CIPIT’s bi-annual moot competition aims to be innovative and to attract teams from across East Africa, and the 2018 edition was no exception. This year’s edition was particularly significant being the first moot in Sub-Saharan Africa to focus on Information Technology(IT) Law. The 2018 moot problem addressed the complexities of innovation, privacy and data protection in jurisdictions that operate in a legal vacuum with respect to data privacy. Therefore, participating students were able to interact with the topics of privacy and data protection and grapple with the ambiguities these cutting-edge issues pose in the legal field. This was also an excellent opportunity for CIPIT to highlight the trickle- down effect of innovations to the recurring concerns of data protection, and to nurture the interest of the young generation in IT law and policy.Continue reading
Allan Mukuki, CIPIT Moot, Data Protection, Isaac Rutenberg, Liz Lenjo, Luis Franceschi, Mercy Mutemi, Mugambi Muhavi, Philip Kyoma, Strathmore University, Swaleh Hemed Wengo, The Final, Uganda Christian University, Victoria Gitau
The Matter of Mangala & WAP -vs- The Guacamole Republic of Avocado (GRA)
As promised, here is the account of the recently concluded CIPIT ICT Moot. Held every two years, the competition attracts teams across East Africa. It is the only one in the mooting calendar this part of Africa that has information technology and intellectual property as subject matters. This allows competitors to engage with contemporary issues, as was the case in this year’s edition. Data protection has not been legislated extensively in Kenya. The resulting lacuna forces the litigant to think outside the box and try to find viable and practical solutions to technology related problems oft outside the purview of lawyers.
“There will be winners, and there will be losers…” were the words of the Dean of the Strathmore Law School to end his address to the participating teams during the second biennial CIPIT moot. This author is sure that nothing rung truer in the minds of the eager young faces looking at him.Continue reading
From the Editor:
CIPIT held its biennial moot on 11th and 12th of October 2018. In total there were 13 teams in attendance, with about half of the teams hailing from Uganda. In the coming weeks, the CIPIT team will provide a full play by play account of events. Before that however, we would like to acknowledge one of the teams that participated.
The University of Nairobi Team comprising of the Kanyangi twins (so any confusion in the above image is regretted but understandable) and Jackline Sang wrote to us, grateful for the wonderful experience they had during the moot. Truth be told, it is the CIPIT team that is in gratitude for their attendance and their thoughtful letter. Here is their account of the moot, viva voce…
“It was a great privilege to participate in the recently concluded CIPIT 2018 moot competition. From the very onset it was exciting to engage with teams from universities around the country and Uganda. The moot concerned the right to privacy and data protection. Of specific emphasis was the disclosure of health data to third parties and the use of such information to peddle advertisements on the accounts of Wika virus victims.Continue reading
A striking postulation of free speech was developed in the 19th Century by John Trenchard and Thomas Gordon, supporters of John Locke. They defined the right as the freedom to “think what you would and speak what you thought”. This placed a strong emphasis on the citizens’ role in exercising the right as against an implied oppressor, the government.
Other postulations of the right intuit that there is a balance to be struck between the right expressed by the citizen and the right of others. Between citizens, the government is charged with ensuring no one infringes the right of another. The overt regulation of speech amounts to the prevention from: holding an opinion, receiving information to facilitate creation of said opinion, or the dissemination of information that would allow the creation of opinions. The state would in this instance curb the spread of information it perceives as undermining its rule or that which infringes the rights of others.
The International Convention on Civil and Political Rights (ICCPR) posits freedom of speech as consisting two parts; a negative obligation on state organs, to deregulate speech and, a positive right, exercised by the public within the law. Subsequently, the right operates within two parameters as well: dissemination of information and expression of opinions that are vital for debate and transparency in democracies; and the censure of statements infringing the rights of others or abrogating order within the state. Two competing norms exist, individual autonomy versus the protection of collective goals, such as equality among persons.
Criticism of other persons should be conducted within the law. Hence, one must respect the rights and reputations of others. Are statements by errant bloggers protected by Kenya’s own free speech clause? Not quite, libellous statements are not granted legal protection. Article 33 of the Constitution of Kenya (CoK) outlaws making of statements that disparage persons and their reputations.
