Tanzanian businessman sues Vodacom for $4M over data privacy violation

Avatar
Tanzanian businessman sues Vodacom for $4M over data privacy violation

Vodacom Tanzania has been slammed with a lawsuit worth Sh10 billion (about $4M) by Sayida Masanja, a businessman, who claims the telecom operator fed his personal information to Open AI’s ChatGPT without authorization.

Following the increased use of AI-led chatbots, data privacy concerns have also shot up. 

The Sh10 billion which Masanja wants Vodacom to cough up is to compensate for the loss of privacy which he feels the telco helped facilitate. Aside from providing ChatGPT with his user data, the plaintiff says that the chatbot also gained access to his mobile network information. The case is scheduled for its first hearing on September 13 this year, The Citizen reports.  

He first found out that his data was on ChatGPT sometime between February and March this year. According to him, the personal details included incoming and outgoing calls, IMEI numbers, SIM information, and location data. To serve as evidence for his case, Masanja made physical copies of the exposed data. 

Seeing as his personal information was available on an open-source platform, Masanja said the incident made him feel upset. Paul Kaunda, the plaintiff’s counsel, accused Vodacom of negligence and knowingly leaking Masanja’s data which span 65 records. This makes Masanja vulnerable to cybercrime and other heinous acts. 

Kaunda further argued that his client’s whereabouts for 30 days can easily be discovered now following the exposure of his phone location data. “The time-stamped data can provide an intimate window into the plaintiff’s life, revealing not only his particular movements but, through them, his familial, political, professional, religious, and sexual associations. Through them, one can connect the dots and arrive at a plausible conclusion about the plaintiff’s lifestyle,” he continued. 

Part of its response to the lawsuit saw Vodacom refute the allegations. Furthermore, the telco has moved a motion for the court to strike out the case mainly because Masanja contravened Section 13 of the country’s Civil Procedure Code. The said section states that every suit must be filed in the court with the lowest level of authority. 

Tanzanian businessman sues Vodacom for $4M over data privacy violation

Essentially, a resident magistrate court and district court would need to hear the case before any other court. However, Masanja initiated the suit at the Shinyanga High Court which has more jurisdiction than the above courts. It is because of this error that Vodacom wants the case dismissed. 

The telco also issued a statement that showed no signs that it would pay a compensation fee of that amount. Justifying its data privacy standards, it said “The defendant operates with the greatest care and a high standard of professionalism in handling the personal data of the customer’s information against third-party invasion.” 

Vodacom further disassociated itself from the possibility that Masanja’s data was shared with any third-party service, ChatGPT included. It also claimed that it is in no way affiliated with ChatGPT, thus eliminating any chance that it would have fed the AI bot user data. In all, it denied breaking any data privacy laws. 

However, Kaunda disputes Vodacom’s claim of not being associated with Open AI. He alleged that the telco feeds Open AI with user data to help the latter fine-tune the Large Language Models on which ChatGPT runs. 

Read also: Nigeria sees 64% increase in data breaches, recording an outstanding 82,000 episodes in Q1 2023

Data privacy in the AI age

ChatGPT has undeniably championed the buzz about conversational AI technology, and how it’s here to improve daily life. Since its 2022 launch, the bot has grown into a world force that comes in handy in diverse situations. However,  its growth has been beset with some challenges. Among those hiccups is the growing problem of data privacy violations. Two weeks ago, its parent company Open AI was sued for using substantial amounts of stolen data to train its chatbot. 

In today’s world, technology is everywhere. And so is user data. Whether it’s a social media platform or an online game, users are now expected to provide personal data as part of the registration process. Although tech companies are required to manage customer data in line with local data protection laws, some brands have been accused of doing the opposite. 

5 major trends that will define the African tech space in 2023

Early this year,  Italy became the first Western nation to prevent citizens from accessing ChatGPT over a suspicion that it did not comply with data privacy laws. Last month, Google joined Samsung, Apple,  and a few other tech companies to warn staff about their interactions with AI chatbots. 

Since chatbots train themselves using the data obtained from conversations with users, a careless employee that shares a prompt containing sensitive information risks facilitating a data leak. If that seems unlikely, then it’s worth adding that ChatGPT suffered a data breach that exposed the chat history and payment information of active users in May this year. Think of what cybercriminals could do with that much data. 


Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!