This article was originally published at page 21 of the Star Newspaper of September 20, 2018
We have recently witnessed data breaches that have led to the publication of private facts about many Kenyans. These private facts have been obtained from telephone conversation records , intrusion into individual digital photo libraries, and breach of public institution’s databases.
We also suffer a barrage of unsolicited messages from telemarketers, scammers and even cyber frauds.
August 2018 was a peak month in media reports of Kenyans reporting an increase in phone scams. Kenyans were asked, via texts, to send their personal details and ended up having their SIM cards swapped and their mobile money accounts emptied. The Kenyan Directorate of Criminal Investigations (DCI) ended up arresting a total of 22 suspects, among them Safaricom employees and University students, in connection with the scam.
Now more than ever, there is a need for awareness among Kenyans regarding data rights. Personal data is any information relating to an identified or identifiable natural person. Some of the information includes: personal email addresses, tax records, immigration records, health records, police records, finger prints, bank records, consumer habits, and marriage status.
While Article 34 of the Constitution of Kenya, 2010 guarantees the right to privacy, Kenya lacks a legally binding comprehensive data protection framework. The country also retains laws which permit undue violation of privacy on citizen data.
The need for a comprehensive data protection framework cannot be opposed. Such a framework must of necessity guarantee at least seven key rights for all Kenyans as data subjects. A brief on each of the said rights suffices.
RIGHT TO ACCESS TO PERSONAL INFORMATION
Firstly, Kenyans have a right to know what personal data an organisation holds about them and be provided with a copy.
RIGHT TO BE INFORMED WHETHER PERSONAL DATA IS BEING PROCESSED
Secondly, Kenyans should be informed whenever anyone is processing their personal data, how long they will retain the data and and who it will be shared with.
RIGHT TO RESTRICT PROCESSING
Thirdly, Kenyans have a right to limit the way that an organisation uses their data and only allow for storage of the personal data but no other purpose.
RIGHT WITHDRAW CONSENT FROM PROCESSING
Fourthly, in instances where Kenyans had authorised the processing of their personal data and later change their minds; they can later revoke the permissions granted to the companies.
RIGHT TO OBJECT TO AUTOMATED DECISION MAKING AND PROFILING
Fifthly, Kenyans have a right to reject any attempt to allow only machines to make legally binding decisions over them based on profiling of their race, sex, pregnancy, marital status, health status, ethnic or social origin, colour, age, disability, religion, conscience, belief, culture, dress, language or birth.
RIGHT TO REDRESS AND EFFECTIVE REMEDY
Sixth, Kenyans should be able to complain a competent authority that is impartial and independent and seek remedy whenever their right to privacy has been infringed.
RIGHT TO RECTIFICATION
Seventh, Kenyans should be able to correct any inaccurate data about them by providing additional information to make the rectifications. An example is when the date on the birth certificate is different from the date in the Identification Card.
Personal data protection is an essential pre-requisite to the meaningful exercise of freedom of expression, as people are much more likely to express themselves openly in the knowledge that their communications are private and secure.
As many of us would not go to bed at night and leave the door unlocked, fearing that someone would come into the privacy of our homes and rob and harm us, or even just go through our belongings, we should exercise the same amount of caution with our personal information.
This article was originally published at page 21 of the Star Newspaper of September 20, 2018