Citizens should be able to oppose decisions made by their government, employer, municipal court or member of parliament. The CoK stipulates that public participation is an essential avenue for citizens to express their sentiments regarding governance. In democracies, elected representatives are not immune from critique. Their actions are scrutinised by a vigilant public, aware of state obligations.
Free Speech: Applicable mutatis mutandis in cyberspace?
Conceptualists of free speech had written their treatises prior to the internet and mass media. Thus, contemporary issues such as jurisdictional conflicts over online offences were unforeseen. Free speech should evolve to meet these demands.
The right should supersede the classic two-party consideration; the government and the citizen. Social media platforms and internet service providers are new participants in the rights matrix. They curate more data than ever before and have the power to deactivate accounts spreading misinformation. While international case law indicates that social media is an arena for free speech, administrators should be obliged to curate the content on their sites and ensure there are no rights infringements.
Kenyan courts applied principles of tort to malfeasance on social media, to regulate the platform. This approach is only partially viable; the “obligation to curate” must be placed on administrators. The main impediment to this concern is practicality. Twitter cannot monitor its 335 million active user’s pages. Surveillance on that scale would broach a myriad of privacy concerns.
A possible solution could be mandating platforms to introduce a complaints system, allowing users to report rights violations. Administrators responding to the report provide initial adjudication on whether the offending content contravenes internal policies. Illegality however, mandates administrators to assist municipal law enforcement with information pertinent to investigations.
Concluding, digital free speech may be defined as:
The freedom to express a factual representation or opinion on an online platform. The right precludes the following: defamatory statements, hate speech, cyber-bullying, or misrepresentations. The custodians of the right include the government and at initial phases, administrators of online platforms. These custodians are obliged to respond expeditiously to any reports of illegal activity or activity flouting platform policies.
Lessons from the Forum on the participation of NGO’s in the 62nd ordinary session of the ACHPR at the Royal Suites Hotel, Nouakchott.
CIPIT was invited to the ACHPR NGO forum to present their biometrics research findings to a side event that was taking place during the African Charter for Human and Peoples Rights 62nd Ordinary Session and to lobby for the inclusion of the right to privacy to the ACHPR (Banjul Charter).
For this mission we teamed up with the Legal Research Centre (LRC) from South Africa and Privacy International from London. Based on his experience in previous ACHPR events, LRC’S Tsanga Mukumba advised us to advocate for the right to privacy to be included to the mandate of Rapporteur to the right of freedom of expression. He added that asking for the inclusion of the right to privacy, while still the end goal to the Banjul Charter, might be difficult at this stage. A sad truth that we discovered through our interactions with the other forum attendees.
Since we were organising a side event as well, we attended other organizations side events to advertise our event.
While interacting with other human rights advocates who had convened at the event, we faced a challenge of convincing them on our digital right agenda. Many felt that there far more important and grave human rights atrocities in the continent such as the death penalty, torture and slavery. We decided to show the participants how digital rights such right to privacy affect their work on other human rights issues. We brought up issues of government surveillance on civil society and instances where telecom corporates work with law enforcement to crackdown on human rights defenders. This argument helped us gain momentum in our interactions and many saw the relevance of our cause.
At the end of the NGO forum, Tsanga submitted a resolution to the forum, which sought inclusion of the right to privacy to the mandate of the Rapporteur to the right of freedom of expression.
