Day 2- Policy and Regulatory Framework on Privacy and Data Protection

Thank you Elizabeth for shedding light on this. Following your direction, perhaps we can list legitimate interests the right to be forgotten should protect. You have given the example of information that has been disseminated without consent, say the circulation of nude photos without permission, which in itself is a grave violation of the right to privacy. Are there other instances that call for such protection?

Listers, allow me to double back to the issue of consent. How should we handle data collection by AI (Artificial Intelligence?)

> On 24 Aug 2018, at 09:51, Elizabeth Moturi <[email protected]> wrote:
>
> The foundation of the right to be forgotten is the right to privacy because the right to privacy is the right of an individual to control the extent to which personal information is disseminated to others. Therefore, it should be within your right to privacy to remove your personal information from the internet.
>
> Why do we need it?
> I am sure we have all heard of the saying that the Internet never forgets. In my view we need the right to be forgotten because first of all human beings are prone to make mistakes and sometimes it is not necessary that we keep a record of all mistakes that were made. We have all posted a tweet or a photo that on second thought we realize is not a good idea. The fact that it may
>
> There are people who have had their information disseminated without their consent in the first place. Think of all those people who have become Memes. Some have gone into depression and committed suicide.
>
> The fact that we are aware that we cannot erase anything from the internet has led some to self- sensor (I am personally guilty of this). It can be argued that failure to provide the right to be forgotten needlessly curtails our freedom of expression.
>
> Should it be absolute?
> I agree with Francis that the right should not be absolute. Limitations are necessary for example under the GDPR personal data must be erased immediately where the data is no longer needed for the original processing purpose, or the data subject has withdrawn their consent and their is no other legal ground for processing, the data subject has objected and there are no overriding legitimate grounds for processing, or erasure is required to fulfill a statutory obligation under the law.
> The right to be forgotten should also be balanced with the right to information.
>
>
>
>
> On Fri, Aug 24, 2018 at 7:22 AM kanini mutemi via kictanet <[email protected] <mailto:[email protected]>> wrote:
> Thank you for the comments coming in so far.
>
> @Francis and @Michael what is the foundation of the right to be forgotten? Why do we need it? Should it be absolute? Should it apply to all ‘unwanted’ information?
>
> Let’s turn our attention to Clause 36 (right of rectification and erasure). The right to demand erasure extends to ‘irrelevant’ and ‘excessive’ information These parameters are not defined. Can a convict demand that kenyalaw.org <kenyalaw.org/> delete a case from its database? Should we be allowed to stop newspapers from running a story because of the ‘irrelevance’ or ‘lack of authorisation’? What are we trying to achieve with the right to be forgotten? Should politicians be allowed to re-invent themselves?
>
> @Kiarie, thank you for bringing up the issue of consent. Under Clause 28 we see general conditions for consent. Reading that, do you get a clear picture of what consent is? Clause 33 goes ahead to restrict the use of data for direct marketing- I imagine this is a welcome relief?
>
> @Michael I agree the definition of the rights is in the exceptions. In our next discussion we will look at the limitations to the rights of data subjects and whether the manner in which these rights have been limited conforms to the standards set in Article 24 of the Constitution.
>
> @WIlliam, I agree that the remedies should go beyond criminal sanctions. I like your proposal that the right to compensation should also be included in the rights- that\’s ingenious. More on this on Day 5 when we consider penalties and remedies in detail.
>
> Let’s keep talking.
>
>> On 23 Aug 2018, at 21:58, Francis Monyango via kictanet <[email protected] <mailto:[email protected]>> wrote:
>>
