Listers,

When talking about the rights of data subjects can we then discuss the list of exemptions.

Lets take the example of processing personal data for research (section 53) - why is it that a data subject should not have the right to be removed (forgotten) from this research data-set.

Assume for a minute that this research person/institution has a very relaxed level of data security/handling and the dataset including all the raw non-anonymized data of each data-subject is lost (maybe repeatedly). It seems a bit strange that you should not have any rights as a data-subject in cases where you loose confidence in a data-processor - just because they are exempt.

All the exemptions may also be misused as loopholes for non-compliance - "oh all that data we have over here - we keep that for research purposes".

Kind regards
Michael Pedersen


On 23/08/2018 07:37, kanini mutemi via kictanet wrote:
Day 2- Rights of Data Subjects 

Good morning Listers, 

Day 1 we commented on the principles of data protection mentioned in the draft policy and bill. Today, we will look at the rights of data subjects. For demonstration purpose, when you fill in your details at a mobile money agent’s shop–
                                  You- data subject 
                                  The mobile money agent- data processor 

The data subject is the person to whom the data concerns. 

Here are the rights as listed in Clause 23 of the Bill. I have added comments underneath to help us visualise what these rights would mean in the future. 
 
1. The right to be informed of the use to which the personal data is to be put
Eg. When we leave our details at the entrance to buildings, I expect that they will explain what the data will be used for. 

2. Right to access their personal data in custody of data controller
Will we be able to demand from our mobile network operators to see our account details and transactional history?

3. Object to the collection or processing of all or part of their personal data
Will we be able to opt out of the biometric ID registration proposed by the Ministry of ICT here?

4. Correction and deletion of false or misleading data 
Are we ready for a right to be forgotten? Should it be absolute? 

What do we think of these Listers? Are there other rights that ought to be included? 

  1.   



_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/michael%40pluspeople.dk

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.