JURISDICTION ON DATA PRIVACY BREACH COMPLAINTS

Recently, there was a thread on the case against Safaricom by it’s users on
the privacy concerns in light of it’s terms and conditions. I remember an
argument as to which institution is specialised to handle such complaints –
the Constitutional Court or the ODPC. I argued for the latter, here is an
interesting case to support that.

In Mwangi & another v Naivasha County Hotel t/a Sawela Lodges (Petition
E003 of 2021) [2022] KEHC 10975 (KLR) (19 July 2022) (Ruling)

The Petitioners alleged that the Respondent took photographs of them during
a team building activity at the Respondent’s premises and proceeded to make
posts on various social media platforms using the said pictures with the
intention of marketing the Respondent’s products. The Petitioners averred
that the actions of the Respondent violated their right to privacy as they
did not consent to having their photos taken and the used

The Court held that the matters raised by the Petitioners fall under the
jurisdiction of the Data Protection Commissioner established under the Data
Protection Act, 2019 and the Honourable Court acted to discourage
invocation of the constitutional process where there exists a parallel or
alternative statutory remedy.

Will the class action against Safaricom suffer the same fate?

And why the difference in jurisprudence emanating from the High Court? Why
did they admit the Njeri Wanjiru V Machakos University case and throw this
one out?

What can be done to ensure the Courts develop consistent and synchronous
decisions in this area?

Kind regards
Meshack K Masibo.