“Response to your Open letter to Safaricom PLC on alleged breaches of customers’ data privacy”, 18th November 2024

We have been retained by Safaricom PLC (“Our Client”) and have instructions to respond to your “Open letter to Safaricom PLC” dated 14th November 2024 on alleged breaches of customers’ data privacy (the “Open letter”), as hereunder. We appreciate you commitment to foster a culture of constitutionalism and advance human rights and also ensure accountability. However, we would like to clarify that the allegations in the article published by the Daily Nation are currently under dispute. Our Client has formally demanded a retraction and an apology from the newspaper, as they consider the statements to be defamatory and malicious falsehoods. Our client has also formally filed a complaint with the complaints commission, which is established under section 27 of the Media Council Act, on the basis that the publications violated the Code of Conduct for the Practice of Journalism in Kenya for being misleading, inaccurate, inflammatory, biased and generally lacking in accountability. In other works, the matter is pending resolution…

We have also noted that the main issue raised in your letter are the allegations that our client breached private data rights, enshrined in the constitution and the Data Protection Act, by sharing Call Data Records (“CRDs”) of its customer, and who ended up being victims of murder or enforced disappearance, renditions and extra-judicial killings, contrary to the constitution and Data Protection Act. For your comfort and that of the public, in whose interest we believe you have written, we are instructed to inform you that the allegations that our client gave and/or gives Call Data Records of victims of disappearance, abductions and extra-judicial killings to the police or other law enforcement agencies are not true. Not a single case has been highlighted to support the allegations that our client shared CDR of any of the alleged victims…