This archive report was first published on 22 October 2019.
Published on October 22, 2019, a report by the National Assembly Departmental Committee on Communication, Information and Innovation proposed significant changes to the Data Protection Bill, 2019.
The committee, led by Chairman William Kisang, recommended stiff penalties for individuals and companies that illegally obtain citizens' personal data. The proposed legislation aims to give effect to the right to privacy as provided for in the Constitution by setting out the requirements for the protection of personal data processed by both public and private entities.
Under the proposed changes, individuals and companies found guilty of illegally obtaining citizens' personal data could face fines of up to three million shillings or imprisonment for up to 10 years. The penalties also target those who disclose or sell private data to third parties.
The committee's report was tabled in the House last week and its proposals will be considered when lawmakers return from recess in the next 10 days. The bill defines personal data as "any information relating to an identified or identifiable natural person".
Stakeholders, including Amnesty International, had previously advised that the initial penalty of two years' imprisonment was lenient and should be enhanced. The proposed legislation seeks to address concerns over the safety of private information in the hands of various entities, including Government agencies.
Mobile phone service providers, health practitioners, financial service providers, and Government agencies that store large amounts of individuals' data are likely to be affected by the proposed penalties.