On Fri, Sep 6, 2024 at 11:21 AM Twahir Hussein Kassim via KICTANet <kictanet@lists.kictanet.or.ke> wrote:
Listers,
On the ongoing discussion on M-Pesa transaction data and the Data Privacy Act. It's important to understand the balance between the right to privacy and what the deliverables that a clients should get for a paid up service. To address this, I think is important for us to look at the Data Flow of an MPESA Transaction, being that its a PAID SERVICE, what are the DELIVERABLES?
Let's take it step by step and look at the data flow: -
M-Pesa Transaction Flowchart
To provide a clearer understanding of the process, let's outline the typical flow of an M-Pesa transaction:
- Initiation: The user initiates a transaction by entering the recipient's number and the amount to be sent.
- PIN Entry: The user enters their M-Pesa PIN to authorize the transaction.
- Request to M-Pesa Server: The transaction request is sent to the M-Pesa server.
- Server Validation: The server validates the request, checking for sufficient funds and the accuracy of the recipient's number.
- Transaction Processing: If the validation is successful, the transaction is processed, and the funds are deducted from the sender's account.
- Confirmation to Sender: The sender receives an SMS confirmation of the transaction, including the transaction ID, amount, and recipient's number.
- Notification to Recipient: The recipient also receives an SMS notification about the incoming funds.
Data Revealed to the Client
As part of the transaction confirmation, the client receives the following information:
- Transaction Amount: The amount transferred.
- Recipient's Number: The phone number of the recipient.
- Transaction ID: A unique identifier for the transaction.
- New Balance: The client's updated account balance.
Attached please find a Flow chart of an MPESA Transaction,Balancing Privacy and Transparency
While the Data Privacy Act is crucial for protecting personal information, it should not hinder access to essential data that individuals have PAID FOR as a DELIVERABLE in the provision of the service. The Data that SAFARICOM holds of all transactions made is DATA it holds in trust for the clients that it has provided that service to. To deny them access is not only unfair but also hinges on being unethical. Safaricom should stop hiding behind the Data Privacy Act and give back to it's clients what they have paid for. IF we sit back and say "Hi ni sawa!" next Safaricom would decide not to give us an SMS notification on MPESA Transaction we make and cite DATA Privacy!
KICTANET has been known to take the bull by the horns and call a spade a spade, lets us call this out!
Twahir
_______________________________________________On Fri, Sep 6, 2024 at 5:51 PM Johnsey Kivoto via KICTANet <kictanet@lists.kictanet.or.ke> wrote:The processes are punitive, tideous and an avenue for extortion. For the police to follow thro, you have to pay bribes or forget the whole thing._______________________________________________On Fri, Sep 6, 2024 at 1:49 PM Ali Hussein via KICTANet <kictanet@lists.kictanet.or.ke> wrote:_______________________________________________GuysThis is actually very simple:-My sister was Carjacked a few days ago Robbed off everything like everything Tell me why You are refusing to give us complete mpesa statements of the monies that was sent to unknown numbers !!?I sympathize with the situation above. Unfortunately, the fact of the matter is that Safaricom can't just give out information about its customers - even the criminal type. This will create a very dangerous precedent. There is a reason there are processes for this. - Report to the police, OB Number, and Police to follow through to get the details from Safaricom, investigations, arrest, court, etc. Safaricom simply can't give me the number or details of any client simply by asking for it. Whatever the reason.RegardsAli Hussein
Fintech | Digital Transformation
Tel: +254 713 601113
Twitter: @AliHKassim
LinkedIn: Ali's Profile
Any information of a personal nature expressed in this email are purely mine and do not necessarily reflect the official positions of the organizations that I work with.
On Thu, Sep 5, 2024 at 2:57 PM Ochieng A. Ogango via KICTANet <kictanet@lists.kictanet.or.ke> wrote:Cephas,
Why is it that Safaricom masks numbers on the statement, yet that information comes back to the account owner when you send money.
Why do I need a court order to get information that I already have?Kind regards,
Ochieng A. Ogango
Advocate, LLB (Hons), CPM(M.T.I)
_______________________________________________On Thu, Sep 5, 2024 at 1:38 PM Cephas Joseph via KICTANet <kictanet@lists.kictanet.or.ke> wrote:Liz,Kenya it is, but (un)fortunately Kenya also has that standard process of Police/DCI -> Court -> Safaricom for data access.Safaricom is a data custodian hence has obligations and accountability for any persons data, (illicit) beneficiary and owner too.Two scenarios::1. Full transparency by Saf to the owner, with the risk of exposure for (illicit) beneficiaries. Take a case where, even innocently, one accesses the unique MPESA statement code sent via SMS and authN to your statement. With numbers in plain text, what can they do?2. With current masking, protecting beneficiaries numbers, when one accesses the unique MPESA statement code sent via SMS and authN to your statement, the masked numbers aren't useful for them. This covers both beneficiary privacy and assures Saf accountability.Unfortunately, Safaricom would not place the privacy burden on the customer. DPA laws shift this labor to the org, aye? The criminals are also Saf's customers, you know!I suppose visiting an official Saf Shop, for a thorough verification of customer ID, then being issued with the specific, limited data (cell nos.) needed might be a way? Or adopt a technical means, coded MPESA statement in app, with strignest security/privacy controls (TBD)?On Thu, Sep 5, 2024 at 1:04 PM Wilfred Omondi via KICTANet <kictanet@lists.kictanet.or.ke> wrote:Hi Liz,>From experience, once such a case is reported to a police station, the OCS/Deputy OCS should assign a DCI officer to investigate. The DCI officer should ask the court for a warrant/court order so that he/she can present to Safaricom for cooperation during the investigation.If you don't get such a help from the police station, you can also go directly to the DCI office in Kiambu and an investigating officer should be able to help.All the best._______________________________________________On Thu, 5 Sept 2024, 10:38 Liz Orembo via KICTANet, <kictanet@lists.kictanet.or.ke> wrote:
Dear listers,See this case in twitter. A lady was carjacked, her phone stolen and mpesa transferred to other numbers by thieves. Safaricom does not want to reveal the beneficiary numbers for the criminal transactions to the registered line owner. This is despite them going to Safaricom with an OB number.Question:1. Is Safaricom justified to use data protection for its reason to decline request for information? What’s the real intention of the DPA?2. Where are consumer and data protection rights on the side of the line owner? Esp where data protection policy is in conflict with consumer interests?3. The line infrastructure belongs to Safaricom, but who does the transaction data belong to? And how do they share the responsibilities to protect the data?4. Are there laws to solve this situation in the interest of the customer? Do we need to amend some?_______________________________________________Best regards.
Liz.
PGP ID: 0x1F3488BF
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
--_______________________________________________---Cephas O.M
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.
PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
