Day 3: Personal Data Protection

27 Nov 2013

      Dear Dr. Matiangi and Listers,

Please find the comments by DotConnectAfrica on the entire Draft African
Union Convention on the establishment of a Credible Legal Framework for
Cyber Security in Africa.

DotConnectAfrica took initiative, analyzed and published these comments to
the draft convention over a month ago in October 2013 and circulated it to
interested stakeholders.

We appreciate the multistakeholder efforts in preparing this convention and
look forward to work with everyone in this worthy course.

Link to our comments:

1.
http://dotafrica.blogspot.com/2013/10/dotconnectafrica-comments-to-draft.htm...

2.
http://www.dotconnectafrica.org/wp-content/uploads/2013/10/DotConnectAfrica-...

*Article II – 2:*
With respect to personal data, state prerogatives must be well defined so
as not to breach the rights of a private life online or offline.

 All activities that arise from the gathering, processing, transmission,
storage and use of personal data should be well defined and levels of
acceptable access and permissions by individual users properly laid out so
as not to create a door for perceived surveillance or activities that take
away the personal right of a user

*Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection
Authority*

Comment 12: These articles define the membership and the constituting
mandates of the said ‘Protection authority’ however it should be left to
the countries to define the authorities under inbuilt country
contributions/laws or bylaws so as not to create a different center of
power or parallel agency.

Also the selection of the membership to the protection authority should
allow composition from all stakeholders and not only government. ‘Sworn
Agents’ should be well defined and described, their mode of selection,
duties, responsibilities should be open to public accountability and
transparency.

Regards
DotConnectAfrica Trust.
...
Message: 1
Date: Wed, 27 Nov 2013 02:34:09 +0000
From: Fred Matiangi <fredmatiangi@gmail.com>
To: Grace Githaiga <ggithaiga@hotmail.com>
Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>
Subject: Re: [kictanet] Day 3: Personal Data Protection
Message-ID:
        <
CAHqF9HaFpZiNfA8OqedHxn7BN1C0bdzSrXZCo+MbT9TEdR2NKA@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Good morning Listers,
I have been following the on-going discussion of the  proposed AU
convention with keen interest and excitement, especially because this is
precisely how we will end up enriching and strengthening it. I pumped into
John Walubengo last evening and proposed that  perhaps in a week or two we
should have a brief brainstorm bringing together all interested parties so
we can concretise our 'Kenya Position' on this convention. Further to this
conversation, I asked my colleagues Victor and Eunice at the ICTA and
Francis Wangusi at CCK to explore possibilities of collating all the ideas
emanating from this forum and setting up a sit down to tie up our
discussions a head of the Heads of State Summit in January.
Grace- I very sincerely appreciate the initiative to drive this discussion
and look forward to further engagement.
Good day.
Fred
On Tue, Nov 26, 2013 at 9:23 PM, Grace Githaiga <ggithaiga@hotmail.com
...
wrote:
...
*Good morning Listers*
*Today, we move onto PART II: PERSONAL DATA PROTECTION and will tackle
four questions.*
*Objectives of this Convention with respect to personal data*
*Article II ? 2:*
*Each Member State of the African Union shall put in place a legal
framework with a view to establishing a mechanism to combat breaches of
private life likely to arise from the gathering, processing,
transmission,
storage and use of personal data.*
*The mechanism so established shall ensure that any data processing, in
whatsoever form, respects the freedoms and fundamental rights of physical
persons while recognizing the prerogatives of the State, the rights of
local communities and the target for which the businesses were
established.*
*Question:* *What is the relevance of this article? What are these state
prerogatives? And given the increased interest of state surveillance, how
can states balance respect of FOE while recognising state prerogatives? *
*Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection
Authority* which is meant to establish standards for data protection.
Article II ? 14 *provides for each Member State of the African Union to
establish an authority with responsibility to protect personal data.
 It* *shall
be an independent administrative authority with the task of ensuring that
the processing of personal data is conducted in accordance with domestic
legislations.*
Further,  article II-17 states that ?*Sworn agents may be invited to
participate in audit missions in accordance with extant provisions in
Member States of the African Union?.*
*Question:* *Considering that this article seems to be tied to the
Protection Authority, what is its relevance? And who is a ?sworn
agent?? What should this authority look like in terms of its
composition? *
*Article II ? 20:*
*?Members of the protection authority shall not receive instructions from
any authority in the exercise of their functions. *
*Article II ? 21:*
*Member States are engaged to provide the national protection authority
human, technical and financial resources necessary to accomplish their
mission.*
*Question:* *It appears that this Data Protection Authority is envisaged
to be fully government supported. Therefore, should we be talking of its
independence? In what way should this article be framed so that it
ensures
independence of the Authority?*
*Article II ? 28 to II-34 *outlines six principles governing the
processing of personal data namely:
Consent and of legitimacy,
Honesty,
Objective, relevance and conservation of processed personal data,
Accuracy,
Transparency and
Confidentiality and security of personal data.
Under each of the specific principles, detailed explanation of how each
should be undertaken is offered.
*Question:* *Is this explanation and detailing of how to undertake each
necessary in an international (regional) law necessary or needed? Is this
legislation overkill?*
*Lets get your views on data protection concerns.*
Rgds
GG
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/fredmatiangi%40gmail.c...
...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
for people and institutions interested and involved in ICT policy and
regulation. The network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth and
development.
...
KICTANetiquette : Adhere to the same standards of acceptable behaviors
online that you follow in real life: respect people's times and
bandwidth,
...
share knowledge, don't flame or abuse or personalize, respect privacy, do
not spam, do not market your wares or qualifications.

Gideon

tags

participants (1)