Wachira v Safaricom Company Limited (Civil Suit E005 of 2022) [2024] KEHC 16425 (KLR) (23 December 2024) (Judgment)

Neutral citation: [2024] KEHC 16425 (KLR)

Republic of Kenya

In the High Court at Eldoret

Civil Suit E005 of 2022

RN Nyakundi, J

December 23, 2024

Between

Bonface Wangai Wachira

Plaintiff

and

Safaricom Company Limited

Defendant

Unauthorized lending through a mobile number registered by a telecommunications service provider does not automatically establish liability on the part of the service provider

The plaintiff's grievance stemmed from the alleged unauthorized registration of a mobile phone number under his national identity card, which he claimed led to unauthorized borrowing and subsequent adverse credit listing. The court held that the mere fact that unauthorized lending occurred through a mobile number did not automatically establish liability on the part of the telecommunications provider (the defendant). The court found that the defendant was in compliance with its regulatory obligations in the registration process, and operated within clear boundaries that did not extend to financial lending or credit reporting. To hold them liable for the independent actions of third parties who utilized their platforms would extend liability far beyond established legal principles and practical business realities.

Reported by Kakai Toili

Banking Law – financial institutions – digital loan platforms - digital loan platforms using a telecommunications service provider’s platform - claim that there was unauthorized lending through a mobile number alleged to have been illegally registered by a telecommunications service provider – claim that a digital loan platform using a telecommunications service provider’s platform shared the details of the illegally registered mobile number to a credit reference bureau (CRB) for defaulting in loan repayment - under what circumstances could a telecommunications service provider be liable for information shared by a third party to CRB - whether the telecommunications service provider was automatically liable for unauthorized lending through the mobile number - whether telecommunications service providers were liable for the actions of third parties using their platform.Tort Law – defamation – ingredients of defamation - what were the requirements for one to succeed in a defamation suit.

Brief facts The plaintiff's grievance stemmed from the alleged unauthorized registration of a mobile phone number under his national identity card, which he claimed led to unauthorized borrowing and subsequent adverse credit listing. The plaintiff sought for among other orders; a declaration that the registration of the mobile number mobile phone number was unlawfully and illegally done; a declaration that the defendant was under obligation to pay any loans that may have been taken by the mobile number; a declaration that the defendant was obliged to clear the plaintiff from any credit reference bureau (CRB) arising from any transaction involving the mobile number; and general damages for personal data breach, mental anguish and illegally registering the mobile number and damaging plaintiff’s reputation as credit worthy citizen.The defendant denied the plaintiff’s allegations in their entirety and stated that the plaintiff’s national identity card was verified by the defendant during registration of the mobile number and that the defendant does not lend out any loans nor list or forward anyone’s name for listing at the CRB. The defendant also averred that it did not have control over the use of mobile numbers, once registered by subscribers and thus sought the dismissal of the suit with costs.

Issues

Whether a telecommunications service provider was automatically liable for unauthorized lending through a mobile number alleged to be illegally registered.
Whether telecommunications service providers were liable for the actions of third parties using their platform.
Under what circumstances could a telecommunications service provider be liable for information shared by a third party to credit reference bureaus?
What were the requirements for one to succeed in a defamation suit?

Held

Section 107(1) of the Evidence Act provided that whoever desired any court to give judgment as to any legal right or liability dependent on the evidence of facts which he asserted must prove that those facts existed. The effect of those provisions was that the burden of proof in a suit like the one filed by the plaintiff lay on that person who would fail if no evidence at all were given on either side. The implication and the reading of sections 107-109 of the Evidence Act was that the legal burden of proof was placed on the claimant or plaintiff or a party to a litigation who asserted the existence of any fact in issue as a criterion to secure his/her rights which had been infringed or violated.
Evidence in a trial may be given of two sets of facts. That was, facts in issue or facts relevant to the facts in issue. Therefore, the litigant in a trial must remember that his/her case at the trial would be restricted to evidence which bears directly on the matters in issue and to matters which led up to and explained that evidence which established the contested facts in order to secure judgment in his/her favor. A court exercised judicial discretion in rendering a decision by establishing that burden of proof based on the set of pleadings filed by the litigant or a party against the respondent or defendant.
For one to succeed in securing his reputation in a court of law, the law envisaged the following to be established:
1. There must be existence of a defamatory statement.
2. The statements must be published or issued maliciously.
3. The alleged defamatory statement of publication must have been issued by the defendant who had been sued before a court of law. The publication complained of must refer to the plaintiff or claimant who was desirous of protecting his personal reputation.
It was the law in Kenya that malice for purposes of defamation did not necessarily mean spite or ill will but proof of a justifiable cause to publish or utter the words complained of the plaintiff/claimant.
The purpose of the tort of defamation and the award of damages was to repair the alleged defamed name. The negative credit score of any person, citizen was a reputation issue for it may affect the manner in which he/she was able to access credit facilities in any of the financial institution. A person’s reputation was confined to his general character and standing but extended to his/her trade, business or professions and words were taken to be defamatory if they imputed lack of qualification, knowledge, skill, capacity, judgment or efficiency in the conduct of his/her trade, business or professional activity. If one blacklisted negatively with the CRB it disparaged one’s officer, profession, calling, trade or business. That was indeed the principle object of the claim against the defendant.
On the face of it, the standard and burden of proof was never discharged given the integrity of the registration of sim cards based on individualized database with the Registrar of Persons. In the defendant’s desk officer in dealing with the registration of sim cards, it did not comply with the already established procedures and protocols. In the sense of registration of sim cards, the onus of proof and weight to be given to that fact rested entirely with the plaintiff. On the whole, the document complained of and subsequent registration may have only been undertaken by an unlawful act of omission of a third party who came into possession of the necessary instruments of an identity card bearing the name of the plaintiff.
From the broad general principles, the registration of a sim card with the defendant or any other mobile data did not involve fingerprint or biometric data. The information by the holder of the identity card was believed to be true to a person who was in possession of it and to the one who honestly received the identity cards in respect to the subject matter of the communication in question.
The suit was concerned with the protection of reputation of the plaintiff. Therefore, the listing with the CRB, evidence must show explicitly and implicitly that any such shared information with the CRB was uninhibited communication from a particular source traceable to the defendant. The circumstances under which the CRB information was shared fell within the corresponding duty by the financial institution, bank or licensed digital loan platforms to submit any such information in the event of a default of the loan agreement. The plaintiff had failed to prove that the listing made to the CRB was generated by the defendant.
The court was privy to the fact that it took years to build a good name, reputation which also fashioned the credit worthiness of a person to be adequately capable of accessing credit to facility his/her profession, business or trade. If that claim was to be taken to have injured the reputation of the plaintiff under the tort of defamation, the same had not been fully discharged within the parameters of the standard and burden of proof which on a balance of probabilities.
Evidence of actual loss whether it be general loss of business or profits or loss of particular earnings or to the profession of the plaintiff was of essence in the claim. In so far as reputation and pecuniary loss was concerned, the plaintiff’s testimony in the context of what was adduced before the court speaking generally fell short of the threshold set in the procedural and substantive law.
Mobile money services in Kenya operated through a complex interplay of telecommunications infrastructure, financial services platforms, and third-party applications. The telecommunications provider's role was primarily to provide the communication infrastructure and maintain the integrity of subscriber identification. When a subscriber registered a SIM card, that created a basic telecommunications service relationship. Any subsequent financial services, including mobile loans, operated as distinct services provided by separate entities through the telecommunications platform. The platform provider could not reasonably monitor or control all transactions conducted through third-party applications, just as a road builder could not control the conduct of those who used the road.
The defendant's role was primarily that of a telecommunications service provider and platform facilitator. While the defendant facilitated various services through its platforms, it maintained distinct boundaries in its operations and responsibilities. The defendant operated as an independent entity with its own security and verification processes, and while it provided platforms that third parties may use for mobile money services, it did not bear responsibility for those services' security, credit risk, or CRB listing decisions.
When examining the chain of events from SIM card registration to credit listing, there were multiple independent actors making autonomous decisions. The lending institutions made their own decisions about extending credit, borrowers chose to take loans, and CRBs made independent listing decisions. Each of those actions occurred without the defendant's direct involvement or control.
The verification procedures demonstrated compliance with the defendant’s regulatory obligations under the Kenya Information and Communications Act and related regulations. The defendant’s assertion that it could not control how subscribers used mobile numbers once registered reflected a practical reality of telecommunications services, service providers could not reasonably be expected to monitor or control all subsequent uses of their platforms by third parties.
Causation must be both factual and legal. The mere fact that unauthorized lending occurred through a mobile number did not automatically establish liability on the part of the telecommunications provider.
The clear delineation of services and responsibilities made it problematic to hold the defendant liable for subsequent lending decisions and credit listings by independent third parties. To hold the defendant liable in the circumstances would set a concerning precedent that could fundamentally alter the landscape of telecommunications services in Kenya. Such a finding would effectively require telecommunications providers to monitor and assume responsibility for all subsequent uses of their services by third parties. That would not only be impractical but would likely impede the development of digital financial services that had proved crucial to Kenya's economic growth.
The defendant, like other telecommunications providers, operated within a carefully regulated framework. Their primary obligation was to ensure proper SIM card registration and maintain reliable telecommunications services. The witness statement demonstrated that they fulfilled those obligations through their verification processes. Extending their liability beyond those core responsibilities to encompass the independent actions of third-party financial services would blur important regulatory distinctions and potentially create overlapping and conflicting obligations.
While it might be foreseeable that mobile numbers could be used for financial services, it stretched the bounds of reasonable foreseeability to suggest that a telecommunications provider should anticipate and prevent all potential misuse of their services by third parties. The defendant's witness had clearly articulated that once a SIM card was properly registered, they could not control its subsequent use. That limitation was not a disclaimer of responsibility but rather recognition of practical and technological realities.
The court must consider the existing regulatory framework for financial services and CRBs. Those sectors had their own regulatory mechanisms and complaint procedures. The evidence suggested that the plaintiff's grievance might be more appropriately directed at the lending institutions or CRBs who made the actual decisions that led to his alleged damages. The defendant, as a telecommunications provider, neither made lending decisions nor reported to CRBs.
The plaintiff had not established a sufficient causal link between the defendant's actions and his alleged damages. While the plaintiff suffered inconvenience and potential damage to his credit standing, those injuries could not be legally attributed to the defendant's actions or omissions in the SIM card registration process.
The defendant had demonstrated compliance with its regulatory obligations in the registration process, and had established that it operated within clear boundaries that did not extend to financial lending or credit reporting. To hold them liable for the independent actions of third parties who utilized their platforms would extend liability far beyond established legal principles and practical business realities.
The burden of proof in civil matters rested squarely on the plaintiff to establish their case on a balance of probabilities. The plaintiff had failed to discharge that burden in several critical aspects.
1. No evidence was presented to demonstrate that the SIM card registration process itself was conducted negligently or in breach of established protocols.
2. The plaintiff did not establish a direct causal link between the defendant's actions and the alleged damages suffered.
3. While the plaintiff demonstrated adverse credit listing, he failed to show how that was directly attributable to the defendant, particularly given that the defendant neither provided loans nor reported to CRBs.
4. Despite alleging fraud in the registration process, the plaintiff did not meet the higher standard of proof required for such allegations. The law did not operate on mere suspicion or conjecture, and the court could not bridge evidential gaps through speculation.