Legal Resources Centre Recommended Resolutions to the NGO Forum April 2018
- That human dignity, as contained in Art. 5 of the African Charter on Human and People’s Rights is the core right and value which underpins the need for the respect, recognition and promotion of the right to privacy of all people in Africa;
- To accept that effective respect and promotion of this right is necessary for the enjoyment of a range of human rights, including freedom of expression, access to information, association and peaceful assembly;
- That the above recognition of the importance and validity of the right to privacy ought to inform and embedded within the process of the revision of the Declaration of the Principles of Freedom of Expression in Africa flowing from African Commission Resolution 362;
- That the mandate of the Special Rapporteur on Freedom of Expression and Access to Information should include privacy and digital rights concerns where these impinge on the ability to communicate and receive opinions freely. Specifically including:
- Unlawful, disproportionate or unnecessary state surveillance and the private enterprises which enable this through the provision of technological solutions;
- The role of the private sector in conducting unlawful collection and processing of their customers personally identifiable information;
- Regulation of the costs of access to the internet, and content and platform neutrality online;
- The prevalence of ‘internet shutdowns’ in African States, particularly during periods of social protest and elections;
- Regulation of the processing of personal data, which can directly or indirectly identify individuals, by public and private bodies, and in particular the need for the processing of sensitive personal data such as biometrics to be subject to higher safeguards.
The LRC is a member of the International Network of Civil Liberties Organizations (INCLO). INCLO is a network of 13 independent, national human rights organizations from the global South and North working to promote fundamental rights and freedoms.
By Phillis Njoroge**
The Statute Law (Miscellaneous Amendment) Bill, 2018 seeks to amend a number of Acts and among them the Registration of Persons Act (Cap 107). This bill proposes the establishment of a National Integrated Identity Management System as well as the capture of biometric data and geographical data (GPS) during the registrations of persons in Kenya. This essentially means that one will be required to provide their biometric information before being issued with a National Identity card. Biometric information in this context includes, fingerprint, hand geometry, earlobe geometry, retina and iris patterns, voice waves and Deoxyribonucleic Acid (DNA) in digital form.
It is foreseeable that this law will have positive and negative implications in various fields. A number of advantages that might come as a result of the collection and digitisation of biometric data include: identification accuracy, establishing accountability in the civil registry as each transaction shall be accurately documented by the individual associated with it, thus reducing the possibility of system misuse and fraud. Similarly, the risk of identity theft shall be reduced consequently leading to an improved return on investments due to the enhanced accuracy, accountability and reduced opportunities for misuse.
As much as this system comes with a number of advantages the collection and storage of DNA data in Kenya’s registry of persons raises a number of legal and ethical concerns. The grimmest of these is the potential contravention of Kenyans’ right to privacy, as provided for under Article 31 of the Constitution, particularly, the guarantee to not have information relating to one’s family or private affairs unnecessarily required or revealed.
DNA data is sensitive. It is not only a unique identifier of an individual, it also can be used to determine an individual’s entire genetic history including their propensity towards certain diseases. This brings it within the ambit of ‘family or private affairs’ as stipulated under Article 31 of the Constitution. The Government of Kenya has not provided sufficient justification for the collection of this data nor has it demonstrated that it shall institute the required stringent security measures within the National Integrated Identity Management System, for the protection of this data. This measure, if adopted, shall transform Kenya into an Orwellian ‘Big Brother State’.
Similar concerns were raised by Britons in their vote against a national data registry and identity cards in 2010. This registry would have required the collection of fingerprint, iris or palm-print data. Their biggest concern was that the collection and storage of up to 50 different kinds of information on one person, would amount to a sort of ‘big brother’ approach. They also felt that it was unclear how secure this data would be from manipulation.
The security of this data is thus under scrutiny. Unlike passwords, biometric data such as DNA fingerprints and the like cannot be easily changed. This means that in the event of a data breach, one cannot easily reset their biometric details. The potential loss in the event of a breach is astronomical as a offender with a sample of the biometric data in question would obtain indefinite access to a database that is secured by the biometric data.
Moreover, the establishment of a DNA database in the absence of a comprehensive data protection legislation further puts the security of such data at risk. It is unclear whether Kenya will be able to afford the necessary encryption technologies and/or adopt the information security and privacy best practices like intrusion detection, breach reporting and having a risk management programs.
The collection of DNA data in a national registry of persons also raises the following ethical questions:
Firstly, who owns the collected DNA data? Given that DNA is unique to a particular individual it is appropriate to assume that DNA is owned by the individual whom it identifies. It is for this reason that the European General Data Protection Regulation (GDPR) in Article 4(5) requires that all organizations, bodies or persons seeking to collect DNA information (pseudo-anonymised data) from anyone to first have consent from that person.
