A police officer admitted in court that a mobile service provider shared the personal information of a Moi University student accused of publishing false information about President William Ruto.

The student, David Mokaya, is facing charges after allegedly posting an image on the social media platform X on November 13, 2024, depicting a coffin bearing President Ruto’s name, an act prosecutors claim was intended to mislead or alarm the public.

Mokaya has pleaded not guilty to the charges.

During court proceedings, the unnamed officer confirmed under cross-examination that the student’s data was obtained from a mobile network provider.

He was unable to verify the origin, source, or location of the controversial post.

Mokaya’s defense lawyer questioned the integrity of the investigation, challenging the prosecution to produce both witnesses and the complainant in court.

“If it is a very old number, those security measures were not there. Anybody could be issued a number,” the defense said, casting doubt on the reliability of linking the post to Mokaya.

The court also heard that the officer could not confirm whether the telecom provider, had deregistered unverified numbers.

The case raises growing concerns about digital privacy, freedom of expression, and the role of telecom companies in ongoing criminal investigations in Kenya.

Kenya’s telecom operators should align with the stringent personal data protection standards enshrined in the Data Protection Act of 2019.

It defines personal data broadly, covering everything from names, contact details, and demographic traits to opinions, fingerprints, and even correspondence.

It mandates that data must be processed lawfully, fairly, and transparently, for specific and legitimate purposes only, and in a manner that respects accuracy, retention limits, and confidentiality.

Handling subscriber data only with express consent, or on another valid legal basis like contract necessity or statutory obligation.

Under the SIM registration regulations, operators must retain subscriber identity and call logs. Agencies like the Communications Authority can demand access to such data, sometimes even without a court order, raising privacy red flags.

Legal clarity on device identifiers (IMEI numbers) also surfaced in a July 2025 High Court ruling.

While regulators argued IMEI data is technical, not personal, the court found that once linked to a user, IMEI identifiers constitute personal data and merit protection under Kenya’s constitution.

Follow our WhatsApp Channel and X Account for real-time news updates