Claim dismissed.

Orders

While the court acknowledged that the plaintiff may have suffered damages due to unauthorized lending and adverse CRB listings, such claims should be properly directed at the relevant lending institutions and CRBs, not the telecommunications provider.
Each party shall bear their own costs.
The temporary orders and injunctions, if any, issued in the matter were vacated.

Citations Cases

Alice Wanjiru Ruhiu v Messiac Assembly of Yahweh (Civil Appeal 521 of 2019; [2021] KEHC 13098 (KLR)) — Explained
C.O.M v Standard Group Limited & another (Petition 192 of 2011; [2013] KEHC 6061 (KLR)) — Explained
Daniel Gachanja Githaiga v Credit Reference Bureau Africa Ltd & 2 Others (Civil Case 551 of 2013; [2013] KEHC 4160 (KLR)) — Explained
Eunice Nganga v Higher Education Loans Board, Trans Union Kenya & Metropol Credit Reference Bureau Limited (Constitutional Petition 91 of 2019; [2020] KEHC 2471 (KLR)) — Explained
Jedidah Wanjiru Wairimu v Simon Karogha Njoroge & 3 Others (Civil Case 17 of 2014; [2021] KEHC 7584 (KLR)) — Explained
Joseph Njogu Kamunge v Charles Muriuki Gachari (Civil Appeal 42 of 2014; [2016] KEHC 5119 (KLR)) — Mentioned
Kiema Mutuku v Kenya Cargo Hauling Services Ltd ([1991] 2 KAR 258) — Explained
M'twamji Muchai v Broadways Bakery & Another (Civil Appeal 215 of 1995; [1996] KECA 29 (KLR)) — Explained
Njuwangu Holdings Ltd v Lang'ata KPA Nairobi & 5 others (? 139 of 2013; [2014] KEELC 551 (KLR)) — Explained
Peter M. Kariuki v Attorney General (Civil Appeal 79 of 2012; [2014] KECA 713 (KLR)) — Explained
Cuossens v Attorney General ((1999) 1 EA 40) — Explained
Davy v Garrett ((1878) 7 Ch. D 473) — Explained
Miller v. Minister of Pensions ((1947) 2 ALLELR 372) — Explained

Statutes

Constitution of Kenya, 2010 — article 28, 31 — Interpreted
Data Protection Act (cap 411C) — section 32 — Cited
Evidence Act (cap 80) — section 107 - 109 — Cited
Kenya Information And Communications Act (cap 411A) — Interpreted
SIM Registration Rules, 2015 (cap 411A, Sub Leg) — Interpreted

Texts

Hogg, QM., (Lord Hailsham) et al (Eds) (1995), Halsbury’s Laws England (London: Butterworth 4th Edn Vol 17)
O'Callaghan, P (2014), Common Law Series: The Law of Tort (Cambridge University Press)

AdvocatesMr. Gathere, Advocate for PlaintiffMr. Luke Ongwen for Defendant

Judgment

1.The plaintiff vide its plaint dated June 2, 2022 seeks orders as follows: -a.A declaration that the registration of mobile number 07xxxx6556 was unlawfully and illegally done.b.A declaration that the defendant is under obligation to pay any loans that may have been taken by the number 07xxxx64556 which was unlawfully and illegally registered under the plaintiff national identity card.c.A declaration that the defendant is obliged to clear the plaintiff from any credit reference Bureau including Transunion Credit reference Bureau arising to any transaction involving the mobile number 07xxxx6556 which was unlawfully and illegally registered under the plaintiff national identity card.d.A declaration that the plaintiff will not be criminally liable from any acts done by use of mobile number 07xxxx6556 which was unlawfully and illegally registered under his identity card.e.Special damages of Kshs 52,395.84/=f.General damages for personal data breach, mental anguish and illegally registering a mobile number under the plaintiff National Identity Card and damaging plaintiff’s reputation as credit worthy citizen.g.General damages for illegally registering a mobile number under the plaintiff National identity card and damaging plaintiff reputation as credit worthy citizen andh.Costs of this suit and interest be awarded to the plaintiff.

