Court orders CJ’s Restaurant to pay man Sh75k for sending him promotional messages without consent

 ·  in Breaking News  ·  By Douglas Baya

A popular Nairobi eatery has been ordered to compensate a customer after unlawfully sending him promotional text messages without his consent.

The Office of the Data Protection Commissioner (ODPC) directed CJ’s Restaurant to pay Steve Onwonga Omwenga Sh75,000 for breaching his data privacy rights.

According to the ruling in ODPC Complaint No. 1498 of 2025, Omwenga reported receiving three promotional SMS messages from CJ’s in September 2025.

The texts advertised festive free delivery offers.

He told the regulator that he had never shared his mobile phone number with the restaurant and had not signed up to receive marketing messages.

 

The ODPC ruled that CJ’s processed Omwenga’s personal data unlawfully, unfairly, and without transparency. Photo: CJ’s Restaurant Koinange/Facebook

 

After the third text, he formally objected via email, asking the restaurant to stop the communication and address the issue.

He did not receive a response.

Restaurant’s Defence

In its response to the ODPC, CJ’s acknowledged that the messages were sent as part of a broader marketing campaign targeting customers.

Read Also  DCI Ccnfirms Isiolo Assembly never convened to remove speaker Mohamed Roba Koto

The company said an internal review confirmed that three messages had indeed been dispatched to the complainant.

The restaurant stated that it immediately stopped further communication, deleted Omwenga’s number from its system, and issued an apology.

As a goodwill gesture, it offered him a Sh10,000 dining voucher.

CJ’s also told the regulator that it had since introduced tighter consent-based marketing procedures, opt-out options, staff training, and steps toward strengthening its data protection compliance framework.

ODPC Findings

Despite the corrective measures, the Data Commissioner found that the restaurant failed to prove it had obtained prior and explicit consent before using the complainant’s phone number for marketing purposes, as required under Section 30 of the Data Protection Act.

The ODPC ruled that CJ’s processed Omwenga’s personal data unlawfully, unfairly, and without transparency.

 

The Office of the Data Protection Commissioner (ODPC) directed CJ’s Restaurant to pay Steve Onwonga Omwenga Sh75,000 for breaching his data privacy rights. Photo: UGC

 

The regulator emphasized that taking corrective action after a complaint does not absolve an organisation of liability for breaches that have already occurred.

Read Also  Former Judge Mutava and 3 other suspects spend night in custody, released on Sh200,000 cash bail each pending probe

As a result, CJ’s Restaurant was found liable and ordered to pay Sh75,000 in compensation to the complainant.

The decision reinforces the obligation of businesses in Kenya to obtain clear and informed consent before sending marketing communications, underscoring the growing enforcement of data protection laws in the country.

 

 

FOLLOW NAIROBI NEWS ON FACEBOOK 

 

 

Tags: ,
Email your news TIPS to Editor@nairobinews.co.ke — this is our only official communication channel

You Might Also Like