Principles of Data Protection: Processing in accordance with the right to privacy

Principles of Data Protection: Processing in accordance with the right to privacy

The right to privacy is a right enshrined in the Constitution of Kenya, 2010 in Article 31 which states:-

Every person has the right to privacy, which includes the right not to have–

  1. their person, home or property searched;
  2. their possessions seized;
  3. information relating to their family or private affairs unnecessarily required or revealed; or
  4. the privacy of their communications infringed.

According to Article 12 of the Universal Declaration of Human Rights the right to privacy includes in part the right not to be subjected to the interference of the privacy of correspondence.

What does this mean for the data controller/processor?

1.The information that you collect should be limited to what is necessary in order to provide a service or perform a contract between the data subject and data controller/processor.

Example: An application that is used to edit and Photoshop pictures has no reason to have access to the contacts on the data subject’s phone. 

2. You should not reveal any information held about the data subject unless it is necessary.

3. Ensure that you are not able to read, listen to or interfere with any private communication.

Example: An employer should not be reading employees’ emails between themselves or with clients.

What does this mean for the data subject?

  1. You can ask a data controller/processor why they require information about you to determine whether it is necessary
  2. If any information you shared is revealed to anyone without a reason then you can make a complaint with the Data Commissioner
  3. You have a right to privacy of all your conversations regardless of the platform used