The data regulator in Uganda, NITA-U carried out an investigation into operations of the SafeBoda privacy policy that did not comply with the Data Protection and Privacy Act. There were claims that the e-hailing company was selling users’ personal data to third parties which is not in line with data protection laws and international standards.
The investigations that were carried out to assess the level of compliance of the SafeBoda privacy policy with the Data Protection Act revealed that user data might not have been at risk as the company explained that it worked with third parties like CleverTap to give users a better experience on the app.
Also read: NITA-U confirms that SafeBoda privacy policy does not put user data at risk.
However, major concerns were surrounding the fact that the company’s customers were not aware that their personal data was being shared and to what extent. NITA-U condemned this in its report and provided recommendations for the SafeBoda company to ensure that it makes changes to its privacy policy where users have the choice to give consent to sharing of their data.
Unwanted Witness investigates
Investigations carried out by Unwanted Witness between October 2019 and March 2020 reveal the deeper extent to which users’ data was being shared in its report. In its first analysis, it discovered that SafeBoda was sharing data with Facebook. Some of the information that was shared at the time included screen size, android version, location and service provider.
The Facebook trackers were removed after it was brought to the company’s attention that such business with Facebook was not in compliance with data protection laws.
The company currently works with two companies; CleverTap and Appsflyer which is indicated in the SafeBoda privacy policy. CleverTap is a software company based in the United States that helps other companies with tasks like mobile marketing. The popular e-hailing company currently shares data with this company to give customers the best user experience while on the app.
Recommendations for the SafeBoda privacy policy
In the sixth Clause of the SafeBoda privacy policy, it states that by using the app you’ve automatically given consent to the company to share your data. As per the recommendations from NITA-U and Unwanted Witness, the company has to make changes to this privacy policy where customers will be given the choice to consent to the sharing of their data for marketing purposes.
The company is also required to specify in detail who the third-parties are and the kind of personal data they share with them.
Safeboda was given until the end of May 2021 to change its privacy policy in accordance with the recommendations and The Data Protection and Privacy Act 2019.
The company has been in the headlines for a while because of concerns surrounding its privacy policy since 2019. Safeboda just like any other tech company operating in Uganda needs to take caution when it comes to how user data is handled and make sure it is complying with data protection laws. Any concerns surrounding how customers personal data is being handled makes the company’s customers lose confidence in the company and could also lead to legal action which is not good for business.
READ: Facebook to protect journalists with new features that will keep them safe.