Vodafone rejects claims of privacy breaches, reassures customers of secure data

Vodafone Ghana has dismissed claims that it is breaching the privacy rights of its customers.

According to the company, information about customers, including subscriber information, also known as call data records (CDRs), remains encrypted and secure as the company takes data security and storage of personal information extremely serious.

A statement issued by the telecommunications firm said, “our attention has been drawn to some information circulating on social media and online news websites concerning ‘breaches’ in the privacy rights of Vodafone Ghana customers. This information is a gross misrepresentation of the facts.”

“Vodafone Ghana has acted responsibly and transparently in abiding by the laws of Ghana and categorically rejects all claims that there has been a breach in the privacy rights of our valued customers. We will always uphold the rule of law and comply with our legal and regulatory obligations including the Data Protection Act,” the statement added.

It will be recalled that in March 2020, President Akufo-Addo, passed an Executive Instrument (E.I. 63) that mandated the mobile network operators, including Vodafone Ghana to submit subscriber information to the National Communications Authority (NCA).

This formed part of government’s contact tracing initiative in the ongoing fight against COVID-19.

But Vodafone Ghana in its statement explained that, it “immediately stopped the transmission of all subscriber data related to the contact tracing initiative, pending the court’s ruling on the case, scheduled for 23rd June 2020.”

It said this was upon receipt of an injunction application by a customer, who filed an application at the High Court to stop all mobile network operators from sharing his data with the National Communications Authority (NCA).

The Data Protection Act, 2012 (Act 843) sets out the rules and principles governing the collection, use, disclosure and care for personal data or information by a data controller or processor.

It recognizes a person’s right (data subject rights) to protect their personal data or information by mandating a data controller or processor to process (collect, use, disclose, erase, etc) such personal data or information in accordance with the individual’s rights.

Background

Earlier this month, a lawyer, Mr. Francis Kwarteng Arthur, dragged the President, the National Communication Authority, Kelni GVG, Vodafone Ghana and MTN to court over allegations of privacy right violations.

He has also petitioned Vodafone Ghana’s mother company – the Vodafone Group UK.

According to Mr. Arthur’s solicitors, Archbridge Solicitors, the petition was necessitated by the “nonchalant posturing” of Vodafone Ghana in the middle of the most extensive threat to privacy rights in Ghana’s history and one of the most extensive in the world.

“While other telecommunication network or service providers, like MTN, have vehemently contested the request as overly disproportionate or even irrelevant to the stated purpose and, thereby, a threat to subscribers’ right to privacy, your Ghana office has, at best, remained completely silent and unconcerned about the issue,” portions of the petition read.

But Vodafone Ghana rejected the claims.

Click here for the full statement from Vodafone Ghana: