No Comment from Consumer Council and Vodafone on Protecting Private Data

Concerns are being raised that private personal data provided by Fijians to companies such as Vodafone Fiji to obtain SIM cards is being misused without consumer consent, potentially allowing companies to profit from customer information in the absence of strong data protection laws.

Fijian consumers have sent screenshots to Duavata News showing bulk SMS promotions, including messages advertising major public events such as the Hibiscus Festival, delivered directly to mobile phones without any visible opt-in or unsubscribe option.

The messages appear to be sent automatically through Vodafone’s network to large numbers of subscribers.

Other SMS messages were from the Consumer Council of Fiji itself.

While the content of the messages was scam awareness tips, concerns remain over the process by which consumers are enrolled to receive them, and where the limits of using our private data end.

In most developed jurisdictions, including the European Union, Australia, New Zealand, the United Kingdom, and Singapore, strict data protection laws require that members of the public explicitly opt in before receiving bulk SMS messages.

These laws also require that every message include a clear opt-out mechanism, such as “Reply STOP to unsubscribe,” and that organisations clearly explain how and why personal data is being used.

By contrast, none of the bulk SMS messages sent by Vodafone, whether promotional or awareness-based, appear to include an opt-in record, unsubscribe option, or explanation of the legal basis for contacting recipients.

If mobile numbers can be used for event advertising and bulk alerts without permission, questions naturally arise about what other uses customer data may be subjected to, and who ultimately benefits financially.

These concerns have been heightened following recent initiatives involving Vodafone’s mobile money platform, M-Paisa.

As part of government-led compliance efforts, Vodafone customers using M-Paisa have been required to provide additional personal information, including identification details and Tax Identification Numbers (TINs).

While such exercises have been presented as compliance-driven, privacy advocates note that the collection of increasingly sensitive personal data, when combined with limited transparency around data use and sharing, raises legitimate questions about safeguards, oversight, and secondary use of information.

Duavata News wrote to both the Consumer Council of Fiji and Vodafone Fiji Ltd seeking clarification on whether customers have consented to receive bulk SMS messages, whether Vodafone monetises bulk messaging using subscriber data, and what protections exist to prevent misuse of personal information.

As of publication, neither the Consumer Council nor Vodafone Fiji Ltd has responded.