Day 7: Policy and Regulatory Framework on Privacy and Data Protection- Exemptions
Good morning listers, Today we look at other issues in the draft bill that we missed during the discussions. One is the question of exemptions, which are provided for in part vii. The grounds listed for exemption from the provisions of the Act are: national security and public order concerns, lawful disclosure, prevention of crimes, apprehension or prosecution of an offender and assessment or collection of tax. Interestingly, the draft empowers the cabinet secretary to determine national security and public order concerns. (clause 47(3)) Journalism, literature and the arts are also exempted from the principles of data protection. Where a publication is in public interest, the publisher is only required to comply with the relevant code of ethics. Processing and further processing for research, history and statistical purposes is also exempted from the principle of collecting data for a specified purpose. Although the proposed law gives a safeguard through the principle that data must eventually be destroyed, it does not give guidelines on time periods - it states that research data may not be kept indefinitely. Again, the CS is empowered to prescribe further instances when data may be exempted from provisions of the law (clause 50) Finally listers, there are general exemptions in clause 2 of the bill. The law will not apply to sharing of information among government departments/ public sector agencies or to processing by an individual for purely personal business (this is the personal phonebook exemption) Part of public reaction to this draft was that the bill gives with one hand and takes away with the other. Is this an exaggerated view and if so, how can this be cured in the draft? Are there other ways of dealing with the concerns raised in the exemptions (eg national security) without taking away data subject rights? Ultimately, should any data processor/controller be exempt from protecting data? Also, are there other useful exemptions that we are missing? Please share your thoughts on this issue and any other issue from the draft bill. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
Thnx GB and Mercy for keeping the discussion running. I will not directly respond since am an 'interested' party ;-) However, I just wanted to share my take/overview of the bill in an effort to see if Listers can have the bigger picture and possibly send in more comments - belated or otherwise. Just ensure you pick the correct subject line (Day 1, 2, 3 etc) and submit your ideas. Here is my overview. WALUBENGO: Data Protection Bill is finally out – The key | | | | | | | | | | | WALUBENGO: Data Protection Bill is finally out – The key Data controllers determine the purpose for and the manner in which the data collected on citizens is processed. | | | walu On Thursday, August 30, 2018, 9:32:03 AM GMT+3, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote: Good morning listers, Today we look at other issues in the draft bill that we missed during the discussions. One is the question of exemptions, which are provided for in part vii. The grounds listed for exemption from the provisions of the Act are: national security and public order concerns, lawful disclosure, prevention of crimes, apprehension or prosecution of an offender and assessment or collection of tax. Interestingly, the draft empowers the cabinet secretary to determine national security and public order concerns. (clause 47(3)) Journalism, literature and the arts are also exempted from the principles of data protection. Where a publication is in public interest, the publisher is only required to comply with the relevant code of ethics. Processing and further processing for research, history and statistical purposes is also exempted from the principle of collecting data for a specified purpose. Although the proposed law gives a safeguard through the principle that data must eventually be destroyed, it does not give guidelines on time periods - it states that research data may not be kept indefinitely. Again, the CS is empowered to prescribe further instances when data may be exempted from provisions of the law (clause 50) Finally listers, there are general exemptions in clause 2 of the bill. The law will not apply to sharing of information among government departments/ public sector agencies or to processing by an individual for purely personal business (this is the personal phonebook exemption) Part of public reaction to this draft was that the bill gives with one hand and takes away with the other. Is this an exaggerated view and if so, how can this be cured in the draft? Are there other ways of dealing with the concerns raised in the exemptions (eg national security) without taking away data subject rights? Ultimately, should any data processor/controller be exempt from protecting data? Also, are there other useful exemptions that we are missing? Please share your thoughts on this issue and any other issue from the draft bill. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Hi GB, Thanks for facilitating. Perhaps there should/ could be clarity on what is meant by research and whether all kinds of research deserve exemptions. On Thu, 30 Aug 2018 13:30 Walubengo J via kictanet, < kictanet@lists.kictanet.or.ke> wrote:
Thnx GB and Mercy for keeping the discussion running.
I will not directly respond since am an 'interested' party ;-)
However, I just wanted to share my take/overview of the bill in an effort to see if Listers can have the bigger picture and possibly send in more comments - belated or otherwise. Just ensure you pick the correct subject line (Day 1, 2, 3 etc) and submit your ideas.
Here is my overview.
WALUBENGO: Data Protection Bill is finally out – The key <https://www.nation.co.ke/oped/blogs/dot9/walubengo/Data-Protection-Bill-is-finally-out---The-key-principles/2274560-4731156-1176oukz/index.html>
WALUBENGO: Data Protection Bill is finally out – The key
Data controllers determine the purpose for and the manner in which the data collected on citizens is processed.
walu
On Thursday, August 30, 2018, 9:32:03 AM GMT+3, Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Good morning listers, Today we look at other issues in the draft bill that we missed during the discussions.
