By Alex Gatawa*
The following post is the second of CIPIT’s analysis of the data protection principles provided for under section 25 of the Data Protection Bill. This post focuses on Section 25 (c) & 25 (d) of the Bill which provides for the processing of personal data collected should be for an explicit, specific and legitimate purpose and that the personal data should be adequate, relevant, limited to the purposes.
As was pointed out in the previous blog, available here, the central objective of the Data Protection Bill is to give effect to the Right to Privacy enshrined in Article 31 of the Constitution. Over and above this objective the preamble of the Bill provides other objectives of the Bill. It states that the Bill is to make provision for the regulation of the processing of personal data, provide for the rights of data subjects and impose obligations on the data controller and processors.
In order to ensure that the objectives of the Bill, in particular, the regulation of the processing of personal data, are catered for, the Bill contains several provisions which help facilitate the achievement of these objectives. One such provision is Section 25 which contains the data protection principles, this blog will focus on the principles of purpose limitation and data minimisation provided for in section 25(c) & 25(d).Continue reading