The proposed law in Kenya does not however give people the opportunity to opt in or out of giving their DNA; it makes it a requirement for all Kenyans in order for them to be granted identification as citizens. The implication of refusal to provide such data is the deprivation of national identification documents and potentially one’s citizenship, contrary to Article 14 of the Constitution. As DNA is owned by the individual that it identifies, it is improper for the government or any other entity to collect such data without the explicit consent of the subject.
Given Kenya’s history with ethnic discrimination in both the public and private sector it is important to take into consideration the potential implications of the collection of DNA data, on a national level, on this issue. As DNA data can be used to identify the ethnicity of the subject, there is a risk of such data being abused to discriminate individuals based on their ethnicity. This is compounded by the fact that the Bill is silent as to the specific measures that shall be used to prevent the abuse of the National Integrated Identity Management System.
Additionally, the Ministry of Interior will also require GPS satellite details of Citizens’ homes. While the government can access mobile phones’ GPS data with a court order, they typically have to follow certain procedures to obtain such data from Mobile Networks. However, the collection and storage of both GPS and DNA data as proposed by the Bill is without any oversight, and risks making Kenya a Police State.
One cannot therefore ignore the security risk in collecting DNA data in the absence of elaborate data protection laws. These privacy and surveillance reservations are valid given the Cambridge Analytica (CA) scandal where 50 million facebook users’ data was collected and shared with CA, which built ‘psychographic’ profiles of facebook users. These profiles were then used in targeted political messaging during the United States’ 2016 election. Similarly, research carried out by CIPIT into the privacy implications of the use of biometrics in Kenya’s 2017 general elections established that Kenyans received unsolicited political campaign messages which contained accurate data on their names and in some cases polling stations. In light of the manipulation of personal data for profiling and other nefarious purposes, it is imperative that personal data, more so DNA data, is kept secure and only accessed by authorised personnel when absolutely necessary.
That said, keeping in mind the advantages of a National Integrated Identity Management System, is the risk of putting our DNA in the hands of our government worth it?
** Phillis Njoroge is a 4th Year Bachelor of Laws student at the Strathmore University.
Mobile phone penetration in the Kenya has increased tremendously over the years. The Communication Authority of Kenya (CA), in its first quarter 2017/2018 financial year report placed mobile and Internet subscriptions in the country at 41 and 51 million subscriptions respectively. In spite of this increased mobile and Internet penetration, the high cost of accessing the Internet continues to be a constant hindrance to a majority of mobile users in Kenya.
Private companies, in response to this issue, have attempted to provide ‘free’ or subsidised Internet through what has come to be known as zero-rating of the Internet. In this practice, providers of zero-rated Internet, partner with Internet service providers (typically mobile networks) to subsidise access to the Internet. Access to the Internet under such programs is however limited to the zero-rated Internet providers’ website. Examples of such services include: Free Basics by Facebook and Wikipedia’s Zero.
These services are however extremely controversial due to concerns about their impact on net neutrality and effectiveness as a long-term policy for improving Internet access.
Proponents of zero-rated Internet claim that such services connect people who previously did not have access to the Internet especially in emerging markets in Africa and Asia. While connectivity may increase, the fact remains that Internet service providers and companies that engage in this service derive immense financial benefits from such services. For example, mobile Internet providers use free access to the Internet as an on-boarding strategy. Secondly, access to the Internet under this practice is limited to one or a few popular sites depending on the zero-rated Internet service in question. This calls to question the supposed ‘benevolence’ of such services especially in light of their detrimental impact on net neutrality, which holds that all content and users be treated equally so as to ensure free flow of information online.
While zero-rating can be viewed as beneficial to consumers as they do not incur data charges when visiting zero rated websites, it is detrimental as it in a sense changes the “face of the Internet” by limiting the number of websites which users can access. It effectively operates as an information control principally in the event that such services become ubiquitous and to the extent that they are the first point of entry to the Internet for millions and potentially billions of people.
Furthermore, zero-rating of the Internet jeopardizes freedom of expression online. The forums on which Internet users can freely develop and express their opinions are limited and to a great extent controlled by the parties that subsidize access to the Internet. The ideological underpinnings of the internet, and its role as a medium for advocacy on the protection of civil rights, is at danger of being obfuscated in this paradigm.