One is the question of exemptions, which are provided for in part vii. The grounds listed for exemption from the provisions of the Act are: national security and public order concerns, lawful disclosure, prevention of crimes, apprehension or prosecution of an offender and assessment or collection of tax. Interestingly, the draft empowers the cabinet secretary to determine national security and public order concerns. (clause 47(3))
Journalism, literature and the arts are also exempted from the principles of data protection. Where a publication is in public interest, the publisher is only required to comply with the relevant code of ethics. Processing and further processing for research, history and statistical purposes is also exempted from the principle of collecting data for a specified purpose. Although the proposed law gives a safeguard through the principle that data must eventually be destroyed, it does not give guidelines on time periods - it states that research data may not be kept indefinitely. Again, the CS is empowered to prescribe further instances when data may be exempted from provisions of the law (clause 50)
Finally listers, there are general exemptions in clause 2 of the bill. The law will not apply to sharing of information among government departments/ public sector agencies or to processing by an individual for purely personal business (this is the personal phonebook exemption)
Part of public reaction to this draft was that the bill gives with one hand and takes away with the other. Is this an exaggerated view and if so, how can this be cured in the draft? Are there other ways of dealing with the concerns raised in the exemptions (eg national security) without taking away data subject rights? Ultimately, should any data processor/controller be exempt from protecting data? Also, are there other useful exemptions that we are missing?
Please share your thoughts on this issue and any other issue from the draft bill.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/riva21%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Thank you @Walu for the article that quite simply explains the proposed law. When you said three key actors in the introduction, I was waiting to hear more about the commissioner and maybe why the taskforce chose this model as opposed to anchoring enforcement within existing frameworks. And while you are here, there have been questions about the process- is this a different bill from the Senate one and why didn't we just have one? What process will the draft bill go through after we give our input? Are the bills going to be married at some point? @Riva , you make an important point about specifying what research means and which types of research are exempt. This is definitely important in avoiding a scenario where data processors keep data for longer than necessary for market or other research. In any case, there should be clear conditions for keeping data for research. Listers, thank you very much for your contributions. Tomorrow we shall share key issues raised during these two weeks and open the floor for any outstanding ones. Good night, Il giorno gio 30 ago 2018 alle ore 14:52 Riva Jalipa via kictanet < kictanet@lists.kictanet.or.ke> ha scritto:
Hi GB,
Thanks for facilitating. Perhaps there should/ could be clarity on what is meant by research and whether all kinds of research deserve exemptions.
On Thu, 30 Aug 2018 13:30 Walubengo J via kictanet, < kictanet@lists.kictanet.or.ke> wrote:
Thnx GB and Mercy for keeping the discussion running.
I will not directly respond since am an 'interested' party ;-)
However, I just wanted to share my take/overview of the bill in an effort to see if Listers can have the bigger picture and possibly send in more comments - belated or otherwise. Just ensure you pick the correct subject line (Day 1, 2, 3 etc) and submit your ideas.
Here is my overview.
WALUBENGO: Data Protection Bill is finally out – The key <https://www.nation.co.ke/oped/blogs/dot9/walubengo/Data-Protection-Bill-is-finally-out---The-key-principles/2274560-4731156-1176oukz/index.html>
WALUBENGO: Data Protection Bill is finally out – The key
Data controllers determine the purpose for and the manner in which the data collected on citizens is processed.
walu
On Thursday, August 30, 2018, 9:32:03 AM GMT+3, Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Good morning listers, Today we look at other issues in the draft bill that we missed during the discussions.
One is the question of exemptions, which are provided for in part vii. The grounds listed for exemption from the provisions of the Act are: national security and public order concerns, lawful disclosure, prevention of crimes, apprehension or prosecution of an offender and assessment or collection of tax. Interestingly, the draft empowers the cabinet secretary to determine national security and public order concerns. (clause 47(3))
Journalism, literature and the arts are also exempted from the principles of data protection. Where a publication is in public interest, the publisher is only required to comply with the relevant code of ethics. Processing and further processing for research, history and statistical purposes is also exempted from the principle of collecting data for a specified purpose. Although the proposed law gives a safeguard through the principle that data must eventually be destroyed, it does not give guidelines on time periods - it states that research data may not be kept indefinitely. Again, the CS is empowered to prescribe further instances when data may be exempted from provisions of the law (clause 50)
Finally listers, there are general exemptions in clause 2 of the bill. The law will not apply to sharing of information among government departments/ public sector agencies or to processing by an individual for purely personal business (this is the personal phonebook exemption)
Part of public reaction to this draft was that the bill gives with one hand and takes away with the other. Is this an exaggerated view and if so, how can this be cured in the draft? Are there other ways of dealing with the concerns raised in the exemptions (eg national security) without taking away data subject rights? Ultimately, should any data processor/controller be exempt from protecting data? Also, are there other useful exemptions that we are missing?
Please share your thoughts on this issue and any other issue from the draft bill.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/riva21%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
participants (3)
-
Grace Bomu -
Riva Jalipa -
Walubengo J