2.According to the plaintiff at all material times the defendant was the owner of mobile number 07xxxx6556. That the said mobile number was at all material times relevant to this suit registered by the defendant and/or defendant’s authorized employee, servant and/or agent.

3.That in the month of March, 2020 the plaintiff was denied a loan facility by the bank on the basis he was registered, as loan defaulter, at the Transunion Credit Reference Bureau. He averred that he had not defaulted on any loan. On making a follow up at the said Bureau it became apparent that on unknown dates and in unknown place a mobile number 07xxxx6556 was registered under plaintiff’s national identity card.

4.It is the plaintiff’s case that the said number was used in unknown date, unknown place, through unknown means and from unknown lender to borrow a loan which was never paid leading to the listing. That the registration of the said mobile number under the plaintiff national identity card was done by the defendant and/or defendant’s authorized employee, servant and/or agent. That the registration of the said mobile number under the plaintiff national identity card was illegal and unlawful, in breach of the plaintiff right to privacy, it was done recklessly and negligently and it was in breach of the statutory obligation placed on the defendant by various laws. As a result of the said registration, the plaintiff sustained serious financial losses, mental distress, anguish and has suffered great shame and damage to his reputation and borrowing ability.

5.The defendant denied the plaintiff’s allegations in their entirety and stated that the plaintiff’s national identity card was verified by the defendant during registration of the mobile number. That the defendant does not lend out any loans nor list or forward anyone’s name for listing at the Credit Reference Bureau. The defendant also averred that it does not have control over the use of mobile numbers, once registered by subscribers. It then sought orders that the suit be dismissed with costs.

Plaintiff’s submissions.

6.It was submitted for the plaintiff that this matter concerns breach and protection of private data. Learned counsel submitted that this is fundamentally about privacy and human dignity, involving deliberate breach of constitutional rights leading to economic havoc and mental distress being occasioned on the plaintiff.

7.Learned counsel submitted that the rights to human dignity and privacy are enshrined in the Constitution under article 28 and 31 due to it being fundamental and among the most important and protected of human rights.

8.On the evidence before this honorable court, it was contended that the plaintiff only discovered in March 2020 that he had been denied credit facility by the bank on grounds of being a serial loan defaulter. Upon checking with Transunion Credit Reference Bureau, it emerged that the defendant, without his knowledge or consent, had registered mobile number 079xxxx 556 under his national identity card 24xxxx07.

9.It was further submitted that this mobile number had proceeded to borrow loans from mobile apps which had not been paid, leading to the adverse listing. The plaintiff brought this to the attention of the defendant who referred him to Kenya Police. The Police in turn referred the matter to the Office of Data Protection. Learned counsel emphasized that during cross examination, it became apparent the defendant had flatly declined to cooperate with both the Police and Office of Data Protection.

10.Learned counsel drew the court's attention to section 32 of the Data Protection Act which places the burden of proof on the Defendant to establish that the data subject consented to the use of their private data. The defendant has demonstrably failed to discharge this burden by not producing to court documents used for registration, call statements or M-PESA statements.

11.On the question of quantum, counsel referred to the case of Peter M Kariuki v Attorney General [2014] eKLR, where the Court of Appeal cited with approval the Supreme Court of Uganda decision in Cuossens v Attorney General (1999) 1 EA 40, which established the principle that damages should put the injured party in the same position they would have been if they had not sustained the injury.

12.Learned counsel further cited the case of Eunice Nganga V Higher Education Loans Board and others, where the court awarded Kshs 10 million being damages for infringement of fundamental rights. Similarly, in COM v Standard Group Limited & another [2013] eKLR, the court awarded Kshs 1,500,000 for breach of right to privacy.

13.In conclusion, it was submitted that the plaintiff has proved his case and should be awarded:a.Special damages of Kshs 52,395.84/-b.General damages of Kshs 30,000,000/-c.Costs of the suit

14.The defendant presented submissions in opposition to the plaint dated 3 June 2022, relying on its defence and the witness statement of Joyce Wambui Mugwe dated 10 July 2023 and 19 July 2024. The defendant advanced its arguments based on three key issues identified by the court: registration of the SIM card, whether there was negligence in registering the SIM card, and whether there was breach of data privacy following registration.

