Firms collecting Covid data must seek consent, says State
News
By
Frankline Sunday
| Jan 14, 2021
Silhouettes of laptop users are seen next to a screen projection of binary code are seen in this picture illustration taken March 28, 2018. [Dado Ruvic/Illustration, Reuters]
Public and private entities seeking to collect personal data from Kenyans on Covid-19 pandemic will have to seek individual consent from the subjects.
This is according to a new policy from the office of the Data Protection Commissioner. It seeks to protect the personal data of Kenyans during ongoing efforts to fight the pandemic.
“There are a number of government initiatives that promote innovative responses to mitigate the effects of Covid-19,” states the draft Data Request Review Framework.
“For some of these aspirations to materialise, access and processing of personal data of individuals are necessary to appropriately respond to the pandemic,” explains the draft policy.
READ MORE
Tea factory bosses warn new law for sector to hurt farmers
Farmers turn banana stems waste into wealth
AMAC signs deal with Uganda's Grain Council to open regional markets
Konza, Microsoft bank on AI skills to accelerate women in creative economy
Iran war: Why Kenyans should brace for fuel crisis despite State's assurance
Mid-East conflict, port inefficiencies hit tea exporters
Small traders and farmers set for Sh12.5b green funding
State agencies given 6 months to comply with HR guidelines
Kenya banks on new innovation platform to enhance entrepreneurial skills
The State now wants services such as contact tracing apps that require health and geo-location data to beguiled by the Data Protection Act 2019. However, the data collection for purpose of Covid-19 responses will be limited to what is necessary and should be destroyed once its purpose has been exhausted.
“Responsible parties must collect personal information of an individual for a specific purpose, which in this context is to detect, contain and prevent the spread of Covid-19,” stated the policy. The guidelines come two months after the Data Protection Commissioner Immaculate Kassait was sworn into office, and will serve as the litmus test for the regulator. The rules come on the back of increased studies by researchers seeking to document the impact of Covid-19.
Contact tracing
The ICT Authority is yet to reveal whether Kenya will be rolling out a State-backed contact tracing app.
In June 2020, the National Transport and Safety Authority invited bids to develop a contact tracing app, alongside a cashless payment solution but the plan has since been shelved.
Company officials directly involved with accessing and processing users’ personal data will also be required to demonstrate how they will safeguard it.
Personal data-sharing agreements between third parties will also be approved by the Data Commissioner.