Moreover, zero-rating greatly reduces the incentive for content creators who do not have the required financial muscle to continue producing content. It is therefore no surprise that companies like Microsoft and other tech giants are at the forefront of championing zero rating. This is however highly ironic seeing that companies such as Wikipedia and Facebook would not have been able to transcend the ‘start-up’ stage had the Internet at their time of inception been limited through zero-rating. Again, the undermining of the right of Internet users to freedom of expression and uninhibited access to the Internet cuts to the core of this issue.
The impact of zero rated Internet is best gleaned through an analysis of the areas where it is widely offered as illustrated below.
Binge On™, is a video streaming service provided by T-Mobile, a mobile telecommunications company. Binge On™ provides zero-rated streaming for specific content providers while limiting the capacity of “non zero-rated” content providers from streaming its platform. “T-Mobile’s Binge On Violates Key Net Neutrality Principles” a report done by Stanford Law School found that T-Mobile, through its zero-rated service, stifled innovation by barring content creators who did not meet its substantial technical requirements. This exposes the fallacy of the perceived ‘altruism’ behind such services i.e. through the commercialization of information and innovation by extension. This further underscores the importance of maintaining ‘diversity of expression’, in the current knowledge economy, where large tracts of information are generated and disseminated online.
Proponents of this practice argue that zero rating is necessary if we are to achieve universal connectivity. The discussion above however, pokes serious holes into this argument. While universal connectivity is necessary to bolster communication, such hopes shall be relegated to a pipe dream as companies that cannot afford to zero rate their services are unable to fairly compete and reach consumers.
It is with this in mind that a need for a comprehensive legal and policy framework to address zero rating arises. Zero-rating should not be used as a substitute for Internet access. Openness, which is a central tenet of the Internet, must be legally protected. While, there are no country specific laws that deal with the effects of zero rating on freedom of expression, article 33(1a) of the Constitution of Kenya provides for the freedom to seek, receive and impart ideas. Internationally, article 19(2) of the International Covenant on Civil and Political Rights (ICCPR) provides for the freedom of expression.
The Internet is and should remain a bastion of freedom of expression. Kenya is thus bound to enact laws and policies that specifically protect this right ‘out of the normal context of speech’ seeing as Internet based modes of protection are protected under the ICCPR.
** Mercy King’ori is a 4th Year Bachelor of Laws student at the Strathmore University.
By Emmanuel M. Nzaku**
In 1892, when Mr. Aron Salomon was making leather boots and shoes in his White Chapel High Street establishment, he had no idea that his enterprise would shape the nature and operation of modern trade. Since his sons wanted to become business partners, he turned the business into a limited liability company. The company purchased Salomon’s business at an excessive price for its value with his wife and five elder children becoming subscribers and the two elder sons directors but as nominee for Salomon, making it a one-man business. Not only didn’t Mr. Salomon take 20,001 of the company’s 20,007 shares, the company also gave Mr. Salomon £10,000 in debentures. When the company’s business failed and it went into liquidation, Salomon’s right of recovery against the debentures stood prior to the claims of unsecured creditors, who would, thus, have recovered nothing from the liquidation proceeds.
by Njeri Waweru**
Blockchain technology is set to be the most revolutionary technology since the Internet. it is famous for facilitating bitcoin transactions but it can serve many purposes, one of which is land title registration. Land title registration is an issue that plagues many African countries fraught with corruption and lack of transparency inhibiting the realisation of land an individual and the country as a whole.
This semester, we kick off a brand new course for final year undergraduate law students on e-commerce and the law. This course aims at explaining the legal challenges that are posed by electronic commerce. We shall also contextualise and problematise on-going legal/policy developments in Kenya to regulate electronic commerce. In this blogpost, we explore the implications of the registration of domain names for trade marks. In the context of e-commerce, we examine the existing online dispute resolution mechanisms, and in particular the rules created by ICANN and KENIC for online dispute resolution of issues relating to domain-name registration.