Hi, That's great. Was thinking along the same lines. I had drafted a rough application and the cert. I was looking for a Mativo ruling where he held that imminent threat to a fundamental right overrides the ripeness doctrine, but can't recall what case it was for now. Will share with you the draft application you strengthen tutasaidiana with authorities kwa petition. Send me your number on my email I WhatsApp you. Regards, JG On Thu, 2 Feb 2023, 15:05 Kukubo Masibo, <kukubomasibo@gmail.com> wrote:
I agree with you.
It becomes even more interesting to think about the ramifications considering the President's keynote address on Data Privacy Day.
I heard him referring to some sort of balance his government is trying to strike between privacy and national interest in light of this whole tax conversation.
Let's see what the future holds.
Maybe we can consider challenging the directive in Court?
Would be happy to work on such a brief *pro bono. *
Kind regards,
On Thu, Feb 2, 2023 at 1:53 PM James Mbugua <jgmbugua@gmail.com> wrote:
Hi Kukubo,
I doubt it.
But nonetheless, no privacy law would contemplate granting such mass surveillance without probable cause or reasonable suspicion.
As you can see in the piece, European government's have been sanctioned for even invoking national security or anti terrorism monitoring to gain such general and indiscriminate retention of personal data.
We could also go further and say KRA would also be violating Article 50, CoK 2010, on the right to remain silent or to not incriminate against oneself.
It's just an unbridled power grab quest.
Regards,
JG
On Thu, 2 Feb 2023, 12:15 Kukubo Masibo, <kukubomasibo@gmail.com> wrote:
Interesting article James,
I am also curious whether KRA has conducted a Data Protection Impact Assessment to assess the risks to personal data that come with the exercise and to introduce sufficient safeguards.
Best regards,
On Mon, Jan 30, 2023 at 11:44 AM James Mbugua via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
See copied below unabridged version.
Regards,
JG
KRA ACCESS TO M-PESA TRANSACTIONS IS A GRAVE THREAT TO PRIVACY ON DATA PROTECTION WEEK BY JAMES MBUGUA As the Kenyan government looks for new ways to increase revenue collection and curb tax cheating, the Kenya Revenue Authority has announced plans to gain direct and warrantless access to M-Pesa transactions. While the intentions of (KRA) may be noble, the methods proposed raise serious concerns about privacy rights and the protection of personal data. In fact, they constitute illegal searches and seizures contrary to Article 31 of the Constitution of Kenya, and well established jurisprudence on privacy rights from around the world. Article 31 provides for the right to privacy and states that every person has the right to privacy, which includes the right not to have their person, home or property searched; their possessions seized; information relating to their family or private affairs unnecessarily required or revealed; or the privacy of their communications infringed. Kenya’s Data Protection Act of 2019, provides in Section 4 that a data subject’s consent must be sought before their data is collected and processed. Section 15 requires data controllers to obtain a warrant from a court of law before accessing personal data. This is to ensure that the collection, processing and sharing of personal data is necessary and proportionate. The High Court of Kenya, in the case of Center for Rights Education and Awareness (CREAW) v Attorney General [2013] , as well as in Maina Kiai v Attorney General held that the government's surveillance of citizens' communications without a warrant is a violation of the right to privacy protected under the Constitution. KRA’s proposal in the Budget Policy Statement released by the National Treasury last week, ironically came on the eve of Data Protection Week when the world marks the International Data Protection Day, on 28th January. In Europe, whose General Data Protection Regulation (GDPR) we largely modelled our Act on, the principle of necessity and proportionality, in collection of personal data, has repeatedly been upheld by courts when government agencies have tried to access citizens’ telecommunications information without warrants. The courts have ruled that general and indiscriminate retention of personal data is incompatible with EU laws and constitutional rights, because it represents a serious interference with the right to privacy and the protection of personal data In the Digital Rights Ireland vs. Minister for Communications case, as well as another called the Tele2 case, the European Court of Justice (ECJ) ruled that a law requiring telecommunications service providers to retain traffic and location data for a period specified by national law in order to detect, investigate and prosecute crime was invalid. The Court emphasized that any interference with the right to privacy and the protection of personal data must be proportionate to the legitimate aim pursued. These cases reinforced the principle that any data retention measures must be limited to what is strictly necessary to achieve a legitimate aim. In Kenya’s case, it can be argued that KRA can achieve its mandate through other means without large scale surveillance and interference with people’s privacy. Further, granting KRA unfettered access to M-Pesa transactions data without the need for court orders, violates constitutional protection against illegal searches and seizures, also provided for under Article 31 of the Constitution. In the United States, for example, the Supreme Court has ruled that the government's warrantless access to historical cell phone location data is a violation of the Fourth Amendment, which protects individuals against unreasonable searches and seizures. The court found that the collection of cell phone location data constitutes a search under the Fourth Amendment and that the government must obtain a warrant based on probable cause before accessing such data. In Canada, the Supreme Court has ruled that the government's warrantless access to historical telecommunications data is a violation of the right to privacy protected under the Canadian Charter of Rights and Freedoms. The court found that the collection of telecommunications data constitutes a search under the Charter and that the government must obtain a warrant based on a reasonable expectation of privacy before accessing such data. _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
-- Meshack K Masibo, Writer|Noisemaker|Lawyer Affiliated with KICTANet kictanet.or.ke
-- Meshack K Masibo, Writer|Noisemaker|Lawyer Affiliated with KICTANet