>> My concern is that the policy talks about ‘the right to be forgotten’ but the bill doesn’t have a section on it. One can only delete misleading information which is rather too limiting. The legal standards we are trying to catch up with included the right to be forgotten in 2014 yet our draft law doesn’t have it in 2018. The right should be there…maybe with limitations. I don’t think limiting it to ‘false or misleading data’ is in good faith.
>>
>> On Thu, 23 Aug 2018 at 09:55, kanini mutemi via kictanet <[email protected] <mailto:[email protected]>> wrote:
>> Day 2- Rights of Data Subjects
>>
>> Good morning Listers,
>>
>> Day 1 we commented on the principles of data protection mentioned in the draft policy and bill. Today, we will look at the rights of data subjects. For demonstration purpose, when you fill in your details at a mobile money agent’s shop–
>> You- data subject
>> The mobile money agent- data processor
>>
>> The data subject is the person to whom the data concerns.
>>
>> Here are the rights as listed in Clause 23 of the Bill. I have added comments underneath to help us visualise what these rights would mean in the future.
>>
>> 1. The right to be informed of the use to which the personal data is to be put
>> Eg. When we leave our details at the entrance to buildings, I expect that they will explain what the data will be used for.
>>
>> 2. Right to access their personal data in custody of data controller
>> Will we be able to demand from our mobile network operators to see our account details and transactional history?
>>
>> 3. Object to the collection or processing of all or part of their personal data
>> Will we be able to opt out of the biometric ID registration proposed by the Ministry of ICT here <www.businessdailyafrica.com/economy/Biometric-IDs-listing-set-for-this-year-after-secret-tender/3946234-4694828-v50ngv/index.html>?
>>
>> 4. Correction and deletion of false or misleading data
>> Are we ready for a right to be forgotten? Should it be absolute?
>>
>> What do we think of these Listers? Are there other rights that ought to be included?
>>
>> _______________________________________________
>> kictanet mailing list
>> [email protected] <mailto:[email protected]>
>> lists.kictanet.or.ke/mailman/listinfo/kictanet <lists.kictanet.or.ke/mailman/listinfo/kictanet>
>> Twitter: http://twitter.com/kictanet
>> Facebook: www.facebook.com/KICTANet/ <www.facebook.com/KICTANet/>
>> Domain Registration sponsored by www.eacdirectory.co.ke <www.eacdirectory.co.ke/>
>>
>> Unsubscribe or change your options at lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com <lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com>
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people\’s times and bandwidth, share knowledge, don\’t flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>> —
>> Francis Monyango
>>
>> Lawyer | ICT Policy and Legal Consultant
>> www.monyango.com <www.monyango.com/>
>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> [email protected] <mailto:[email protected]>
>> lists.kictanet.or.ke/mailman/listinfo/kictanet <lists.kictanet.or.ke/mailman/listinfo/kictanet>
>> Twitter: http://twitter.com/kictanet
>> Facebook: www.facebook.com/KICTANet/ <www.facebook.com/KICTANet/>
>> Domain Registration sponsored by www.eacdirectory.co.ke <www.eacdirectory.co.ke/>
>>
>> Unsubscribe or change your options at lists.kictanet.or.ke/mailman/options/kictanet/kaninimutemi%40gmail.com <lists.kictanet.or.ke/mailman/options/kictanet/kaninimutemi%40gmail.com>
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people\’s times and bandwidth, share knowledge, don\’t flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>
> _______________________________________________
> kictanet mailing list
> [email protected] <mailto:[email protected]>
> lists.kictanet.or.ke/mailman/listinfo/kictanet <lists.kictanet.or.ke/mailman/listinfo/kictanet>
> Twitter: http://twitter.com/kictanet
> Facebook: www.facebook.com/KICTANet/ <www.facebook.com/KICTANet/>
> Domain Registration sponsored by www.eacdirectory.co.ke <www.eacdirectory.co.ke/>
>
> Unsubscribe or change your options at lists.kictanet.or.ke/mailman/options/kictanet/moturiliz%40gmail.com <lists.kictanet.or.ke/mailman/options/kictanet/moturiliz%40gmail.com>
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people\’s times and bandwidth, share knowledge, don\’t flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>
>
> —
> Kind regards,
> Elizabeth Moturi

_______________________________________________
kictanet mailing list