Market
EXPLAINER: Why a court ruled that Bolt pays GH¢1.9m to a lecturer over identity theft
A Circuit Court in Accra recently ruled in favor of Justice Noah Adade, a lecturer, and CEO of a software solutions company, who filed a suit against Bolt Ghana Limited for failing to detect the theft of his identity, which was then used by a driver.
Adade, in his GH¢2 million lawsuit, alleged negligence on the part of the ride-hailing company, stating that Bolt had violated the Data Protection Act by using his personal data for one of its drivers without proper verification.
The plaintiff contended that Bolt had neglected to verify the ownership of the vehicle with registration number GR 2052-22 before registering it.
He asked the court to compel Bolt to remove his personal data from its database and sought compensation for the unauthorised use of his information after discovering his identity had been stolen when he requested a ride in August 2022.
Upon confronting the Bolt driver, Adade said he received an apology from the driver, stressing that Bolt Ghana Limited had a duty of care to be diligent and thorough in its operations, a duty the plaintiff believes it did not fulfill.
After months of legal tussle, the court ruled in favour of Justice Noah Adade, thereby ordering Bolt to pay GH¢1.9 million in compensation as damages caused by the ride-hailing company.
What Ghana’s Data Protection Law says about identity theft
Ghana’s Data Protection Act, 2012 (Act 843) governs the collection, use, and processing of personal data in Ghana.
The law was enacted to ensure that individuals’ personal data is handled responsibly, and their privacy is protected.
The Act also established the Data Protection Commission as an independent statutory body to ensure and enforce compliance.
Here are key provisions of the Data Protection Act:
1. Data Protection Commission (DPC):
The Act established the Data Protection Commission to oversee data processing activities, enforce the law, and promote good data protection practices.
2. Data Controller Responsibilities:
Organisations or individuals that collect and process personal data (data controllers) must:
• Register with the DPC.
• Ensure data is processed fairly, lawfully, and securely.
• Collect data for specified, explicit, and legitimate purposes.
• Obtain consent from individuals before processing their personal data.
3. Data Subject Rights: Individuals (data subjects) have rights to:
• Access their personal data held by a controller.
• Rectify inaccuracies in their data.
• Object to the processing of their data in certain circumstances.
• Seek redress for breaches of the law.
4. Security Safeguards: Data controllers are required to implement appropriate measures to protect personal data from loss, unauthorised access, and misuse.
5. Data Transfer to Third Countries: The law restricts the transfer of personal data to countries without adequate data protection measures unless certain conditions are met.
6. Penalties: Non-compliance with the law can result in fines or imprisonment. The Data Protection Commission has the authority to impose sanctions for violations.
Who the law applies to:
The law applies to all sectors that process personal data, including government, businesses, and non-profit organisations. It also covers both electronic and manual data processing activities in the country.
With additional files from the Data Protection Commission
Source: www.ghanaweb.com