Kenya’s data protection watchdog has imposed a KES 250,000 ($2,000) fine on loan app provider Whitepath for adding a user as a guarantor without consent and subjecting them to harassment.
The Office of the Data Protection Commissioner (ODPC) ruled that the company, which operates Instarcash and Zuricash loan apps, violated privacy laws when it processed personal information without legal grounds.
The case emerged when Dennis Caleb Owuor received debt collection calls in November 2024 from Whitepath representatives. The callers claimed he was a guarantor for a borrower who had defaulted on their loan.
“I was completely unaware of being listed as anyone’s guarantor,” Owuor told regulators. Despite his protests, the company continued demanding payment and failed to explain how he became a guarantor.
After unsuccessful attempts to stop the harassment, Owuor filed a complaint with the ODPC. When contacted by authorities, Whitepath failed to respond to the allegations.
The regulator determined that Whitepath had no legal basis to process Owuor’s information or list him as a guarantor without explicit consent. Additionally, the company violated requirements to notify individuals when their data is being used.
In addition to the monetary penalty, the ODPC directed Whitepath to erase all of Owuor’s data and provide evidence of compliance.
This isn’t Whitepath’s first brush with Kenya’s data protection authorities. Since its launch in 2019, the loan app has faced increasing scrutiny. In April 2023, the company was hit with a much steeper KES 5 million ($39,000) fine after approximately 150 customers complained about unauthorised access to contact lists and sending unsolicited messages. That penalty came after Whitepath ignored a previous enforcement notice.
The ruling reflects broader regulatory efforts to control abusive practices by digital lenders in Kenya. These include public sharing of defaulters’ information, aggressive collection tactics, and unauthorised extraction of contact details from borrowers’ phones.
Kenya has steadily tightened its oversight of digital credit providers in recent years. In December 2024, amendments to the Central Bank of Kenya (CBK) Act reclassified digital lenders as Non-Deposit Taking Credit Providers (NDTCs), subjecting them to enhanced compliance standards.
The reforms, which must be fully implemented by June 28, 2025, include interest rate caps, stricter data protection mandates, and minimum capital requirements of KES 100 million for operators.
Recall that Kenya’s 2023 Finance Bill proposed a 20% excise duty on digital lenders’ loan interest to raise national revenue. Today, we see this trend continuing with a fresh enforcement action against Whitepath.
The Digital Financial Services Associations of Kenya (DFSAK) opposes the tax, arguing it unfairly burdens digital lenders and could raise credit costs while favoring traditional institutions. DFSAK chairman Kevin Mutiso stressed that this could create a lopsided market and urged lawmakers to apply the same tax rules across all lenders or exempt digital players to preserve fair competition and financial inclusion.
In early 2023, Google removed nearly 500 loan apps from its Play Store after implementing a policy requiring digital lenders to provide proof of licensing from the Central Bank of Kenya. The policy change followed Kenya’s Digital Credit Providers regulations, which required entities providing loans digitally to acquire a license from the CBK.
Digital lending has expanded rapidly in Kenya, with CBK data showing that while over 730 companies applied for licensing, only 85 have received approval as of October 2024.
Similar regulatory trends are emerging across Africa. In Nigeria, the Federal Competition and Consumer Protection Commission (FCCPC) reported an 18.8% increase in approved loan apps from 320 in October 2024 to 380 in February 2025, highlighting the growing popularity of digital credit.
A recent Technext investigation also uncovered an exposed MongoDB database linked to BestFin Nigeria, containing over 300GB of unprotected personal data belonging to 846,000 people, illustrating the data security challenges facing the sector.
As digital lending platforms continue to grow across Africa, Kenya’s regulatory approach may offer valuable insights for protecting consumers while enabling financial inclusion through technology.
Read Also: How to apply for the NELFUND student loan online
