Skip to main content

Kenya Parliament Must Safeguard Citizens' Right to Privacy

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 24 October 2019.

Kenya Parliament is currently debating the crucial Data Protection Bill, a process that must be transparent and participatory. The bill has significant effects on the right to privacy of people of Kenya.

According to Ndung'u Wainaina, Executive Director of the International Center for Policy and Conflict (ICPC), the Director of Public Prosecutions (DPP) has been pursuing a state-led surveillance agenda, seeking to allow the government to spy on Kenyans.

Wainaina emphasized that the Constitution of Kenya 2010 guarantees the right to privacy, which may be enforced by the Constitutional Court. He noted that privacy is closely tied to human dignity and is an important enabling right, providing the conditions for individuals to enjoy other human rights.

The Data Protection law aims to give full effect to the constitutional right to privacy by safeguarding personal information when it is processed by another party, and to regulate the manner in which personal information may be processed by establishing threshold of minimum conditions.

Wainaina highlighted that the law provides persons with rights and remedies to protect their personal information from processing that is not in accordance with the law. He added that the Kenya Government has admitted in court a serious breach of personal data in the Huduma Namba registration.

The director emphasized that Members of Parliament must ensure that the Data Protection law forces everyone responsible for using personal data to follow strict rules of 'data protection principles.' These principles include using information fairly, lawfully, and transparently; using it for specified, explicit purposes; and keeping it accurate and up to date.

Wainaina also noted that a good data protection law must be ingrained with four best practices. These include being transparent with individuals about how their data will be used, ensuring that personal information is kept secure and backed up, restricting the storage of personal information, and keeping personal data accurate.

He suggested that Kenya Parliament should borrow leave from the European Union on data protection, noting that the 1995 European Union Data Protection Directive imposes a standard of protection on any country in which the personal data of European citizens is processed.

Wainaina added that the Communication Authority of Kenya must be legally empowered to be the Information Regulator, enforcing the best governance practices of the protection of personal information.

He emphasized that the final Data Protection law that Kenya Parliament will pass must expand individuals' rights, extend the role and enforcement powers of data protection authorities, and place a stronger burden on data controllers to be transparent and accountable to individual data subjects.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →