× Digital News Videos Opinions Cartoons Education U-Report E-Paper Lifestyle & Entertainment Nairobian SDE Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS
National Assembly Committee on Communication, Information and Innovation Chairman William Kisang during a public hearing on Data Protection Bill, 2019. [Boniface Okendo, Standard]

Sci & Tech
MPs tighten conditions under which personal information is used

MPs have proposed stiff fines and lengthy prison sentences for individuals and companies that illegally obtain citizens’ personal data.

The penalties also target those who disclose or sell private data to third parties.

The recommendations are contained in a report of the National Assembly Departmental Committee on Communication, Information and Innovation on the Data Protection Bill, 2019.

The bill, which has been undergoing public hearings, states: “A person who commits an offence under this Act for which no specific penalty is provided or who otherwise contravenes this Act shall, on conviction, be liable to a fine not exceeding three million shillings or to an imprisonment term not exceeding 10 years.”

SEE ALSO: Democrat Biden visits site of police brutality protest in Delaware

The recommendations are among a raft of changes the William Kisang-led committee is proposing to the Government-sponsored Bill.

The report was tabled in the House last week and its proposals will be considered when lawmakers return from recess in the next 10 days.

The bill defines personal data as "any information relating to an identified or identifiable natural person".

Jail term

The bill had initially provided for a jail term of two years for law breakers, but stakeholders who appeared before the House team, including Amnesty International, termed the penalty lenient, and advised it be enhanced.

SEE ALSO: No Boston race means no ‘mursik’, Cherono regrets

The lawmakers said this initial penalty "may not serve the purpose of ensuring protection of personal data".

The proposed legislation seeks to give effect to the right to privacy as provided for in the Constitution by setting out the requirements for the protection of personal data processed by both public and private entities.

There have been concerns on the safety of private information in the hands of various entities, including Government agencies.

Early this year, Kenyans raised questions on the safety of information collected during the Huduma Namba registration exercise. The Government insisted that the information was secure.

Among those likely to be affected by the stiff penalties are mobile phone service providers, health practitioners, financial service providers and Government agencies that store large amounts of individuals' data.

SEE ALSO: High Court stays LSK decision to recall senior lawyer list

MPs have also tightened conditions under which personal data may be obtained. They recommend that no Kenyan be forced to provide private information without informed consent.

Valid explanation

The committee wants such data to be provided "only where a valid explanation is provided".

“The additional principle was aimed at ensuring that data subjects are duly informed of the reasons for collection of data relating to private and family affairs so that they can make informed decisions before granting their consent,” the report states.

A data collector will also be required to inform persons from whom data is being collected about any third parties that will access the data, and the safeguards put in place to ensure the security and safety of such information.

SEE ALSO: Ex-Kasarani MP found guilty of soliciting Sh100,000 bribe

In cases where State agencies seek personal data for public interest, such data will only be obtained thorough ex parte court orders, the committee has recommended.

Data Protection Bill 2019 Private Data Law

Read More