15.The defendant relied on the legal proposition established in Alice Wanjiru Ruhiu v Messiac Assembly of Yahweh [2021] eKLR, citing The Halsbury's Laws of England, 4th Edition, Volume 17, which emphasizes that the legal burden of proof remains constant throughout a trial and rests upon the party desiring the court to take action.

16.On the issue of SIM card registration and alleged negligence, the Defendant submitted that it followed proper verification procedures before effecting the SIM registration. Through its witness Joyce Wambui Mugwe, the Defendant demonstrated that it conducted physical verification of the national identity card against the individual presenting it, with further cross-referencing through the Integrated Population Registration System (IPRS) and Safaricom's internal database.

17.The defendant maintained that it does not lend out loans or list anyone with Credit Reference Bureaus, nor does it have control over mobile numbers once registered by subscribers. The defendant's witness testified that all statutory obligations were adhered to during the registration of mobile number 079xxxx 556, including compliance with the Kenya Information and Communications Act, Data Protection Act, and SIM Registration Rules, 2015.

18.Regarding the alleged fraudulent registration, the defendant relied on the case of Davy v Garrett (1878) 7 Ch. D 473, emphasizing that fraudulent conduct must be distinctly alleged and distinctly proved. This principle was reinforced in Njuwangu Holdings Ltd v Lang'ata KPA Nairobi & 5 others [2014] eKLR, which established a higher standard of proof for fraud allegations in civil cases.

19.On the negligence claim, the defendant cited M'twamji Muchai v Broadways Bakery & another [1996] eKLR and Kiema Mutuku v Kenya Cargo Hauling Services Ltd [1991] 2 KAR 258, emphasizing that there is no liability without fault in Kenya's legal system and that a plaintiff must prove negligence against the defendant where the claim is based on negligence.

20.The defendant further relied on case law regarding CRB listings, particularly Daniel Gachanja Githaiga v Credit Reference Bureau Africa Ltd & 2 Others [2013] eKLR and Jedidah Wanjiru Wairimu v Simon Karogha Njoroge & 3 others [2021] eKLR, which establish that plaintiffs must exhaust statutory procedures for delisting before seeking legal redress.

21.On quantum, the defendant argued that the plaintiff's claim for damages lacks foundation as it is based entirely on an alleged negative credit listing which has not been proven. The defendant emphasized its separate commercial relationship from banking platforms like KCB M-pesa, explaining that it merely provides merchant till numbers without access to or visibility into transactions conducted through banks' platforms.

22.The defendant concluded by submitting that the plaintiff failed to establish any causal link between alleged losses and the defendant's actions in registering the mobile phone number under his identity. The defendant therefore prayed that the plaintiff's claim be dismissed with costs awarded to the defendant.

Analysis and Determination

23.The starting point for cases of this nature is well set out in section 107-109 of the Evidence Act. In section 107(1) it provides that whoever desires any court to give judgment as to any legal right or liability dependent on the evidence of facts which he asserts must prove that those facts exist. The effect of these provisions is that the burden of proof in a suit like the one filed by the plaintiff lies on that person who will fail if no evidence at all were given on either side. The implication and the reading of sections 107-109 of the Evidence Act is that the legal burden of proof is placed on the claimant or plaintiff or a party to a litigation who asserts the existence of any fact in issue as a criterion to secure his/her rights which have been infringed or violated. This is what the court acknowledged in Miller v Minister of Pensions (1947) 2AllELR 372 in which lord Denning (as he then was) observed inter-alia that:“if at the end of the case, the evidence turns the scale definitely one way or the other, the tribunal must decide accordingly, but if the evidence is so evenly balanced, the tribunal is unable to come to a determinate conclusion on way or another, then the man must be given the benefit of doubt. This means that the case must be decided in favor of the man unless the evidence against him reached the same degree of cogency as is required to discharge the burden in a civil case. If the evidence is such that the tribunal can say, we think it more probably than not the burden is discharged, but if the probabilities are equal it is not”

24.By virtue of this dicta by Lord Denning, evidence in a trial may be given of two sets of facts. That is, facts in issue or facts relevant to the facts in issue. Therefore, the litigant in a trial must remember that his/her case at the trial will be restricted to evidence which bears directly on the matters in issue and to matters which lead up to and explain that evidence which establishes the contested facts in order to secure judgment in his/her favor. How does a court exercise judicial discretion in rendering a decision? it is by establishing that burden of proof based on the set of pleadings filed by the litigant or a party against the respondent or defendant. From this perspective, on top of the court’s mind, is whether the Plaintiff has discharged that burden of proof on a balance of probabilities to be granted the reliefs premised in the Plaint.

