There are currently two Bills on Data Protection pending before both the National Assembly and the Senate. The Data Protection Bill, 2019 was tabled before the National Assembly for the first reading on 4th July 2019. the Senate Bill on the other hand was passed with amendments by the Senate on 10th July 2019 and referred to the National Assembly for concurrence. On one hand there have been indications that both Bills may be merged, while on the other there have been reports of a failure to concur by both houses.
At Rilani Advocates, we have been a part of the Data Protection policy process and are keeping track of the progress of the Bills. To keep our readers updated, we shall be updating on the status of the bills as they progress.
We also seek to demystify Data Protection and shall commencing today, run a series on Data Protection where we shall break down what is about and its different aspects.
What is Data Protection?
Data Protection is concerned with protection of third party (such as service providers, government agencies and anyone asking you for your personal information) processing of personal information they hold – collection, processing, sharing, storing, using, etc. It is the process of ensuring safe and proper use and governance of personal identifying information as well as free movement of personal data.
Data Protection is the protection of fundamental rights.
What is personal data/information?
Any information relating to an identified or identifiable natural person (‘data subject’)
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What is the basis for personal data protection and privacy?
The 1948 Universal Declaration of Human Rights under the UN Convention is a Human Rights protection convention that paved the way for the International Bill of Human Rights. Article 12 of the Convention declares that no one should be subject to arbitrary interference with their privacy, family, home or correspondence, nor to attacks upon their honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 31 of the Constitution of Kenya, 2010 decries the right to privacy which covers privacy of the home and prevention of searches, not having one’s possessions seized, not having information about a person or their family unnecessarily revealed and the privacy of their communication. This right can be limited under circumstances set out in Article 24 of the Constitution.
How is data protection implemented?
By having legislation and policies in place that must be implemented to ensure personal information is being collected, shared and used in appropriate ways.