Like many of her African counterparts, Kenya faces unique
challenges and opportunities in battling the Coronavirus. Due to high
unemployment, many people survive on income from casual and informal
employment. Such income is unpredictable, and many people in this situation
have no significant savings or other buffers against periods when work is
scarce. It may therefore not be practical to put major cities and towns on
complete lockdown without inviting potentially unmanageable social problems.
Indeed, it has so far proven difficult to close open air markets or stop (the
privately owned) public service vehicles from operating. To highlight these
challenges, Journalist James Smart used social media to show the
difficult balance that is the life of informal traders who now have to stretch
their meagre earnings to cover their daily needs, after the middle class to
whom they supply their labour retreated to social distancing.
The reality of rural urban migration is that many who come
to Nairobi and other town centres in search of work never really settle in the
towns. Their souls are rooted in their upcountry homes, as Joe Mopero’s classic
hit Naona heri nirudi nyumbani, kwa baba na mama nikawasaidie (“I’ve
decided to go back to my father’s and mother’s house, to help”)reminds
us. At the slightest sight of insecurity, such as the lack of income brought
about by Kenya’s partial lockdown, many city dwellers will travel back home to
wait it out. This, of course, presents the greatest means of spreading the
Coronavirus throughout the country, and government officials have been begging
people to resist from taking that trip to the countryside.
Brandeis and Warren trace the origin of the right to privacy in the U.S. back to the 1890s. They define privacy as the right to be let alone[1]. The right was first concerned with personal autonomy but it later evolved to cover the peoples’ personal information. A Privacy Act was enacted in 1974 to prevent unauthorized disclosure of personal information held by the federal government. Later on, other Acts including Financial Monetization Act 1999 and Fair Credit Reporting Act requiring financial institutions to provide customers with a privacy policy and to protect their personal financial information they had collected.[2] The right continues to extend its sphere of influence with the emergence of technology, which allows individuals to use, create and publish digital media or to access and use computers, devices or communication networks.[3]
Although Kenya does not have a rich history when it comes to privacy law as compared to the US, supposedly due to varying ages of the countries, there is an increasing interest in the right to privacy especially as applied in the digital sphere. The challenge, however, resides in defining the right to privacy in the digital era.
The Issue
The Constitution of Kenya provides for the right to privacy but it is not immediately apparent Article 31 appreciates the realities of the digital world where the right can be asserted over the communication and telecommunication networks.[4]
A report published by Privacy International highlights the intrusive nature of micro-lending apps, which continue to demand more and more personal data in a bid to define what they term as a financial identity in a bid to determine a person’s credit worthiness.[5] The report studies the nature of information collected to create such identity.[6] One digital lender, Branch, collects call logs, contacts, SMS messages including M-Pesa, GPS location, the repayment patterns of one’s friends for Branch loans etc.[7] Most of these digital lenders are startups whose exit strategy involves being bought out by another company. It is not clear to what extent to customers will have control over their data once the startup is sold to new owners.
The case of Kenya Human Rights Commission v Communications Authority of Kenya & 4 others [2018] eKLR discusses the use of a Device Management System (DMS) to tap into the devices of mobile phone users. The device was mainly meant to monitor illegal international calls between Kenya and Rwanda. Nevertheless, the High Court ruled that the device would infringe on the consumer right to privacy because the monitoring would be done in the absence of orders to collect information of a private nature.
Why does it Matter?
The foregoing cases bring out a number of challenges that need to be resolved if we are to entrench the right to privacy in the digital space. To begin with, where there are no mechanisms to regulate the nature of information collected, the autonomy of the individuals from whom such information is collected may not be respected. In addition, entities who unwittingly collecting significant volumes of data create a significant risk when their technical systems are breached.[8] Moreover, it is important to make sure that customers can always exercise their data protection rights where a company changes ownership.
The Way Forward
From the aforementioned, certain elements are necessary in defining the right to privacy. A digital right to privacy will be assured where the data subject can determine: a) who can collect their data, b) what data is collected, c) what data is not collected, d) and the nature consent required to collect certain kinds of data. This criterion derives from the legal doctrine of the right to informational self-determination in respect of right to privacy. It is the right of a person to determine the disclosure, and the use of their personal data.[9] The doctrine is in line with Westin’s definition of the right to privacy which he succinctly defines as “the right of the individual to decide what information about himself should be communicated to others and under what circumstances”.[10]
[1] Samuel Warren, Louis Brandeis, ‘The Right to Privacy’, Harvard Law Review, Vol 4 No.5.
[4] Article 31, Constitution of Kenya (2010): Every person has the right privacy, which includes the right not to have – (a) their person, home or property searched, (b) their possessions seized, (c) information relating to their family or private affairs unnecessarily required or revealed, or (d) the privacy of their communications infringed.
[5] Privacy International, ‘Fintech: Privacy and Identity In the New Data-Intensive Financial Sector’, 2017.
[6] Privacy International, ‘Fintech: Privacy and Identity In the New Data-Intensive Financial Sector’, 2017
[7] Privacy International, ‘Fintech: Privacy and Identity In the New Data-Intensive Financial Sector’, 2017
[8] Crabtree A,’ Personal Data, Privacy and the Internet of Things: The Shifting Locus of Agency and Control’
[9] Rouvroy A, ‘The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy’ 2009.
[10] Westin A, ‘Privacy And Freedom’, 25 Washington and Lee Law Review, 1968.
