and then refuse to go court?

Are you that stupid?

Jack_Black · January 16, 2026, 9:58am

I’d love to see the law firm that would like to participate in the world’s dumbest countersuit on live television. Any one or more of these laws can be applied and/or merged into a class action lawsuit.

Law / Provision	What It Covers	Why It’s Strong for Plaintiffs
Data Protection Act, 2019 (Kenya)	Governs collection, processing, and sharing of personal data. Requires consent or lawful basis (court order, statutory duty).	Clear statutory obligations. Unauthorized sharing = direct breach. Courts have already flagged Safaricom for informal disclosures.
Constitution of Kenya, 2010 – Article 31 (Right to Privacy)	Guarantees privacy of communications, including phone calls, SMS, and digital transactions.	Constitutional rights are enforceable via High Court petitions. Strong remedy: declarations, damages, injunctions.
Kenya Information and Communications Act (KICA), 1998 (as amended)	Regulates telecom operators. Section 27 prohibits disclosure of subscriber information without consent or lawful authority.	Directly targets telecoms. Easy to prove if Safaricom shared data without proper authorization.
Consumer Protection Act, 2012	Protects consumers from unfair practices, including misuse of personal information.	Allows damages for breach of consumer rights. Strong for individual subscribers.
Computer Misuse and Cybercrimes Act, 2018	Criminalizes unauthorized access, disclosure, or interception of data.	Can be used in tandem with civil suits. Adds criminal liability for staff who leak data.

Eurgh, kageges.

MikeOcksmal · January 16, 2026, 10:51am

Just use WhatsApp. They brought encrypted communication to the masses

Jack_Black · January 16, 2026, 11:09am

WhatsApp only offers encryption when the app is on the phone, exported chats can be decrypted separately if meta or co receive a court order from for example, The FBI or the NSA or any US affiliated intelligence agency. It’s known as surveillance capitalism, and the aim is to create fear and doubt since they can’t bring material to court that’s been illegally obtained. This is what happens in 90% of mistrials.. so cops typically try to bundle a lot of charges on one person and hope a confession will stick.

You wonder what kind of training is offered at Kiganjo when trained officers expect to win via hopes and dreams methods.