25.In re-examining the evidential material as adduced by the plaintiff, this court cannot ignore that the issues in question tend also to revolve around the protection of a person’s reputation under the umbrella of the defamation tort. The learned author Callaghan in his common law series, the Law of Tort expressed himself in the following manner:“The law of defamation, or more accurately, the law of Libel and Slander is concerned with the protection of reputation. As a general rule, English law gives effect to the 9^th commandment, that a man shall not speak evil falsely of his neighbor. It supplies a temporal sanction. Defamation protects a person’s reputation, that is the estimation in which he is held by others. It does not protect a person’s opinion of himself nor his character. The Law recognizes in every man, a right to have the estimation in which he stands in the opinion of others unaffected by false statement to his discredit and it affords redress against those who speak such defamatory falsehoods.”

26.What does the law envisage to established for one to succeed in securing his reputation in a court of law?a.There must be existence of a defamatory statementb.The statements must be published or issued maliciouslyc.The alleged defamatory statement of publication must have been issued by the defendant who has been sued before a court of law. The publication complained of must refer to the Plaintiff or claimant who is desirous of protecting his personal reputation.

27.It is also the law in Kenya that malice for purposes of defamation does not necessary mean spite or ill will but prove of a justifiable cause to publish or utter the words complained of the plaintiff/claimant (see the principles in Joseph Njogu v Charles Muriuki (2016) eKLR). When discussing this tort of defamation, one cannot ignore William shakespeare who better described the invaluable jewel good name of a person in the following words:“Good name in man and woman, dear my lord is the immediate jewel of their souls, who steals my purse, he steals trash. It is something for nothing. Twas mine, tis his, and has been slave to thousands, but he that filches from me my good name robs me of that which enriches him and makes me poor indeed.”

28.The purpose of the tort of defamation and the award of damages is to repair the alleged defamed name. The plaintiff contends in this suit that the defendant without lawful excuse or justification registered the sim card which was used to procure digital loans from an unknown person using the authentic names of the Plaintiff which action later occasioned a negative impact of his credit score with the Credit Reference Bureau. The negative credit score of any person, citizen is a reputation issue for it may affect the manner in which he/she is able to access credit facilities in any of the financial institution. A person’s reputation is confined to his general character and standing but extends to his/her trade, business or professions and words are taken to be defamatory if they impute lack of qualification, knowledge, skill, capacity, judgment or efficiency in the conduct of his/her trade, business or professional activity. It is also noteworthy to take into account that if one blacklisted negatively with the CRB it does disparage one’s officer, profession, calling, trade or business. I am of the considered view this indeed is the principle object of the claim against the defendant.

29.On this aspect of this case, the single duty which devolves on this court is whether the listing complained of is capable of a defamatory meaning and the same were published or information shared came from the defendant. There is no doubt that the defendant in his defense has vehemently contested that in any way in the cause of dealing with the impugned simcard, it has acted recklessly or negligently resulting in the negative listing of the Plaintiff with the CRB. It is important to preserve the rational and public policy of the CRB regulatory framework. On all matters which may be said to be legitimate concerned of the banking industry. The question then to be answered is whether in the process of registering the sim card which was wrongfully and unlawfully used while operating in the name and style of the Plaintiff’s particulars, there has been evidence in the ordinary sense to impute liability on the part of the defendant. On the face of it, that standard and burden of proof was never discharged given the integrity of the registration of sim cards based on individualized database with the registrar of persons. There can be no doubt that in the defendnt’s desk officer in dealing with the registration of sim cards, it did not comply with the already established procedures and protocols. In the sense of registration of sim cards, the owners of proof and weight to be given to this fact rest entirely with the plaintiff. On the whole, in my view, the document complained of and subsequent registration may have only been undertaken by an unlawful act of omission of a third party who came into possession of the necessary instruments of an identity card bearing the name of the plaintiff. From the broad general principles, the registration of a sim card with the defendant or any other mobile data does not involve fingerprint or biometric data. The information by the holder of the identity card is believed to be true to a person who is in possession of it and to the one who honestly receives the identity cards in respect to the subject matter of the communication in question. It important to keep in mind that this suit is concerned with the protection of reputation of the plaintiff. Therefore, the listing with the CRB, evidence must show explicitly and implicitly that any such shared information with the CRB was uninhibited communication from a particular source traceable to the defendant. In the present instance, I may be right or wrong. The circumstances under which the CRB information is shared falls within the corresponding duty by the financial institution, bank or licensed digital loan platforms to submit any such information in the event of a default of the loan agreement. In this regard, this court has not been told that the loan application and the amount dispersed to the alleged name of the plaintiff was under the watch of the defendant’s company or its subsidiaries. The plaintiff has failed to proof that the listing made to the CRB was generated by the defendant. I am privy to the fact that it takes years to build a good name, reputation which also fashions the credit worthiness of a person to be adequately be capable of accessing credit to facility his/her profession, business or trade. It goes without saying that if this claim was to be taken to have injured the reputation of the Plaintiff under the tort of defamation, the same has not been fully discharged within the parameters of the standard and burden of proof which on a balance of probabilities.

30.In the case at bar, evidence of actual loss whether it be general loss of business or profits or loss of particular earnings or to the profession of the plaintiff was of essence in this particular claim. It must be understood in so far as reputation and pecuniary loss is concerned, the plaintiff testimony in the context of what was adduced before this court speaking generally fell short of the threshold set in our procedural and substantive law.

