NAIROBI, Kenya, Dec 1 – Data Commissioner Immaculate Kassait has called on institutions to adopt practices that take into account principles of processing data and the rights of data subjects and safeguards under the Data Protection Act, 2019 in order to safeguard personal data.
Speaking Tuesday during the Launch of the Subnational Data Practices in Kenya Study and Comparative Data Regimes Report released by Open Institute and Amnesty International Kenya, Kassait said that data protection has become critical owing to the increasing data driven economy and technological advancement.
“There is a need to find a balance between maximizing the benefit of the Information and Communications Technology (ICT) ecosystem and securing optimal policy and regulatory of objectives design to address potential and actual negative consequences of dynamic ICT landscape,” she stated.
The study which was carried out in five counties, aims to ensure that Kenya operationalizes the Data Protection Act through citizen responsive guidelines and in line with international best practices.
The project also seeks to ensure that Kenyans benefit from the advantages in technology without compromising their fundamental right to freedom and ensure that the Act will be implemented in a manner that promotes responsible use of data, according to Amnesty International.
Kassait added that the institutions in the country had put more focus on political rights policies leaving out data, which she says cuts across economic and social pillar, calling for the expansion to those spaces.
She added that her office had achieved a number of milestones since the establishment of the office of the Data protection a year ago.
The Data Commissioner pointed out the finalization of the 3-year strategic plan, the curriculum, the development of complaints management manual and the alternative dispute resolution as some of their achievements.
Advertisement. Scroll to continue reading.
“Alternative dispute resolution is a key component of the Data Protection Act. The idea is basically to call upon data subjects and data controllers to seek and resolve their complaints before they then escalate them to the Office of the data commissioner,” Kassait said.
She further said that her office will be recruiting their own staff to ensure the independence of the Office of the data protection.
Kassait added that her office had carried out at least 36 consultative meetings in a bid to increase awareness on data protection in the country.
“Data protection is still new in Kenya and as such, data controllers, data processors and general public need to understand and appreciate their rights and obligation as provided for in the act. Such an understanding requires knowledge on what is deemed to be personal data or sensitive data and therefore is needed for additional safeguard transparency of issues related to this data, how it is being used and what is being used for,” she said.
The Data Commissioner called on institutions to embark on campaigns to inform the public on the digital rights.
Irũngũ Houghton, Executive Director Amnesty International Kenya, stated that the launch of the two reports, the Study on Sub-National Data Practices in Kenya and Comparative Data Protection Regimes will aid in strengthening the operationalization of the Data Protection Act and generate the best practices for the Act.
“I think it is very important for us to really look on the issue of data protection impact assessments so that when people are collecting data, they are very clear what the impact could be if the data falls on the wrong hands and obviously this is very important for the Office of the registrar of Political Parties as we know recently, they had that difficulty where a number of citizens cried foul that their names and their ID numbers had been erroneously uploaded into different political parties,” he said.
The study indicated that there is a need to rope in more research, data, and evidence from African scholars to strengthen the operationalization of the act, as well as the ‘African’ body of knowledge around data rights and data privacy.
According to the Subnational Data Practices in Kenya report, which examined Bomet, Kilifi, Taita Taveta and Vihiga Counties, though County government officials were very confident (50 percent) that the citizen data in their custody is secure, a significant number lacked information on data protection and access to data laws, policies and procedures within their respective subnational.
Advertisement. Scroll to continue reading.
“This is because there are no dedicated personnel dealing with the data protection docket except those working in the human resources. Similarly, when asked about how likely they thought citizen data could be put to unauthorized use, 14.3 percent of the officials thought this was highly likely, 42.9 percent thought it was possible but not very likely, while 38.1 percent reasoned that it was highly unlikely,” the report read in part.
“Combined, the percentages of those holding the, highly likely and possible but not very likely views, give 57.2 percent which is a dear indicator that data subjects are likely to suffer data breaches in the status quo,” it added.
The report recommended that the county governments hire and train dedicated data protection officers, building the capacity of counties to undertake data protection impact assessment and capacity building for citizens and public officers amongst others to improve on data protection in the country.
