A National Information Technology Authority of Uganda (NITA-U) report has revealed that boda-boda hailing app SafeBoda does not sell or share data with third-party vendors.
The recently released NITA-U report on data protection confirms that SafeBoda did not sell any customer data adding that there was no evidence found to support allegations that SafeBoda sells its users’ personal data. The report adds a number of recommendations for SafeBoda that the company is now working to comply with.
The report comes after the Ugandan technology authority conducted an investigation following a report by Unwanted Witness Uganda implicating SafeBoda for data privacy malpractices. In July 2020, the civil society organization released a report implicating SafeBoda in sharing their client’s personal data with third parties without their knowledge or permission as required by Section 7 of the Data Protection and Privacy Act of Uganda, raising legal issues as well as questions of trust.
Although Leah Waweru, the Head of Marketing at SafeBoda refuted the allegations stating that the company does not invade its users privacy nor share data with third-party vendors, the Speaker of Parliament instructed the Authority to conduct an investigation into the matter in July 2021.
The directive came after a one Obedgiu Sammy petitioned the Speaker on the alleged implication of sharing user’s data with big American tech companies and third parties without their consent and knowledge
We would like to thank NITA-U and Unwanted Witness for their recommendations to improve our privacy policies to protect Users’ rights. We have now improved the wording of our policies and we are proud to be a role model in the ecosystem, and paving the way for Ugandan start-ups.SafeBoda Statement
According to SafeBoda, the conclusions of the report are provided in the form of recommendations. Given that the Act is still new and it’s the regulations have not yet been issued, the report was an opportunity to build best practices for Ugandan companies.
In the report, NITA-U commended SafeBoda, noting “SafeBoda was cooperative during the investigation and has also made efforts towards compliance including improving its data protection policies to comply with provisions of the Act”.
In relation to the recommendations in the report, NITA-U focused on some of the data-processors that SafeBoda uses to improve our app performance. The report was primarily concerned about CleverTap, a world-renowned data processor and analytical software.
“NITA-U’s finding is that SafeBoda’s disclosure of its users’ personal data to CleverTap contravened the Data Protection and Privacy Act since the “consents” relied upon for the disclosure were not specific neither were they informed, given that the users were not informed of a) the extent of the personal data collected and b) the potential disclosure of their personal data with CleverTap.”NITA-U report