31.This case presents significant questions concerning data privacy rights, consumer protection, and corporate responsibility in our increasingly digital economy. The plaintiff's grievance stems from the alleged unauthorized registration of a mobile phone number under his national identity card, which he claims led to unauthorized borrowing and subsequent adverse credit listing. The implications of this case extend beyond the immediate parties, touching on the broader issues of identity protection and corporate accountability in digital transactions.

32.To properly contextualize this dispute, it is essential to understand the technological ecosystem within which telecommunications providers operate. Mobile money services in Kenya operate through a complex interplay of telecommunications infrastructure, financial services platforms, and third-party applications. The telecommunications provider's role is primarily to provide the communication infrastructure and maintain the integrity of subscriber identification.

33.When a subscriber registers a SIM card, this creates a basic telecommunications service relationship. Any subsequent financial services, including mobile loans, operate as distinct services provided by separate entities through the telecommunications platform. The platform provider cannot reasonably monitor or control all transactions conducted through third-party applications, just as a road builder cannot control the conduct of those who use the road.

34.The court begins with some information about this case. There was concern as to whether the registration of mobile number 07xxxx6556 under the plaintiff's national identity card was lawful and properly conducted. The plaintiff's testimony is that he only discovered the existence of this number in March 2020 when he was denied a loan facility by a bank. Upon investigation at Transunion Credit Reference Bureau, he learned that a mobile number 07xxxx6556 had been registered under his national identity card number 24xxxx07 without his knowledge or consent. The plaintiff was categorical that he had never registered this number, nor authorized anyone to register it on his behalf. Upon discovering this unauthorized registration, he reported the matter to the defendant who referred him to the Kenya Police. The Police in turn referred the matter to the Office of Data Protection.

35.The evidence before this court, particularly through the witness statement of Mr Mwaliga, establishes crucial distinctions that significantly impact the question of liability. Safaricom's role is primarily that of a telecommunications service provider and platform facilitator. The witness statement makes it clear that while the company facilitates various services through its platforms, it maintains distinct boundaries in its operations and responsibilities. The defendant operates as an independent entity with its own security and verification processes, and while it provides platforms that third parties may use for mobile money services, it does not bear responsibility for those services' security, credit risk, or CRB listing decisions.

36.This distinction proves critical to the present case. When examining the chain of events from SIM card registration to credit listing, I find multiple independent actors making autonomous decisions. The lending institutions made their own decisions about extending credit, borrowers chose to take loans, and credit reference bureaus made independent listing decisions. Each of these actions occurred without the defendant's direct involvement or control. Indeed, the evidence shows that the defendant neither lends money nor reports to Credit Reference Bureaus, making it difficult to establish a direct causal link between their actions and the plaintiff's alleged damages.

37.Moreover, the defendant's witness statement comprehensively outlines their verification procedures, including physical verification requirements, IPRS system checks, and photo identification matching. These procedures demonstrate compliance with their regulatory obligations under KICA and related regulations. The company's assertion that it cannot control how subscribers use mobile numbers once registered reflects a practical reality of telecommunications services, service providers cannot reasonably be expected to monitor or control all subsequent uses of their platforms by third parties.

38.The court must carefully examine the chain of causation between the registration of a SIM card and subsequent financial transactions. Causation must be both factual and legal. The mere fact that unauthorized lending occurred through a mobile number does not automatically establish liability on the part of the telecommunications provider.

39.Particularly telling is the defendant's explicit position regarding financial services: they do not lend out any loans, do not list or forward names to Credit Reference Bureaus, are not a reporting entity under the financial lending system, and cannot present reports to credit reference bureaus. This clear delineation of services and responsibilities makes it problematic to hold them liable for subsequent lending decisions and credit listings by independent third parties.

40.So that then to hold the defendant liable in these circumstances would set a concerning precedent that could fundamentally alter the landscape of telecommunications services in Kenya. Such a finding would effectively require telecommunications providers to monitor and assume responsibility for all subsequent uses of their services by third parties. This would not only be impractical but would likely impede the development of digital financial services that have proved crucial to Kenya's economic growth.

41.This court must consider that Safaricom, like other telecommunications providers, operates within a carefully regulated framework. Their primary obligation is to ensure proper SIM card registration and maintain reliable telecommunications services. The witness statement demonstrates that they fulfilled these obligations through their verification processes. Extending their liability beyond these core responsibilities to encompass the independent actions of third-party financial services would blur important regulatory distinctions and potentially create overlapping and conflicting obligations.

42.The question of foreseeability also weighs heavily in this analysis. While it might be foreseeable that mobile numbers could be used for financial services, it stretches the bounds of reasonable foreseeability to suggest that a telecommunications provider should anticipate and prevent all potential misuse of their services by third parties. The defendant's witness has clearly articulated that once a SIM card is properly registered, they cannot control its subsequent use. This limitation is not a disclaimer of responsibility but rather a recognition of practical and technological realities.

