By Our Reporter
The National Information Technology Authority, Uganda (NITA-U) has released their report findings on SafeBoda’s Privacy Policy and Data Protection Policy.
NITA-U commenced an investigation on SafeBoda’s Privacy Policy and Data Protection Policy following allegations that the cab-hailing platform was sharing its users’ personal data to third party apps without their consent.
During their investigations, NITA-U evaluated SafeBoda’s 2017 and 2019 Data Protection Policies against the statutory requirement for a data controller to provide certain information to data subjects before collection of their personal data including among others information on recipients with whom their personal data will be shared.
According to their findings, there was no evidence found to support allegations that SafeBoda sells its users’ personal data.
However, it was found that SafeBoda’s disclosure of its users’ personal data to CleverTap, a data processing and analytical software, contravened the Data Protection and Privacy Act since the “consents” relied upon for the disclosure were not specific neither were they informed, given that the users were not informed of the extent of the personal data collected and the potential disclosure of their personal data with CleverTap.
NITA-U thus recommended that, for these consents to be specific and informed, the users have to be informed with in the data protection notices or policies that their personal data will be shared with CleverTap or with any institution of similar nature.
The report commended Safeboda for its efforts to improve its adherence to this requirement with regards to its 2020 policy which it plans to upload to its application at the conclusion of this investigation.
“We are working on this to make sure that the customers can find our policies more easily on both the website and our app,” Ricky Rapa Thompson, the SafeBoda Co-founder noted. “We will also be ensuring that staff complete regular mandatory training to ensure that they remain up-to-date with any changes to data privacy and protection laws and that they are reminded of their key responsibilities.”
“This is a new area for many start-ups and it is our job to ensure we continue updating our training materials to continually educate our team on this.” He added.