• About the Centre for IP and IT Law (CIPIT)
  • Join the CIPIT Blog Team

CIPIT Blog

~ Strathmore University Centre for Intellectual Property and Information Technology Law (CIPIT)

Category Archives: RIght to Privacy

Defining the Digital Right to Privacy

04 Tuesday Sep 2018

Posted by Lyndah Tugee in Digital Rights, RIght to data protection, RIght to Privacy

≈ Leave a comment

*Lyndah Tugee & Mercy Kingori

A little history

Brandeis and Warren trace the origin of the right to privacy in the U.S. back to the 1890s. They define privacy as the right to be let alone[1]. The right was first concerned with personal autonomy but it later evolved to cover the peoples’ personal information. A Privacy Act was enacted in 1974 to prevent unauthorized disclosure of personal information held by the federal government. Later on, other Acts including Financial Monetization Act 1999 and Fair Credit Reporting Act requiring financial institutions to provide customers with a privacy policy and to protect their personal financial information they had collected.[2] The right continues to extend its sphere of influence with the emergence of technology, which allows individuals to use, create and publish digital media or to access and use computers, devices or communication networks.[3]

Although Kenya does not have a rich history when it comes to privacy law as compared to the US, supposedly due to varying ages of the countries, there is an increasing interest in the right to privacy especially as applied in the digital sphere. The challenge, however, resides in defining the right to privacy in the digital era.

The Issue

The Constitution of Kenya provides for the right to privacy but it is not immediately apparent Article 31 appreciates the realities of the digital world where the right can be asserted over the communication and telecommunication networks.[4]

A report published by Privacy International highlights the intrusive nature of micro-lending apps, which continue to demand more and more personal data in a bid to define what they term as a financial identity in a bid to determine a person’s credit worthiness.[5] The report studies the nature of information collected to create such identity.[6] One digital lender, Branch, collects call logs, contacts, SMS messages including M-Pesa, GPS location, the repayment patterns of one’s friends for Branch loans etc.[7] Most of these digital lenders are startups whose exit strategy  involves being bought out by another company. It is not clear to what extent to customers will have control over their data once the startup is sold to new owners.

The case of Kenya Human Rights Commission v Communications Authority of Kenya & 4 others [2018] eKLR discusses the use of a Device Management System (DMS) to tap into the devices of mobile phone users. The device was mainly meant to monitor illegal international calls between Kenya and Rwanda. Nevertheless, the High Court ruled that the device would infringe on the consumer right to privacy because the monitoring would be done in the absence of orders to collect information of a private nature.

Why does it Matter?

The foregoing cases bring out a number of challenges that need to be resolved if we are to entrench the right to privacy in the digital space. To begin with, where there are no mechanisms to regulate the nature of information collected, the autonomy of the individuals from whom such information is collected may not be respected. In addition, entities who unwittingly collecting significant volumes of data create a significant risk when their technical systems are breached.[8] Moreover, it is important to make sure that customers can always exercise their data protection rights where a company changes ownership.

The Way Forward

From the aforementioned, certain elements are necessary in defining the right to privacy. A digital right to privacy will be assured where the data subject can determine: a) who can collect their data, b) what data is collected, c) what data is not collected, d) and the nature consent required to collect certain kinds of data. This criterion derives from the legal doctrine of the right to informational self-determination in respect of right to privacy. It is the right of a person to determine the disclosure, and the use of their personal data.[9] The doctrine is in line with Westin’s definition of the right to privacy which he succinctly defines as “the right of the individual to decide what information about himself should be communicated to others and under what circumstances”.[10]  

[1] Samuel Warren, Louis Brandeis, ‘The Right to Privacy’, Harvard Law Review, Vol 4 No.5.

[2] < https://www.livescience.com/37398-right-to-privacy.html> as at 3rd August 2018.

[3] < https://en.wikipedia.org/wiki/Digital_rights> as at 19th August 2018.

[4] Article 31, Constitution of Kenya (2010): Every person has the right privacy, which  includes the right not to have – (a) their person, home or property searched, (b) their possessions seized, (c) information relating to their family or private affairs unnecessarily required or revealed, or (d) the privacy of their communications infringed.

[5] Privacy International, ‘Fintech: Privacy and Identity In the New Data-Intensive Financial Sector’, 2017.

[6] Privacy International, ‘Fintech: Privacy and Identity In the New Data-Intensive Financial Sector’, 2017

[7] Privacy International, ‘Fintech: Privacy and Identity In the New Data-Intensive Financial Sector’, 2017

[8] Crabtree A,’ Personal Data, Privacy and the Internet of Things: The Shifting Locus of Agency and Control’

[9] Rouvroy A, ‘The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy’ 2009.

[10] Westin A, ‘Privacy And Freedom’, 25 Washington and Lee Law Review, 1968.

Top 100 IP Blog

Best Education Blog Winner 2015

Subscribe to our mailing list

Subscribe to our mailing list

Follow us on Twitter

Tweets by @StrathCIPIT
December 2019
M T W T F S S
« Nov    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Kenyan Blog Awards

Archives

  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • May 2019
  • April 2019
  • February 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012

Categories

  • 2019 CENSUS
  • Access to Essential Medicines
  • Access to Information
  • Access to Knowledge
  • Agri-Policy
  • Artificial Intelligence
  • Bitcoin
  • Blockchain
  • CIPIT Insights
  • CIPIT news
  • Collective Management Organisations
  • Copyright
  • Counterfeits
  • Creative Commons Kenya
  • Data Protection
  • Database Rights
  • Digital Identification
  • Digital Rights
  • E-Commerce and the Law
  • Elections
  • Fashion
  • Freedom of Access
  • Freedom of Assembly
  • Freedom of Association
  • Freedom of Expression
  • Guest Post
  • Information Controls
  • Information Technology
  • Intellectual Property
  • Lions' Den
  • M-Pesa
  • openAIR
  • Patent
  • Plant Breeders' Rights
  • Public Interest
  • RIght to data protection
  • RIght to Privacy
  • Science Technology & Innovation
  • Social Media and the Law
  • Software Patents
  • Sui-Generis Protection
  • Tech-Legislation
  • Technology & Innovation
  • Technovation
  • Trademark
  • Traditional Cultural Expressions
  • Traditional Knowledge
  • TRIPS
  • Uncategorized
  • Utility Model

Proudly powered by WordPress Theme: Chateau by Ignacio Ricci.