43.Furthermore, this court must consider the existing regulatory framework for financial services and credit reference bureaus. These sectors have their own regulatory mechanisms and complaint procedures. The evidence suggests that the plaintiff's grievance might be more appropriately directed at the lending institutions or credit reference bureaus who made the actual decisions that led to his alleged damages. The defendant, as a telecommunications provider, neither made lending decisions nor reported to credit reference bureaus.

44.Having carefully considered the evidence and arguments presented, this court finds that the plaintiff has not established a sufficient causal link between the defendant's actions and his alleged damages. While the plaintiff undoubtedly suffered inconvenience and potential damage to his credit standing, these injuries cannot be legally attributed to the defendant's actions or omissions in the SIM card registration process.

45.The defendant has demonstrated compliance with its regulatory obligations in the registration process, and more importantly, has established that it operates within clear boundaries that do not extend to financial lending or credit reporting. To hold them liable for the independent actions of third parties who utilize their platforms would extend liability far beyond established legal principles and practical business realities.

46.In conclusion, this court must emphasize that the burden of proof in civil matters rests squarely on the Plaintiff to establish their case on a balance of probabilities. In this matter, the plaintiff has failed to discharge this burden in several critical aspects. First, no evidence was presented to demonstrate that the SIM card registration process itself was conducted negligently or in breach of established protocols. Second, the plaintiff did not establish a direct causal link between the defendant's actions and the alleged damages suffered. Third, while the plaintiff demonstrated adverse credit listing, he failed to show how this was directly attributable to the defendant, particularly given that Safaricom neither provides loans nor reports to Credit Reference Bureaus. Fourth, despite alleging fraud in the registration process, the Plaintiff did not meet the higher standard of proof required for such allegations. The law does not operate on mere suspicion or conjecture, and the court cannot bridge evidential gaps through speculation. As Lord Denning observed in Miller v Minister of Pensions (1947) 2AllELR 372, where evidence fails to turn the scale definitely one way or the other, the case must fail. Here, the plaintiff's evidence falls short of the required threshold to sustain the serious allegations made against the defendant, thereby necessitating the dismissal of this suit.

47.Based on the foregoing analysis and findings, the court makes the following orders:a.The plaintiff's claim is hereby dismissed in its entirety.b.While this court acknowledges that the plaintiff may have suffered damages due to unauthorized lending and adverse CRB listings, such claims should be properly directed at the relevant lending institutions and credit reference bureaus, not the telecommunications provider.c.Given the novel nature of the issues raised in this matter and the fact that the case touches on important questions of corporate liability in the digital age, each party shall bear their own costs.d.The temporary orders and injunctions, if any, issued in this matter are hereby vacated.

48.It is so ordered.

DATED SIGNED AND DELIVERED AT ELDORET, THIS 23^RD DAY OF DECEMBER 2024………………………….R. NYAKUNDIJUDGEIn the Presence of:Mr. Gathere, Advocate for the PlaintiffMr. Luke Ongwen for the Defendant

1.	Peter M. Kariuki v Attorney General [2014] KECA 713 (KLR) Explained	98 citations
2.	Joseph Njogu Kamunge v Charles Muriuki Gachari [2016] KEHC 5119 (KLR) Mentioned	37 citations
3.	Alice Wanjiru Ruhiu v Messiac Assembly of Yahweh [2021] KEHC 13098 (KLR) Explained	14 citations
4.	Eunice Nganga v Higher Education Loans Board & 2 others [2020] KEHC 2471 (KLR) Explained	7 citations
5.	DANIEL GACHANJA GITHAIGA v CREDIT REFERNECE BUREAU AFRICA LTD & 2 Others [2013] KEHC 4160 (KLR) Explained	3 citations
6.	Jedidah Wanjiru Wairimu v Simon Karogha Njoroge & 3 others [2021] KEHC 7584 (KLR) Explained	3 citations
7.	M’IRUANJI MUCHAI v BROADWAYS BAKERY & another [1996] KECA 29 (KLR) Explained	2 citations
8.	Njuwangu Holdings Ltd v Langata KPA Nairobi West Trading Co Ltd & 5b others [2014] KEELC 551 (KLR) Explained	2 citations
9.	C.O.M. v STANDARD GROUP LIMITED & another [2013] KEHC 6061 (KLR) Explained	1 citation

1.	Constitution of Kenya Interpreted	34415 citations
2.	Evidence Act Interpreted	11472 citations
3.	Kenya Information and Communications Act Cited	643 citations
4.	Data Protection Act Interpreted	115 citations

Wachira v Safaricom Company Limited (Civil Suit E005 of 2022) [2024] KEHC 16425 (KLR) (23 December 2024) (Judgment)

Wachira v Safaricom Company Limited (Civil Suit E005 of 2022) [2024] KEHC 16425 (KLR) (23 December 2024) (Judgment)

Collections

Cited documents 14

Judgment 9

Act 4

Legal Notice 1

Documents citing this one 0