Three Kenyan banks, Co-operative Bank, Family Bank, and Kenya Women Microfinance Bank (KWFT), have been fined a combined $5,000 (approximately Sh650,000) for illegally sharing a borrower’s personal data.
The Office of the Data Protection Commissioner (ODPC) found that KWFT had attempted to sell a customer’s loan to Co-op and Family Bank, passing on her loan details and contact information without consent.
In a ruling that puts the country’s data privacy laws firmly in the spotlight, both acquiring banks were found to have contacted the borrower directly, a move that violated Kenya’s Data Protection Act of 2019.
According to Africa Digest News, Co-operative Bank admitted to relying on “market intelligence” to justify contacting the borrower, while KWFT failed to disclose how its information would be used. The ODPC ruled that both explanations fell short of legal requirements.
Posting on his LinkedIn page, Moses Maweu, founder of Chemkuza, an AI-driven formulation laboratory in Kenya, slapped the banks for failing to protect the privacy of their clients.
“In banking, trust is hard to earn but easy to lose. Data protection isn’t just a law, it’s a survival skill. Aggressive debt collection plus misuse of personal info is now a fast track to fines and bad PR,” he stated.
In a separate case, Co-op was fined $385 (Sh50,000) for sending unsolicited marketing messages about a dormant account. The customer had never opted in for such communication, another clear breach of the Act.
“If data is the new oil, these banks just set themselves on fire. The fines might look small, but the reputational cost is far bigger. No amount of ‘market intelligence’ can justify crossing the privacy line,” added Maweu.
Kenya’s Data Protection Act requires explicit consent for processing personal data and bans unsolicited marketing without opt-in approval. The ODPC has been stepping up enforcement in recent months, signalling that breaches will be met with tangible penalties.
“For Kenya’s banking sector, the message is clear: data privacy violations are no longer just a line in the fine print, they come with real fines, public exposure, and long-term trust deficits,” said Maweu.
Share