This is the first in a series of blogs where the CIPIT team analyses the principles of data protection as provided in Section 25 of the Data Protection Bill, 2019. This edition by Charles Lwanga Opiyo tackles sections 25 (a) and (b) of the Bill, which provide for the processing of data in accordance to the right of privacy, and processing data in a lawful, fair and transparent manner respectively. In this analysis, sections of the Bill that reflect the principles in 25 (a) and (b) are reviewed as well…
The central objective in the Data Protection Bill, 2019 (the Bill) is to give effect to the right to privacy (Article 31 of the Constitution of Kenya 2010), as is explicitly stated in the preambular section of the Bill. Section 25 (a) of the Bill reiterates the constitutional right to privacy in the context of data protection, stating that data controllers and processors shall ensure that personal data is processed “in accordance with the right to privacy of the data subject”. This article seeks to unpack the concept of privacy in the Kenyan Constitutional context and analyze how the same concept is reflected in the Bill. The Constitution shall be the test upon which the provisions of the Bill are reviewed.
The provisions of Section 25 (b) – i.e., that data be processed lawfully, fairly, and in a transparent manner – are also discussed in this post because of their intimate connection with the right to privacy.
It is also understood that principles in the Bill are similar to Europe’s General Data Protection Regulations (GDPR). This article will highlight such similarities.Continue reading