The Kenya ICT Action Network (KICTAnet) has recommended that the Data Protection Bill 2018 should consider all general aspects of data processing according to its memorandum.
“We recommend that the Bill be considered a Bill of general application on all aspects of data processing in Kenya. We further recommend that this be included in the clauses on the objects and application of the Bill to capture all aspects of the Kenyan data economy, from [the] public to [the] private entities,” the memorandum reads.
“These include affording the highest standards of privacy through proactive and preventative mechanisms; making privacy the default in the data economy; encouraging privacy by design; promoting highest standards of security for data; building in transparency in relationships among stakeholders in the data economy; and providing an oversight mechanism for data protection.”
The Data Protection Bill 2018 aims to protect the constitutional right to privacy. Currently, various institutions are collecting personal data such as the number of social media users and mobile subscribers without consent from individuals. This Bill aims to remedy this situation; however, KICTAnet feels that the Bill has failed in fully providing Kenyans with this right.
For example, KICTAnet observes that national security bodies are excluded from providing Kenyans with the “highest standards of privacy to personal data they may collect or process.”
The Network has also proposed that the interpretation of an agent be broadened to include those who collect data via robots and bots.
The Data Protection Authority
The Bill has given the Kenya National Commission on Human Rights the role of overseeing data protection in the country. This move, according to the KICTAnet, is not in line with international best practices where countries such as Ghana and South Africa have established a separate body to deal with data protection matters.
“Nonetheless, we recommend that the Bill strengthen the relationship between the authority and stakeholders in the data economy through clearer provisions on the role of the authority,” says KICTAnet.
The Consequences of Violating the Right to Privacy
KICTAnet wants the Senate, to whom it has submitted its memorandum, to consider compensation as a penalty for violating someone’s personal data. The compensation will be in line with the damages the victim suffers.
Other proposed penalties include administrative fines, cease and desist orders preventing data agents from processing data until they comply with the upcoming regulations and providing different penalties for different data agencies.
KICTAnet, which was established in 2005, is a platform for stakeholders interested and involved in ICT policy and regulation. The Network aims to drive reforms in the ICT sector in support of the country’s goal of achieving ICT-enabled growth and development.
KICTAnet submitted its memorandum on the Bill on July 17, 2018.
