When a Private Company Holds Information You Need, Clarity Matters

A person who has lost money through a mobile money transaction often wants one thing before anything else: answers. Who received the money? Which number was used? Why did the platform allow the transaction to go through? Those questions feel urgent, especially when the loss affects rent, school fees, business stock, or savings kept aside for a family emergency. The recent High Court decision in Sardelli & 5 others v Safaricom PLC is useful because it speaks directly to that practical problem. It reminds Kenyans that a private company can, in some situations, hold information that is needed for the protection of a legal right. It also reminds the public that an unclear request can fail even where the complaint itself appears serious.

The case arose from allegations involving M Pesa and Fuliza transactions. The petitioners said they had lost money through fraud and wanted Safaricom to disclose details connected to the phone numbers and recipients said to have been involved. The Court accepted the wider constitutional point that Article 35 of the Constitution may apply to information held by private bodies where that information is required for the exercise or protection of a right. That is not a small point. It may matter to a customer dealing with suspected mobile money fraud, a tenant trying to prove unlawful billing, a consumer challenging a financial services provider, or a family trying to trace records after a disputed transaction.

Even so, the petition did not succeed. The Court appears to have been concerned that the request was too broad and not carefully separated from other demands. Instead of identifying the exact records required and linking them clearly to a particular right, the request was mixed with refund claims and wider complaints. That distinction may feel technical when someone has just been defrauded, but it is often decisive. Courts and companies need to know what information is being sought, why it is needed, and how it connects to a recognised legal interest.

The everyday lesson is that an access to information request should not read like a general expression of frustration. It should read like a focused request for records. A customer should identify the transaction date, the amount, the account or phone number used, the reference number, the police report details if any, and the exact records requested. For example, it is likely to be stronger to ask for records showing the processing of a particular transaction on a named date than to ask a company to disclose everything about a fraud scheme. The first request is traceable and limited. The second may be rejected as too vague, too wide, or too intrusive into other people’s privacy.

There is also a privacy issue that should not be ignored. In fraud cases, the information a complainant wants may include another person’s name, identity number, subscriber details, location information, or transaction history. That data also enjoys legal protection. A company may be right to hesitate before releasing it directly to a private individual, even where the complaint sounds believable. That does not mean the victim has no remedy. It may suggest that the police, a regulator, or a court should be involved so that confidential information can be obtained through a lawful process and used for a proper investigative purpose.

A more careful approach would usually begin with a written request to the company. The letter should state that it is an access to information request and should explain the legal right being protected. The right may be property, access to justice, consumer protection, privacy, or fair administrative action, depending on the facts. The request should avoid vague words such as all details or full explanation unless those words are narrowed by dates, reference numbers and particular documents. It should also avoid turning the same letter into a demand for compensation, an apology, prosecution and disclosure all at once. Those issues may be related, but they are not the same legal step.

In practical terms, the person making the request should keep copies of everything. A police occurrence book number, transaction messages, screenshots, bank or mobile money statements, letters to the company and the company’s replies can become important later. A court is more likely to understand the seriousness of a complaint where the paper trail is organised. I would treat the file of documents almost like a small case record from the first day, because by the time a dispute reaches a regulator or court, missing dates and missing references can weaken an otherwise genuine claim.

The decision should not be read as saying that companies can simply hide behind privacy whenever customers ask difficult questions. That would be too broad a reading. The better reading is more balanced. The right to access information is real and may reach private companies, but it has to be used with care. A company that holds information relevant to a person’s rights may have legal duties. At the same time, a requester must be precise, must show the rights connection and must respect the fact that other people’s personal data cannot be treated casually.

For a member of the public, the main message is straightforward. If a private company has information you need in order to protect your rights, ask for it in writing, identify it clearly and explain why it matters. Do not assume that a broad complaint will be treated as a valid access request. In mobile money disputes especially, the difference between a vague complaint and a clear request may determine whether the matter moves forward or collapses at the first serious legal test.

Source note and disclaimer. This article is based on Sardelli & 5 others v Safaricom PLC, Petition E466 of 2022, [2025] KEHC 14948 (KLR), a judgment of the High Court of Kenya at Nairobi delivered on 14 October 2025 and published on Kenya Law on 27 October 2025. The discussion refers to Article 35 of the Constitution of Kenya, the Access to Information Act, the Kenya Information and Communications Act, the Fair Administrative Action Act and privacy considerations. It is prepared for general public legal awareness in Kenya and should not be treated as legal advice for a particular case.