By Florence A. Ogonjo
The Government of Kenya through the Ministry of Information Technology recently published draft regulations, the Data Protection (Civil Registrations) Regulations 2020 and called for a public participation hearing on 27th February 2020 at KICC, welcoming oral submissions and comments to the draft regulations.
The regulations are divided into six parts covering respectively; Preliminary, Data Protection Principles, Rights of the data subject, Obligations of the civil registration entity, Security Safeguards, and Miscellaneous provisions.
CIPIT took part in the public hearing sessions and took note of debates arising from the process as discussed below. Data Protection Principles
Ensuring that legal frameworks on data protection meet the objective of protecting the collection, processing, and storage of personal data requires that the frameworks are structured to adhere to the principles of data protection. The regulation has focused on two principles – consent and security safeguards, inadequately addressing other core principles on purpose limitation, storage limitation, adequacy, and data transfer.
In order to avoid abuse, there is need for clarity on all the principles. The principles give effect to the rights of a data subject. Abiding by these principles not only guarantees the right to privacy but also legally justifies the processing of personal data in a manner that respects the rule of law.
Processing of Personal Data relating to children.
Children are less aware of the risk involved in the processing of their personal data and therefore merit specific protection when their data is collected and used. Consideration must be given to clarity on privacy notices, reliance on direct consent of a child, the competence of the child in understanding what they are agreeing to, identification of risks and consequences of the processing and the implementation of age-appropriate safeguards.Continue reading