SafeBoda customers have been on the outlook since last week when the company issued new guidelines that attracted a lot of debate from users and the general public however National Information Technology Authority Uganda (NITA-U) conducted an investigation that found that SafeBoda shared users’ data with a US behavioral analysis company with out the required permission.
According to NITA-U SafeBoda unlawfully shared clients’ data with a US company contravenes data protection law and the laws of Uganda.The boda boda ride app, according to NITA-U, withheld information from customers that it was sharing their data with CleverTap, a US-based data processor.
According to the investigation report, by NITA-U into allegations of unlawful sharing of SafeBoda customer personal data by Guinness Transporters, which trades as SafeBoda, found that the transport company failed to disclose third party recipients of customer information.
While the Data Protection and Privacy Act 2019 that information shall be provided where personal data is transferred to one or more third parties.
The report further notes that while the SafeBoda app seeks consent to access users’ personal data, it failed to inform and specify the extent of data that was to be collected and with whom it would be shared.
The NITA-U also found out that Safeboda was disclosing users’ email addresses, telephone numbers, first and last names, mobile device operating system, application version and type as well as user log in status to CleverTap, a third part company in the US adding that this puts users at risk since Uganda is not aware what this data is being used for.
SafeBoda holds a contract with CleverTap for purposes of understanding users’ activities on the app for behavioral analysis.
NITA-U also noted in the report that while CleverTap committed to keep users’ data confidential, there were no security measures to ensure integrity of the data as prescribed by the data protection law.
The report, however, noted that there was no evidence to prove that SafeBoda was selling users’ data.
However the safe boda co-founder Mr Ricky Rapa Thompson revealed that the interpretation was largely around the concept of consent, which was still debated in data protection best practices adding that the company also noted that there was an ongoing process to address other concerns highlighted by NITA-U.
“We are working on this to make sure that customers can find our policies more easily on both the website and our app. This is something we strive to do to improve service to customers,” he said.
Failure to address and comply with NITA-U directives could attract prosecution under section 35 of the Data Privacy and Protection Act 2019.
SafeBoda last week published new and adjusted policies and guidelines, attracting a lot of debate among users and the general public.
What you need to know About CleverTap
CleverTap was Founded in 2014 and headquartered in California, US, with regional offices in Amsterdam, Singapore, Dubai, and Mumbai, CleverTap is a customer engagement and retention platform that helps brands maximize user lifetime value and that of their mobile apps.
The company personalizes customer experiences using real-time behavioral data and individual or personal predictive modeling.
SafeBoda has a contract with CleverTap for purposes of understanding users’ activities on the app for behavioral analysis.