Teacher Karis,

As is right now, Quick Mart does ask a customer after paying via their Till Number to again give one's number for the Loyalty Points to be updated. It sure does cause some seconds delay which might not be felt during a dull day but which has a HUGE impact on time during rush-times.

I tend to agree on the aspect of signing Data Protection Agreements being a way forward to eradicate these issues.



Sender notified by
Mailtrack 		06/04/24, 10:36:44 PM

On Tue, Jun 4, 2024 at 9:32 PM Kelvin Kariuki <kelvinkariuki89@gmail.com> wrote:
Thank you Nick for bringing this discussion here. I am a Software Engineer and I have implemented the M-Pesa API in several solutions to automate payment and it worked like a charm. This is now not going to be so flawless with the data minimization strategies being implemented by Safaricom.

In my view, data minimization should be rethought, especially in API to API data sharing, as you have rightly pointed out. It is going to negatively impact user experience like in the Supermarket Loyalty  Program which you highlighted, in which case a customer will have to be asked once more for their phone number after they have made their payment in order to get their Loyalty Points for the purchase made. Will this lead to longer queues in the supermarket? 

Another example is when you send money to someone else via your bank application or online banking via web, some banks now require you to type the name of the person you are sending the money to, which can actually be shared by the M-Pesa API, making that process more challenging. 

Safaricom should consider signing Data Protection Agreements with such organizations to ensure that they will use the data as per their terms of service and privacy policy to ensure protection compliance. 

I am looking forward to reading other possible workarounds from other listers on this challenge.  

On Tue, Jun 4, 2024 at 2:27 PM Twahir Hussein Kassim via KICTANet <kictanet@lists.kictanet.or.ke> wrote:
Listers,

Whilst this may conform with the Data Protection Act 2019, SAFARICOM must not be seen to cherry-pick what it can apply and what it cannot apply. Beginning of last year there was hue and cry on KRA being given access to Mobile Money transactions so as to effect Tax Compliance. This made many businesses drop the use of Paybills and Tills. Was this effected? If YES, what moral high ground is SAFCOM standing on now?

Compliance to the ACT must be 360 degree and not aimed at the a small portion of the pie, unfortunately most of issues of "compliance" seem to be focused on the downtrodden whilst the big boys are having their cake and eating it! Wahenga hunena, "msumeno hukata mbele na nyuma" (A saw cuts in both directions).

Regards
Twahir






Sender notified by
Mailtrack 		06/04/24, 02:18:48 PM

On Tue, Jun 4, 2024 at 1:11 PM N N via KICTANet <kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,


The onset of data minimization will have a great effect on small businesses which rely on API's to record and credit recurrent payments to the accounts of their customers. An example is an estate agency which collects rent through a till number and an API credits payments to rent accounts based on the phone number. With the current masking on the number i.e. +2547xxxxx015 or the default +254700000000, the API will no longer know where to credit the rent received via till. Another example is the Naivas Supermarket Loyalty program which rewards loyalty points automatically to a customer who pays for shopping via Lipa na MPESA. Going forward, this will not be possible.

Not sure whether there is any workaround around this problem. I personally think the data minimization should apply to generated till statements and not to information shared at an API level since this affects how some systems work. Or there should be a provision where businesses commit not to share data collected through payments with third parties under any circumstances.

At the very least, data minimization should happen at the person to person level where MPESA allows me to know your three names just because I sent you money.

Please share your thoughts.

Best Regards,
--------------------------------

Nick Ngatia
Skype: nick.ngatia | Phone: +254 (0) 711 42 2015 

"Development Towards Sustainability is far too more important to leave it to chance."
---------------------------------
_______________________________________________
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

Mailing List Posts Online: https://posts.kictanet.or.ke/

Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K

KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.

PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________
KICTANet mailing list -- kictanet@lists.kictanet.or.ke
To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Unsubscribe or change your options at: https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

Mailing List Posts Online: https://posts.kictanet.or.ke/

Twitter: https://twitter.com/KICTANet/
Facebook: https://www.facebook.com/KICTANet/
Instagram: https://www.instagram.com/KICTANet/
LinkedIn: https://www.linkedin.com/company/kictanet/
YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
WhatsApp Channel: https://whatsapp.com/channel/0029VaQsX4w6mYPIctLsGh1K

KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation.
KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars
of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's
times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your
wares or qualifications.

PRIVACY POLICY: See https://mm3-lists.kictanet.or.ke/mm/lists/kictanet.lists.kictanet.or.ke/

KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.


--
Best Regards,

Kelvin Kariuki
Assistant Lecturer
Multimedia University of Kenya
Faculty of Computing and Information Technology
Twitter Handle: @teacherkaris
Mobile: +2547 29 385 557
The Lord is my Shepherd