Global Data Privacy Week and Data Protection Day 2022 yesterday gives us an opportunity to review the state of public awareness and data protection enforcement in Kenya.
Our progress has a major impact on both the quality of our lives and the August General Election.
Enacted in 2019, the Data Protection Act breathed life into Article 31 and our constitutional right to privacy. Our personal information must not be secretively and arbitrarily collected, stored, and shared without our express consent.
The Act was accelerated after Huduma Namba initiative fears but also the rate commercial agencies were raiding public data, the new oil.
Kenya is a datafied nation. 25 per cent of us now use WhatsApp, YouTube, Facebook, Twitter to post our most personal experiences and images. Most of the 11 per cent growth in mobile phone users last year came from 18–34 year-olds. 81 per cent have connected digital devices to financial institutions and 72 per cent are using mobile money services. E-commerce is now a Sh150 trillion industry dominated by men, who have three times more access than women.
The Act newly established human rights principles for collecting public data, compliance guidelines and consequences for misuse of our personal information. It also established the independent Office of the Data Protection Commissioner, as the Act’s primary champion and compliance agency. Predictably, Commissioner Immaculate Kassait’s team has focused on fundraising, institutionalisation, a long-term strategy, and the Act’s regulations.
Experiences across 30 African countries suggest that greater hurdles lie ahead. They include defending their independence, funding, citizens’ low reporting capacity, and defiance by commercial and public agencies.
2021 demonstrated again why data regulation is so critical to personal privacy and safety online, anti-corruption efforts and an open and democratic society. From the fraudulent use of identity numbers to inflate party membership, KRA publishing personal information of non-tax paying citizens to those unsolicited relentless SMS adverts, we all need the Act to protect us.
Using biometric data, Government also exposed corruption scandals built around thousands of ghost-police officers, phantom schools and pupils, as well as men claiming NHIF after their miraculous childbirth.
Intentional disinformation, lying and fake news threaten democracy. We must challenge the lies in our closed SMS groups and stop these echo chambers feeding our paranoia and intolerance. While anonymity is important for whistle-blowers and victims, we must tackle anonymous abuse and slander also.
Worryingly, 67 per cent of Kenyans remain unaware of the Act and 82 per cent are unaware of the DPC’s Office according to a recent Amnesty International Kenya poll. More encouragingly, 31 per cent are now worried how their data is being used and 75 per cent want action on fake news according to Datareportal.
Digital lawlessness could threaten our upcoming elections. Will the Voters Register be available for public scrutiny and how much of our data will be made available? Will the IEBC carry out a Data Protection Impact Assessment or experience the shock of a court injunction endangering the whole exercise?
Can the DPC’s Office require all data collecting agencies to provide opt in/out choices for individuals rather than leave agencies to the mercy of public interest suits that seek to determine who gave them permission to collect our data? The three regulations recently published by the ICT Ministry must be subjected to these questions and others.
We must all get interested. If our neighbour walking naked in a public space would prompt us to enquire into their mental health, why not the vast digital spaces we now all roam?
Stay informed. Subscribe to our newsletter
More of us can emulate last week’s Ben Roberts tweet warning to Mokash app who allegedly sent him a loan repayment reminder text.
Clarifying he was not a party or guarantor to a loan and had not given them his personal number or permission to store it, he pointed out that this was an offence under the Data Protection Act and copied to DPC’s office and Central Bank. #FicheUchi people