Senators Demand Audit of Safaricom and Airtel Over Alleged Unlawful Data Sharing

Nairobi, Kenya - July 24, 2025 - Kenyan senators have launched a probe into telecommunications giants Safaricom and Airtel Kenya, raising serious concerns about alleged unlawful data sharing with security agencies. The lawmakers are calling for a comprehensive audit of all data access requests made to the two companies since 2020, demanding transparency on how subscriber information is handled and whether these practices comply with legal standards. The investigation, spearheaded by the Senate's ICT Committee, comes amid growing public unease about privacy violations and the potential misuse of personal data.

The inquiry was initiated following allegations that Safaricom and Airtel have been sharing subscriber data with government agencies without proper legal authorization. These claims have sparked a heated debate in the Senate, with lawmakers questioning whether the telecom companies' data-sharing practices infringe on citizens' constitutional rights to privacy. The issue gained traction after reports surfaced linking Safaricom's data-sharing activities to incidents of citizen abductions, raising fears that subscriber information may have been used to facilitate state surveillance.

Marsabit Senator Mohamed Chute led the charge, urging the ICT Committee, chaired by Trans-Nzoia Senator Allan Chesang, to investigate the extent of data sharing between the telecoms and security agencies. Chute emphasized the need for clarity on the number of data access requests submitted, how many were granted, and whether each was supported by a court order. He also called for an examination of the role of the Communications Authority of Kenya (CA) and the Office of the Data Protection Commissioner (ODPC) in ensuring compliance with data protection laws.

The allegations center on claims that Safaricom and Airtel have provided security agencies, including the Directorate of Criminal Investigations (DCI), with access to sensitive subscriber data, such as call data records (CDRs) and real-time location information, without proper legal oversight. Critics argue that this practice violates Kenya's Data Protection Act of 2019 and constitutional provisions safeguarding privacy. The Senate's probe aims to determine whether these companies have adhered to legal requirements, particularly the necessity of court orders for data sharing.

In a previous statement, Safaricom denied allegations of unlawful data sharing, asserting that it strictly adheres to Kenya's data protection laws and only shares customer data when required by a court order. The company highlighted its certification under the ISO 27701 Privacy Information Management System, which it claims ensures the security of its IT systems against unauthorized access. Airtel has not publicly responded to the recent allegations, but the company is included in the Senate's call for an audit.

Several senators voiced strong concerns about the potential misuse of subscriber data. Narok Senator Ledama Olekina criticized Safaricom's transparency regarding its partnership with Neural Technologies, a foreign company involved in managing Kenyan subscriber data. Olekina warned that practices such as recording ID numbers during SIM card registration or mobile money transactions could expose citizens to risks like identity theft and fraud, particularly during elections or other sensitive periods.

Vihiga Senator Godfrey Osotsi called for a revision of Kenya's Data Protection Act to align with international standards, such as the European Union's General Data Protection Regulation (GDPR). He argued that the current law lacks robust security, accountability, and confidentiality measures to protect citizen information. Osotsi also proposed that the ODPC be made independent and staffed with IT professionals, rather than solely legal experts, to better address data protection challenges.

Busia Senator Okiya Omtatah described data privacy as a "life-and-death matter," condemning the alleged reckless handling of personal information. He urged the government to prioritize data protection and ensure that telecom companies are held accountable for any breaches. Migori Senator Eddy Oketch questioned why subscriber data appears more readily accessible to government agencies for tracking suspects compared to efforts to recover stolen phones, highlighting inconsistencies in data management practices.

A key focus of the investigation is Safaricom's agreement with Neural Technologies, which handles SIM installations and other data-related processes. Senators are seeking clarity on the terms of this partnership and whether adequate safeguards are in place to prevent unauthorized access to subscriber data. Concerns have been raised about the involvement of a foreign company in managing sensitive information, with lawmakers questioning whether this arrangement complies with Kenya's data protection framework.

The Senate's probe comes at a time of heightened scrutiny of telecom companies in Kenya. In November 2024, lobby groups Kenya Human Rights Commission (KHRC) and Muslims for Human Rights (MUHURI) accused Safaricom of facilitating security agencies' access to customer data, potentially aiding in enforced disappearances and extrajudicial killings. The groups criticized Safaricom for allegedly retaining "old" customer data it claimed to have deleted and for allowing police officers attached to its Law Enforcement Liaison Office to handle CDRs, creating a conflict of interest.

Additionally, a lawsuit filed by Youth Advocacy Africa in May 2025 accused Safaricom, Airtel, and Telkom Kenya of unauthorized deductions and auto-enrollment in subscription services, further highlighting consumer rights issues in the telecom sector. The Communications Authority of Kenya has also faced criticism for failing to address consumer complaints effectively, prompting calls for greater regulatory oversight.

The Senate's ICT Committee is tasked with conducting a thorough review of Safaricom and Airtel's data management practices. The committee will investigate the number and nature of data access requests, the legal basis for approvals, and any enforcement actions taken against the companies for non-compliance. It will also assess the ODPC's investigations into unlawful data sharing and the CA's role in ensuring responsible data use.

The committee is expected to report its findings to the Senate, including recommendations for strengthening data protection laws and preventing unauthorized access to subscriber information. The outcome of the probe could have significant implications for Kenya's telecom industry, potentially leading to stricter regulations and enhanced consumer protections.

Public sentiment, as reflected on social media platforms like X, has been critical of the alleged data-sharing practices. Posts on X have called for a forensic audit of Safaricom and Airtel, emphasizing the need for accountability in handling sensitive data. The telecom companies, particularly Safaricom, have faced ongoing pressure to address privacy concerns and demonstrate compliance with legal standards.

As Kenya's telecom market continues to grow, with 76.2 million SIM subscriptions reported in early 2025, the issue of data privacy remains a critical concern. Safaricom, with 48.2 million subscribers, and Airtel, with 24 million, dominate the market, making their data management practices a matter of national importance. The Senate's probe represents a pivotal moment in addressing these concerns and ensuring that subscriber privacy is safeguarded in an increasingly digital world.