Day 8: Policy and Regulatory Framework on Privacy and Data Protection- Key issues
Dear listers, During the discussion on the draft data protection policy and bill, a summary of issues includes: - Listers recommended that the policy be expanded to look not only into data privacy but also issues to enable a privacy respecting data economy such as skills gap, standards, public funded data, data centers etc. - L isters appreciated the principles for data protection as provided for in the bill and called for ways of translating them into privacy promoting practices within the data economy. For example, there was advocacy for inculcation of data minimisation. - Concerns were raised that if proper mechanisms were not put in place, there was a risk of small data holders such as MSMEs not being able to comply and the bill being a risk to innovation and growth. - Data subject rights as provided for in the bill were viewed as progressive. While there was debate on whether the right to be forgotten should be absolute, listers recommended for this right with regard to research data as well as data about children. - While discussing data processors and controllers, listers debated on data sovereignty and data residency and gave input on how Kenya could be better facilitative of a local data economy. Listers also mused on decisions made through automated means and how developments in artificial intelligence impacted on personal privacy. - On offences, some listers thought that they were not reflective of data economy activities and that while they may be punitive to small players, they were lenient for larger ones. Hence they recommended graduated penalties. Listers also recommended for civil remedies to injured persons under this law. Further, areas that did not have specified penalties, for example not notifying a data subject in case of a breach, were flagged out. - The proposed institutional framework- office of the DPC came with concerns on financing the office, powers of the DPC as well as independence of the office. - Finally, on exemptions, there was a recommendation for more specificity to avoid eating into privacy of data subjects. We shall translate these points, together with those shared during the face to face forum at Strathmore University into submissions to the Task Force. We appreciate all those who gave input, asked questions and followed the discussion to learn. Please point out other areas we may have missed in this summary and ask your questions- At least two members of the Task Force are here to attend to you. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
Dear Grace, The recommendations are great and apt. Thank you! Best, Robi On Fri, Aug 31, 2018 at 11:37 AM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear listers, During the discussion on the draft data protection policy and bill, a summary of issues includes:
- Listers recommended that the policy be expanded to look not only into data privacy but also issues to enable a privacy respecting data economy such as skills gap, standards, public funded data, data centers etc. - L isters appreciated the principles for data protection as provided for in the bill and called for ways of translating them into privacy promoting practices within the data economy. For example, there was advocacy for inculcation of data minimisation. - Concerns were raised that if proper mechanisms were not put in place, there was a risk of small data holders such as MSMEs not being able to comply and the bill being a risk to innovation and growth. - Data subject rights as provided for in the bill were viewed as progressive. While there was debate on whether the right to be forgotten should be absolute, listers recommended for this right with regard to research data as well as data about children. - While discussing data processors and controllers, listers debated on data sovereignty and data residency and gave input on how Kenya could be better facilitative of a local data economy. Listers also mused on decisions made through automated means and how developments in artificial intelligence impacted on personal privacy. - On offences, some listers thought that they were not reflective of data economy activities and that while they may be punitive to small players, they were lenient for larger ones. Hence they recommended graduated penalties. Listers also recommended for civil remedies to injured persons under this law. Further, areas that did not have specified penalties, for example not notifying a data subject in case of a breach, were flagged out. - The proposed institutional framework- office of the DPC came with concerns on financing the office, powers of the DPC as well as independence of the office. - Finally, on exemptions, there was a recommendation for more specificity to avoid eating into privacy of data subjects.
We shall translate these points, together with those shared during the face to face forum at Strathmore University into submissions to the Task Force. We appreciate all those who gave input, asked questions and followed the discussion to learn. Please point out other areas we may have missed in this summary and ask your questions- At least two members of the Task Force are here to attend to you.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/rmosenda%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- ------ Robi M. Chacha, LL.B (Hons) (Moi) Dip Law (KSL) 3rd EAC Youth Ambassador, Kenya +254(0)726235536 / +254(0)736368439 Skype: robi.chacha4 *- "If you think youre too small to make a difference, try sleeping with a mosquito" - Dalai Lama XIV* *Disclaimer:*This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
Thank you Robi! Il giorno ven 31 ago 2018 alle ore 13:03 Robi Chacha <rmosenda@gmail.com> ha scritto:
Dear Grace,
The recommendations are great and apt.
Thank you!
Best, Robi
On Fri, Aug 31, 2018 at 11:37 AM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear listers, During the discussion on the draft data protection policy and bill, a summary of issues includes:
- Listers recommended that the policy be expanded to look not only into data privacy but also issues to enable a privacy respecting data economy such as skills gap, standards, public funded data, data centers etc. - L isters appreciated the principles for data protection as provided for in the bill and called for ways of translating them into privacy promoting practices within the data economy. For example, there was advocacy for inculcation of data minimisation. - Concerns were raised that if proper mechanisms were not put in place, there was a risk of small data holders such as MSMEs not being able to comply and the bill being a risk to innovation and growth. - Data subject rights as provided for in the bill were viewed as progressive. While there was debate on whether the right to be forgotten should be absolute, listers recommended for this right with regard to research data as well as data about children. - While discussing data processors and controllers, listers debated on data sovereignty and data residency and gave input on how Kenya could be better facilitative of a local data economy. Listers also mused on decisions made through automated means and how developments in artificial intelligence impacted on personal privacy. - On offences, some listers thought that they were not reflective of data economy activities and that while they may be punitive to small players, they were lenient for larger ones. Hence they recommended graduated penalties. Listers also recommended for civil remedies to injured persons under this law. Further, areas that did not have specified penalties, for example not notifying a data subject in case of a breach, were flagged out. - The proposed institutional framework- office of the DPC came with concerns on financing the office, powers of the DPC as well as independence of the office. - Finally, on exemptions, there was a recommendation for more specificity to avoid eating into privacy of data subjects.
We shall translate these points, together with those shared during the face to face forum at Strathmore University into submissions to the Task Force. We appreciate all those who gave input, asked questions and followed the discussion to learn. Please point out other areas we may have missed in this summary and ask your questions- At least two members of the Task Force are here to attend to you.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/rmosenda%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- ------ Robi M. Chacha, LL.B (Hons) (Moi) Dip Law (KSL) 3rd EAC Youth Ambassador, Kenya +254(0)726235536 / +254(0)736368439 Skype: robi.chacha4
*- "If you think youre too small to make a difference, try sleeping with a mosquito" - Dalai Lama XIV*
*Disclaimer:*This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
participants (2)
-
Grace Bomu -
Robi Chacha